Home » Data Protection » Malware/Cybercrime

In Depth

Alexey Ivanov and Vasiliy Gorshkov: Russian Hacker Roulette

Russian hacker Alexey Ivanov was lured to the United States and snared in a high-stakes cyber-sting.

By Art Jahnke

January 01, 2005 — CSO — Alexey Ivanov's job interview didn't go as well as he'd hoped.

Ivanov, then a 20-year-old computer programmer from Chelyabinsk, Russia, had flown to Seattle in November 2000 to apply for a job with a company called Invita Security. To the young Russian, Invita promised the dream job. The company was clearly entrepreneurial—entrepreneurial enough to seek out the services of this skilled hacker who worked in an abandoned factory halfway around the world. They even promised to pay his airfare and to pick him up at the Seattle airport. At Ivanov's suggestion, the company encouraged him to bring along a fellow programmer, Vasiliy Gorshkov. When the two Russians arrived, their Invita hosts explained what they were looking for: a few good hackers who could break into the networks of potential customers as part of an effort to persuade those companies to hire Invita to keep hackers out. Ivanov was familiar with the tactic.

As Ivanov, Gorshkov and two American business types sat at a table in a Seattle office, Gorshkov regaled the interviewers with tales of his hacking exploits, and Ivanov allowed himself to dream of a better life. He was exhausted: The trip from Chelyabinsk had taken nearly 48 hours, and he had not waited to arrive to start celebrating his good fortune. The interviewers asked their guests to demonstrate some of their skills, and the two Russians took turns logging in to their own network back in Chelyabinsk. Ivanov knew that he and Gorshkov were good, so when his hosts appeared to be impressed, Ivanov was not surprised.

The big surprise would come later, when the two Russians were being driven to their lodgings. The car stopped suddenly; the doors flew open, and Ivanov heard someone say: "FBI. Get out of the car with your hands behind your back."

It was then that he remembered something he had heard about America: It was the kind of place where anything could happen.

Ivanov and Gorshkov were charged with conspiracy, computer fraud, hacking and extortion.Gorshkov was jailed in Seattle, where his incriminating boasting took place. Ivanov was flown east, to Connecticut, to be tried in the home state of the Online Information Bureau—one of several companies whose servers he had breached.

The federal agents who arrested the Russians brandished a short catalog of cybercrime allegations. They claimed that the Russians had tried to extort money from scores of U.S. companies, including Central National Bank of Waco, Texas; Nara Bank N.A. of Los Angeles; and a Seattle-based ISP called Speakeasy. As it turned out, most of the allegations were right on the money. Ivanov and Gorshkov had, among other things, tapped a database of an estimated 50,000 credit cards, and they were making good use of some of them. Gorshkov would be found guilty of all four crimes, sentenced to three years in jail and ordered to pay $692,000 in restitution. He has since returned to Russia. Ivanov would eventually admit to hacking into 16 companies. He served three years and eight months in jail and owes more than $800,000 in restitution.