Judge OKs FBI hack of Russian computers

A U.S. judge says the FBI was in its rights to download data off computers in Russia--even though it may have been in violation of Russian law.

Upholding the rights of law enforcement to cross national borders in pursuit of cyberspace criminals, a federal judge has ruled that FBI agents did not act improperly when they tricked a pair of suspected hackers out of passwords and account numbers and then downloaded evidence from their computers in Russia.

U.S. District Judge John C. Coughenour of Seattle rejected several motions filed on behalf of Vasily Gorshkov, 25, seeking to suppress the evidence obtained from the computers.

Gorshkov's lawyer, Kenneth Kanev of Seattle, argued that the FBI agents had violated Gorshkov's Fourth Amendment right against unreasonable search and seizure by secretly obtaining the passwords and account numbers using a "sniffer" program that recorded his keystrokes when he accessed the computers in Chelyabinsk, Russia.

But Coughenour, in a ruling dated May 23 that was made public this week, ruled that Gorshkov and his alleged co-conspirator, Alexey Ivanov, 20, had no expectation of privacy when they sat down at computers in the offices of Invita--actually an FBI front set up to lure the suspects to the United States with offers of work in the computer security field.

"When (the) defendant sat down at the networked computer ... he knew that the systems administrator could and likely would monitor his activities," Coughenour wrote. "Indeed, the undercover agents told (Gorshkov) that they wanted to watch in order to see what he was capable of doing."

He also found that the Fourth Amendment applied neither to the computers "because they are the property of a non-resident and located outside the United States" nor the data--at least until it was transmitted to the United States.

The judge noted that investigators then obtained a search warrant before viewing the vast store of data--nearly 250 gigabytes, according to court records. He rejected the argument that the warrant should have been obtained before the data was downloaded, noting that "the agents had good reason to fear that if they did not copy the data, (the) defendant's co-conspirators would destroy the evidence or make it unavailable."

Finally, Coughenour rejected defense arguments that the FBI's actions "were unreasonable and illegal because they failed to comply with Russian law," saying that Russian law does not apply to the agents' actions.

The judge did grant one defense motion, agreeing to delay Gorshkov's trial until Sept. 17.

Tantalizing clues
Prosecutors have dropped tantalizing clues in court papers and in testimony suggesting that Gorshkov and Ivanov were kingpins of Russian computer crime prior to their arrests.

Court papers indicate that the pair, who were arrested in Seattle on Nov. 10, are believed to have broken into and obtained financial information from the computer networks of two banks--the Nara Bank of Los Angeles and Central National Bank-Waco (Texas). They also charge that the duo broke into the computers of at least 38 other U.S. companies, often following the intrusion with an extortion demand.

Prosecutors have indicated they believe the two are linked to a pair of high-profile cases: the theft of data on 300,000 credit cards from the CD Universe Web site and the heist of data on 15,700 credit cards from a Western Union Web site. The suspects' alleged connection to those cases has not been explained.

Both men have been indicted by a federal grand jury in Seattle. Ivanov also has been indicted in New Jersey and Connecticut, where he currently is in custody.

NT vulnerability exploited
Ivanov, Gorshkov and other unnamed associates used the Internet to gain illegal access to the U.S. companies' computers, often by exploiting a known security vulnerability in Windows NT, prosecutors say. A "patch" for the vulnerability has been posted on the Microsoft Web site for almost two years, but the companies hit by the cyberbandits hadn't updated their software. (MSNBC is a Microsoft-NBC joint venture.)

At least one company, Lightrealm Communications of Kirkland, Wash., acceded to a demand that it hire Ivanov as a security consultant after he broke into the Internet service provider's computers. Prosecutors say Ivanov then used a Lightrealm account to break into other companies' computers.

The break that eventually led to the arrests came when Ivanov identified himself in an e-mail while attempting to extort money from a victimized company, Stephen Schroeder, an assistant U.S. attorney in Seattle, told MSNBC.com. FBI agents then found his resumé online and, posing as representatives of a fictitious network security company called Invita, contacted him to offer him a job.

"He felt pretty safe because he was in Russia," Schroeder said of Ivanov's alleged blunder.

After Ivanov arrived in Seattle, accompanied by Gorshkov, agents posing as Invita officials asked the men to demonstrate their prowess on a computer outfitted with "sniffer" software to record every keystroke. After arresting the duo, they used account numbers and passwords obtained by the program to gain access to data stored in the computers in Russia, Schroeder said.

Second major bust
The arrest of Ivanov and Gorshkov was the second major computer crime bust aimed at former Soviet Union nations in the past year.

In August 2000, federal agents arrested two Kazakh men in London after they allegedly broke into the computer systems of financial information provider Bloomberg L.P. and attempted to extort $200,000 from company founder Michael Bloomberg.

U.S. authorities are seeking to extradite Oleg Zezov and Igor Yarimaka for trial on the charges. If convicted, Zezov and Yarimaka could receive prison sentences of up to 20 years and fines of $250,000 each.

Eastern Europe and nations of the former Soviet Union have become a hotbed in recent years for computer crime aimed at businesses in the United States and other Western nations.

When MSNBC.com first reported on the problem of overseas computer crime in 1999, Mark Batts, the special agent in charge of the FBI's Financial Institution Fraud Unit, said he was not aware of any prosecutions of credit card thieves operating from Eastern Europe and the nations of the former Soviet Union.