Russians Busted on Hacking Charges

By
ABC News
January 7, 2006, 7:45 AM ET
4 min read

S E A T T L E, April 24, 2001 -- Two men have been indicted in what was described

as a Russian computer hacking ring that victimized banks and other

businesses through extortion and the theft of credit card numbers.

Alexey Ivanov, 20, and Vasiliy Gorshkov, 25, were arrested afterthe FBI established a bogus Internet security firm called“Invita,” let the men hack into it and then lured them to theUnited States to apply for jobs, according to a 20-count federalgrand jury indictment.

Much of the case is built on reverse hacking by the FBI toaccess the Russian computers, raising issues to be argued in U.S.District Court next month.

According to documents filed by government lawyers, the pair maybe linked to hundreds of crimes, including the theft of 15,700credit card numbers from Western Union in Denver in September, by agroup calling itself “The Expert Group of Protection AgainstHackers.”

A computer file in an account registered to Ivanov alsocontained 38,000 credit card numbers from another business that wasnot identified in court papers, investigators wrote.

Dozens of Businesses, 10 States

The hacking extended to more than 40 businesses in 10 states,including banks in Texas and California and PayPal of Palo Alto,Calif., the country’s largest Internet-based payment company,Assistant U.S. Attorney Stephen Schroeder said.

According to recently unsealed court documents, Gorshkov andIvanov used computers in Chelyabinsk, Russia, to scan the Internetfor vulnerable business operating systems.

They and associates who remain in Russia are believed to havemade tens of thousands of probes and intrusions into computersystems, usually through a vulnerable version of Microsoft WindowsNT.

Nationwide Warnings

The problem became so acute that the Department of Justice’sNational Infrastructure Protection Center issued nationwidewarnings in December and March.

Ivanov also has been indicted in New Jersey and Connecticut,where he now is in custody, according to court records. Gorshkov isbeing held at the Federal Detention Center in SeaTac.

Microsoft has acknowledged security holes in some versions ofWindows NT and has offered free fixes for at least two years, andsome Unix-based systems also were vulnerable, but Schroeder saidmany companies failed to download the fixes or were unaware ofthem.

The document he filed give the following description:

The hackers broke into and gained control of computer systems,sometimes for months before business operators learned of theproblem.

In several cases, the hackers contacted an affected company,describing themselves as “security consultants” who had brokeninto the computer system and offering to fix the hole — for aprice.

In other instances, including one involving a computer used bythe St. Clair County, Mich., school district, the hackers usedcompromised computer networks for further hacking and crimes.

The hackers created a “mirror” Web site that was identical toPayPal’s home page, used a special program to locate PayPalcustomers on the Internet, sent them an e-mail telling them to logonto the fake site.

'Sniffer' Software Used

Once there, the customers were instructed to enter theirusernames and passwords, which were recorded and used by thehackers to gain access to individual PayPal accounts.

After identifying Ivanov, FBI agents set up “Invita” in adowntown office, challenged him to hack into the bogus system and,when he succeeded, invited him to be interviewed in person for aconsulting job.

Gorshkov accompanied Ivanov, and the two demonstrated theirprowess on two computers equipped with “sniffer” software thatrecorded their every keystroke.

Following their arrest, agents used that information to downloadinformation from a Russian computer linked to the hacking.

It was illegal for the FBI to obtain Gorshkov’s username andpassword and use them to access potentially incriminating data fromcomputers halfway around the world without a search warrant, saidKenneth Kanev, the Russian man’s defense lawyer.

The username and password amounted to a lock, “and theundercover FBI [agents] were given no authority to use the key tothe container their sniffer seized,” Kanev contended.

Schroeder says Gorshkov was using someone else’s computer andhad no reasonable expectation of privacy. He also maintains that nosearch warrant was needed because the FBI lacks jurisdiction inRussia.

A hearing before Judge John C. Coughenour is set for May 17.