In Depth
Alexey Ivanov and Vasiliy Gorshkov: Russian Hacker Roulette
Russian hacker Alexey Ivanov was lured to the United States and snared in a high-stakes cyber-sting.
By Art Jahnke
He knew that in the long run, the Seattle job could be even more rewarding than his eBay "rate the buyer" scam. So in November, with the eBay function not quite ready to go, he said good-bye to his family and boarded a plane for Seattle. Once he was in his seat, he says, he started ordering drinks. He was pleased to be bound for a new life in a new country with a new job for a company with the curious name of Invita Security.
When FBI agents, posing as Invita employees, watched Ivanov and Gorshkov demonstrate their skills, they were learning more than the two Russians knew. The agents had placed a "sniffer" on the computer keyboard, and as the Russians typed the user names and passwords needed to get into the network of tech.net.ru, the device recorded the keystrokes. With that knowledge, the FBI was able to download some 2,700MB of data to be used as evidence.
The agents had a very good idea of what they were looking for. The FBI had been contacted by several companies that believed they had been targeted by something called the Expert Group of Protection Against Hackers. The organization, made up of dozens of hackers in several Russian cities, operated the same way Ivanov did, exploiting a vulnerability in Microsoft NT server software to break into the networks of U.S. corporations. At first, the feds believed that Ivanov and Gorshkov were part of the group, and that they might be working with the Russian mob; the government has since backed off those allegations.
The FBI's download, the cornerstone of the government's case against the hackers, did not go unchallenged into the federal courts, or, for that matter, into the annals of U.S.-Russian relations. When the FBI broke into the Russian computers, they did so without two important sanctions: One was the permission or cooperation of Russian authorities; the other was a search warrant, which was not acquired until three weeks after the download. Whether the Justice Department attempted to coordinate the investigation with Russian authorities remains a subject of dispute. Federal agents have testified that they attempted to work with Russian authorities, but that their communications went unanswered. The Russians say there was no such effort and claim the download violated a 1997 agreement among G-8 nations that mandates "investigation and prosecution of international high-tech crimes must be coordinated among all concerned states, regardless of where harm has occurred." Russian authorities have reportedly issued arrest warrants for the agents involved.
Alexey Ivanov
Security Directions: A Virtual Conference
Available On Demand Sept. 30 - Dec. 30
Join us for a virtual event with candid, expert information on top security challenges and issues - all from the comfort of your desktop.
Protecting PII: How to Work with IT to Manage Risk
Understand the critical nature of the test data privacy problem and get tips on how to work with IT to implement a test data privacy program.
- Log Management in a Cyber World
- Implementing Best Practices for Web 2.0 Security
- Upgrading to VMware vSphere with vWire
- Removing Barriers To Better Server Virtualization Efficiency
- Practical Approaches for Securing Web Applications across the Software Delivery Lifecycle
- Staying A Step Ahead of the Hackers: The Importance of Identifying Critical Web Application Vulnerabilities
Get instant notifications when whitepapers, webcasts and case studies are added
to our library. Sign up for a Resource Alert now!
CSO Corporate Partners
CSO Perspectives
-
April 5-7, 2010Hyatt Regency Santa ClaraClick here for more information!
Santa Clara, California
(ISC)2 members can earn up to 24 CPE Credits!
