You are previewing The Lure: The True Story of How the Department of Justice Brought Down Two of the World’s Most Dangerous Cyber Criminals.
O'Reilly logo
The Lure: The True Story of How the Department of Justice Brought Down Two of the World’s Most Dangerous Cyber Criminals

Book Description

The Lure: The True Story of How the Department of Justice Brought Down Two of the World's Most Dangerous Cyber Criminals provides a case study of a large, complex, and highly technical prosecution of two Russian hackers. The materials presented offer a wealth of information that can be used by IT professionals, business managers, and academics who wish to learn how to protect systems from abuse, and who wish to respond appropriately to network incidents. In addition to its value as a training tool, THE LURE is also the true, riveting story of how two Russian hackers, who bragged that the laws in their country offered them no threat, and who mocked the inability of the FBI to catch them, were caught by an FBI lure designed to appeal to their egos and their greed. The story of the sting operation and subsequent trial is told for the first time here by the Department of Justice's attorney for the prosecution.

Table of Contents

  1. Copyright
    1. Dedication
  2. About the Author
  3. Acknowledgments
  4. Introduction
    1. Why Read This Book?
  5. I. The Investigation
    1. 1. Speakeasy
      1. The Birth and Evolution of the Internet
      2. An Intruder Enters Speakeasy
      3. Speakeasy Responds
      4. An Important Customer Is Harmed
    2. 2. The Investigation Begins
      1. The Landmark Privacy Act Case
        1. The Secret Service Gets Involved
        2. Steve Jackson Games Sues the Secret Service
        3. Aftermath
        4. Steve Schroeder Becomes an Assistant United States Attorney and Moves to Seattle
        5. Steve Becomes a Computer Crime Specialist
        6. The Seattle FBI Office Forms a Computer Crime Squad
        7. Amazon.com Is Defrauded from Russia
    3. 3. The Lure
      1. Multi-District Cooperation Begins
        1. Online Information Bureau in Connecticut Is Hacked
        2. The Investigation Expands
        3. Defeated by the Young Hacker, Lightrealm Attempts to Co-Opt Him
      2. The Lure Begins
        1. “Invita” Is Born
        2. Vasily Gorshkov Puts in an Appearance
        3. A Honeynet Is Created to Test the Hackers’ Skills
        4. Alexey Demonstrates His Skill
    4. 4. The Sting
      1. The Russian Hackers Arrive in Seattle
        1. At the Undercover Site
        2. While Alexey Views Websites, Vasily Takes Charge
        3. Gorshkov Connects to tech.net.ru
      2. Gorshkov Continues to Display His Knowledge
      3. The Take-Down
    5. 5. In Custody
      1. The Ivanov Interview
      2. Gorshkov’s Interview
      3. The Prosecutors Stand By
      4. The Interviews Resume
        1. A Lawyer Is Arranged for Gorshkov
      5. The Russians Have Their First Appearance in Court
        1. Special Agent Schuler Connects to the Russian Computers
        2. Special Agent Schuler Gets Expert Help
        3. The Department of Justice Is Informed of the Initial Download
        4. The Downloads Are Vetted
    6. 6. PayPal
      1. The National Infrastructure Protection Center Offers Its Help
        1. Floyd Short and Phil Attfield Join the Team
        2. User Accounts Are Scrutinized
        3. The Trial Is Postponed Until Spring
      2. PayPal and eBay
        1. How Hackers Got In—Or Did They?
        2. Greg Stivenson Makes an Appearance
        3. Steve and Marty Visit PayPal
        4. John Kothanek Refines His Loss Figures
        5. Tad Brooker, an Online Seller of Computer Components, Ships Processors to Greg Stivenson in Kazakhstan
    7. 7. A (Not So) Brief Primer on National Security Investigations
      1. Technology Always Evolves Faster than the Law
        1. The Supreme Court Limited the Applicability of the Fourth Amendment to Searches Involving Physical Trespass
        2. Nearly 40 Years Later, the Fourth Amendment Was Reinterpreted to Cover Telephone Conversations
        3. Were Wiretaps Simply General Searches?
        4. How Could Law Enforcement Particularly Describe Conversations that Had Not Yet Taken Place?
        5. As the Telephone Replaced Physical Letters as a Means of Communication, the Government’s Ability to Lawfully Seize Communications Eroded
        6. The Standard Quickly Evolves to Allow Limited Wiretaps
        7. Domestic Security Wiretaps Are Covered by the Fourth Amendment
        8. What About Foreign Intelligence Gathering?
      2. How the Fourth Amendment Affects Foreign Intelligence Surveillance
    8. 8. The Motion to Suppress and Preliminary Skirmishing
      1. Privacy Laws and Precedent on the Internet
        1. The David Case Had Something for Everybody
        2. Courts in the U.S. Lacked Jurisdiction to Issue a Warrant to Seize Information in Russia
        3. The Temporary Impounding of Evidence to Protect It from Destruction Is Generally Okay
        4. “Search” and “Seizure” Are Not the Same Thing
        5. The Act of Copying the Information Did Not Amount to a Seizure
        6. District Judge John Coughenour Is a Quick Study
        7. The Hearing Begins
        8. The Sentencing Guidelines Discussed
        9. U.S. Requests for Assistance Went Unacknowledged
        10. Communications Regarding Gorshkov Are Introduced
        11. Gorshkov’s Interview
        12. The Undercover Agent Testifies
        13. Eliot Lim Takes the Stand
      2. The Cross-Examination of Eliot Lim
        1. Mike Schuler Takes the Stand
        2. Robert Apgood Testifies as a Defense Witness
    9. 9. Preparing for Trial
      1. The FBI’s Download of Data from Russia Had Not Run Afoul of the Fourth Amendment
      2. A Final Continuance
        1. Paperless Trials Are Not Really Paperless
        2. A Creative Solution Is Found
        3. Alchemy Did Not Turn Lead into Gold, but It Worked Pretty Well
      3. The Case for CTS, eBay, and PayPal
        1. Assessing the Damage to PayPal
        2. Assessing the Damage to eBay
        3. Assessing the Damage to CTS
        4. The CTS Evidence Is Reviewed
        5. CTS Undertakes to Co-Opt the Hacker in an Attempt to Control His Activities
        6. The Successful Trip Wraps Up
      4. The Case for Credit Cards and Banks
      5. The National Infrastructure Protection Center at FBI Headquarters Issues an Advisory, Warning the IT Community of the Activities from Russia
  6. II. The Trial
    1. 10. The Trial Begins
      1. Early Skirmishing
      2. The Jury Is Empanelled
      3. The Government’s Opening Statement
      4. The Defense’s Opening Statement
      5. The Trial Proper Begins
        1. Special Agent Patel Introduces the Communications with the Defendant
        2. Special Agent Mallon Sets the Scene
        3. The Jurors Hear Gorshkov Talking About His Company
        4. The Undercover Recording Is Played
        5. The Parties Had Some Disputes Over the Transcript
        6. The FBI’s Russian Language Expert Authenticates the Transcript
        7. Curtis Rose of Sytex Explains the Hacks into His System
        8. The Cross-Examination of Curtis Rose
      6. The Trial Day Was Over, but the Work Was Not
        1. Issues with the Transcript, Revisited
        2. The Taped Telephone Conversation with Alexey Is Played
        3. The Undercover Videotape Is Played
        4. Ken Kanev Cross-Examines on the Recordings
        5. Redirect and Day’s End
    2. 11. The Download Revisited
      1. The Trial Is Delayed
        1. Witnesses Had to Be Rescheduled
        2. The Trial Re-Commences with Technical Evidence
        3. Rob Apgood Cross-Examines Eliot
        4. On Redirect, Eliot Is Allowed to Clear Up Possible Confusion
      2. Mike Schuler Takes the Stand
        1. Gorshkov’s Post-Arrest Interview
        2. An Internet Protocol Directory Is Introduced to Guide the Jurors
        3. The WinWhatWhere Output Log Is Introduced
        4. Mike Successfully Logs On to the tech.net.ru Computers
        5. A Disturbing Message
        6. Mike Schuler Resumes the Witness Stand for the First Round of Cross-Examination
        7. The Technical Cross-Examination Begins
        8. Eliot Lim’s Assistance Is Questioned
        9. St. Clair County Intermediate School District Evidence
        10. Joseph Kim Explains Intrusions into Nara Bank
        11. A Good Day, but Work Remained to Be Done
        12. Mr. Kim’s Cross-Examination Is Brief
        13. The CTS Witnesses Are Called Somewhat Out of Logical Order
        14. An Expert on PERL Is Engaged
        15. Expert Witnesses Are Covered by Special Rules that Allow Them to Express Opinions
        16. Experience and Common Sense Prevail
        17. The Exhibit List Itself Becomes an Exhibit
        18. The Evidence from CTS Is Authenticated and Admitted
        19. American Express
        20. FBI Computer Analysis and Response Team Forensic Examiner Takes the Stand
        21. A Workaround Is Decided Upon
    3. 12. The Expert Speaks
      1. At the Weekend Recess, Judge Coughenour Again Admonishes the Lawyers to Move More Rapidly
      2. Phil Resumes His Testimony
        1. Gorshkov’s Home Directories Were Full of Incriminating Evidence
        2. Phil Explains Some of the PERL Scripts Found on the Russian Computers
        3. A Detailed Analysis of the PERL Script proxy.sql
        4. Password-Cracking Program Found on Gorshkov’s Account
        5. How the Hacking Tools Worked Together
        6. PERL Scripts Designed to Open Email Accounts
        7. MyOwnEmail Witness Explains How His Company Does Business
        8. More PERL Scripts Explained
        9. After the Noon Recess, Phil Ran a Hacking Program
        10. With the Technical Demonstration Having Succeeded, Phil Quickly Wrapped Up His Direct Testimony
      3. The Cross-Examination of Phil
        1. An Account on a Computer System Is Not a Person
        2. The Reconstruction of the File Systems Is Probed
        3. The Cross-Examination Continues
        4. An Exhausted Witness Is Led into a Mistake
      4. The Recovery
      5. Things Get Off Track
        1. The Redirect Clears Up Ambiguities
    4. 13. The Prosecution Wraps Up
      1. The Guy from Lightrealm Was Stymied by the Young Hacker
      2. Gorshkov’s Verio/Webcom.com Intrusion
        1. Scott Wertheimer Identifies Verio Files Found on tech.net.ru
        2. Perry Harrington Produces an Account Opened by Gorshkov with a Stolen Credit Card
      3. Massive Inquiries at eBay Are Identified
      4. A Representative Seller of Computer Components Tells His Story
      5. The Reality of Trying Complex Cases
      6. PayPal, the Primary Victim, Presents Its Evidence
      7. Special Agent Marty Prewett Ties It All Together
      8. Some Concerns Regarding the Defense Case
      9. Cross-Examination of the Case Agent Concludes
        1. The Cross-Examination Ventures into Uncharted Waters
      10. The Prosecution Rests, but Was It Enough?
    5. 14. The Defense Case and the Conclusion
      1. Maxim Semenov’s Honest Answers During Cross-Examination Rendered His Testimony Harmless
      2. Gorshkov’s Brother Tries to Help Him
      3. The Defendant Takes the Witness Stand
        1. Gorshkov Expands His Business
        2. The Invita Invitation Appears
        3. Gorshkov Puts Words in Ivanov’s Mouth that Could Not Be Tested by Cross-Examination
        4. Gorshkov Attempts to Pass Off His Hack into Verio
        5. Rob Apgood Attempts to Elicit More Technical Testimony
        6. The Defense Wraps Up
      4. The Cross-Examination of the Defendant
        1. Floyd Short Takes a Turn at Cross-Examination
      5. Ken Kanev Attempts to Mitigate the Damaging Testimony of His Client
        1. The Defendant Is Allowed to “Explain,” Unassisted by Questions
      6. Closing Arguments of Counsel
      7. Closing Argument for the Defense
      8. Floyd Argues in Rebuttal
      9. The Prosecution Team Depressurizes
      10. The Verdict
    6. 15. Sentencing and Other Aftermath
      1. Gorshkov Is Sentenced
      2. Both Parties Forgo Their Appeal Rights
      3. Rumblings from Russia
      4. Alexey Ivanov’s Situation in Connecticut
        1. Alexey Ivanov’s Background and Personality
        2. The Russian Perspective on Hacking and Computers
        3. In Contrast to Legitimate Work, Crime Paid Well
        4. Gorshkov and Ivanov’s Businesses, in a Nutshell
      5. A Close Approximation to Justice Had Been Achieved
  7. III. Appendixes and Supplementary Materials
    1. A. Superseding Indictment
    2. B. Certification of Service
    3. C. Government’s Response
    4. D. Order
    5. E. Exhibit List