Russians Busted on Hacking Charges

S E A T T L E, April 24, 2001 -- Two men have been indicted in what was described

as a Russian computer hacking ring that victimized banks and other

businesses through extortion and the theft of credit card numbers.

Alexey Ivanov, 20, and Vasiliy Gorshkov, 25, were arrested after the FBI established a bogus Internet security firm called “Invita,” let the men hack into it and then lured them to the United States to apply for jobs, according to a 20-count federal grand jury indictment.

Much of the case is built on reverse hacking by the FBI to access the Russian computers, raising issues to be argued in U.S. District Court next month.

According to documents filed by government lawyers, the pair may be linked to hundreds of crimes, including the theft of 15,700 credit card numbers from Western Union in Denver in September, by a group calling itself “The Expert Group of Protection Against Hackers.”

A computer file in an account registered to Ivanov also contained 38,000 credit card numbers from another business that was not identified in court papers, investigators wrote.

Dozens of Businesses, 10 States

The hacking extended to more than 40 businesses in 10 states, including banks in Texas and California and PayPal of Palo Alto, Calif., the country’s largest Internet-based payment company, Assistant U.S. Attorney Stephen Schroeder said.

According to recently unsealed court documents, Gorshkov and Ivanov used computers in Chelyabinsk, Russia, to scan the Internet for vulnerable business operating systems.

They and associates who remain in Russia are believed to have made tens of thousands of probes and intrusions into computer systems, usually through a vulnerable version of Microsoft Windows NT.

Nationwide Warnings

The problem became so acute that the Department of Justice’s National Infrastructure Protection Center issued nationwide warnings in December and March.

Ivanov also has been indicted in New Jersey and Connecticut, where he now is in custody, according to court records. Gorshkov is being held at the Federal Detention Center in SeaTac.

Microsoft has acknowledged security holes in some versions of Windows NT and has offered free fixes for at least two years, and some Unix-based systems also were vulnerable, but Schroeder said many companies failed to download the fixes or were unaware of them.

The document he filed give the following description:

The hackers broke into and gained control of computer systems, sometimes for months before business operators learned of the problem.

In several cases, the hackers contacted an affected company, describing themselves as “security consultants” who had broken into the computer system and offering to fix the hole — for a price.

In other instances, including one involving a computer used by the St. Clair County, Mich., school district, the hackers used compromised computer networks for further hacking and crimes.

The hackers created a “mirror” Web site that was identical to PayPal’s home page, used a special program to locate PayPal customers on the Internet, sent them an e-mail telling them to log onto the fake site.

'Sniffer' Software Used

Once there, the customers were instructed to enter their usernames and passwords, which were recorded and used by the hackers to gain access to individual PayPal accounts.

After identifying Ivanov, FBI agents set up “Invita” in a downtown office, challenged him to hack into the bogus system and, when he succeeded, invited him to be interviewed in person for a consulting job.

Gorshkov accompanied Ivanov, and the two demonstrated their prowess on two computers equipped with “sniffer” software that recorded their every keystroke.

Following their arrest, agents used that information to download information from a Russian computer linked to the hacking.

It was illegal for the FBI to obtain Gorshkov’s username and password and use them to access potentially incriminating data from computers halfway around the world without a search warrant, said Kenneth Kanev, the Russian man’s defense lawyer.

The username and password amounted to a lock, “and the undercover FBI [agents] were given no authority to use the key to the container their sniffer seized,” Kanev contended.

Schroeder says Gorshkov was using someone else’s computer and had no reasonable expectation of privacy. He also maintains that no search warrant was needed because the FBI lacks jurisdiction in Russia.

A hearing before Judge John C. Coughenour is set for May 17.