FBI Does A Cracker-Jack Job

kade writes: "MSNBC has an article on a story about the FBI hacking the machines of a bunch of Russian crackers in an attempt to get evidence on them due to the the inability or unwillingness of the Russian goverment to assist them in fighting cybercrime." Another reader pointed to coverage on CNN as well.

OK but...

[Anonymous Coward]

When do I get my speedboat?

Re:Great line

[DataPath]

Well, the issue is WHERE they broke the law. They broke Russian law, but that is out of their jurisdiction, so that action is ONLY viewable as illegal under either 1) international treaties, or 2) Russian law.
The only thing that could bite them is international treaty. What they need to do is lure those FBI agents over to Russia so they can be prosecuted for their little hacking gig.

Re:Great line

[Zachary Kessin]

Assuming that it gets to trial you can assume that the Defense lawyers will argue that the FBI did need a warent to do this. I imagine a court will decide one way or the other.

One of my favorite bits of USSC writing is the Justice Brandeis desent on the wiretapping case from the 20's when the FBI said that they did not need a warrent to tap a phone. (Brandeis and Homes said that they did but were in the Minority)

In all probability the evidence will be challenged in court.

IANAL!

Re:Great line

[Zachary Kessin]

They don't need a warrant because the United States Constitution does not protect non-US citizens acting outside the US.

But in theory it should contrain the FBI, I would think. Has this type of thing ever been tested in a court? I don't really know. If something similar has never come up before the judge will have to decide what the law is. This is why we have judges and courts after all.

Soda Crackers?

[sheldon]

Are these Russian Crackers related to the Saltine Crackers, or are they more like Graham Crackers?

But then Animal Crackers are my favorite.

Re:Great line

[KoReE]

Unfortunately, "the law" is an intangible. It is only made tangible by enforcement. Enforcement only comes when everyone involved in enforcing the law uses ethics. If no one enforces international law on the FBI, then they have jurisdiction anywhere they choose, because "the law" no longer exists. Now, even though I don't think that it's cool that it is this way, who do you think is actually going to enforce law on the the FBI? The KGB? The NSA? NATO? NAFTA? NAMBLA? Nope. None of them. So the FBI will probably continue doing this to its heart's (or lack thereof) content.

Re:FBI & Chechnya

[Troy Roberts]

You may know something about Chechnya. I wouldn't know.

However, what ever crimes have been committed in Chechnya by chechens has nothing to do with what has happened in this case.

Here there were criminals stealing monies and resources from US citizens. The US ask for help from the Russian government, who did not even respond.

The FBI did not invite the criminals to comit any crime. They ask them to show there expertise as in a job interview. Why? So, that the FBI could sniff the ids and passwords. This is not entrapment, which you imply.

The only thing questionable the FBI did was tell the criminals that they were interviewing for a job.

The rights extended to non-US citizen by the US far exceed those extended by many other countries including Russia.

I personally feel these two got just what they deserve. They will have plenty of opportunity to defend themself in court.

I have one last observation. Either, you have a very small vocabulary or are not very well educated. The prolific use of vulgar words to make a completely idiotic argument does not lend anything to your credibility.

Troy

Re:It's not a look warrant!

[Troy Roberts]

OK, lets make a more accurate analogy. A Mexican resident stands on Mexican soil and shoot a US citizen on US soil. In what country have laws been broken? Now, the US government ask the Mexican government for assistance and is ignored. The FBI lures the murder in to the US. Ask the murder to demonstrate his skills. He calls a friend to send his rifle. When the rifle arrives, the murder is arrested with the evidence taken into custody. This is a closer analogy. I for one and not sure the FBI needed a search warrent to view the data they had down loaded. Police do not need a search warrent to control and take evidence at the scene of a crime. They need it to collect evidence at a suspected location of criminal activity. Constitutional law does not provide for protection of non-US citizen. There is not international treaty that prevents the US from acting in its own defence. Troy

Re:Interesting

[Troy Roberts]

Constitutional law does not apply to non-US citizen

Re:This quote says it all...

[Glytch]

I love that metaphor. I'm going to steal it sometime.

Re:The Interesting Ending

[garcia]

I would say that the Russian mob would have better offers to them (drugs, sex, and more alcohol than they usually have)

:)

Re:The Interesting Ending

[sacherjj]

Very common technique. Surely you have head of the "award winners" police scams. Where those with outstanding warrants are sent prize vouchers and they get to come to a certain location to claim them. One such event had television coverage where the "winners" were interviewed. They were taken 10 at a time into another room to be given their prizes.

Those prizes consisted of handcuffs and getting read some rights before leaving out the back for jail time.

What hack?

[nneul]

I'd like to know how "getting them to sit down at a computer running a sniffer" counts as "hacking into their computers".

Electronic Evidence

[RichMan]

Part of a trial is establishing a chain of evidence. How on earth can you ever prove that an electronic train of evidence has not been tampered with.

Prosec: "As you can see in the log files .."
Defens: "Objection: the material security of the log files has not been proven. The prosecution has to prove it that the log files are a true recording of what happened. That the log files and logging process was a completely secure and tamper proof system."
Prosec: "The log files show that no one accessed the system."
Defens: "Objection: Log files are just that, they can be edited. Was the console secure? Was the net access secure?"
Prosec: "When we examined the system."
Defens: "Objection: Prove that the system was not tampered with or completely ghosted by a backup system between the time of the events in question and the time the material was secured."

Re:Reverse Hacking?

[Maserati]

On the plus side for the FBI. They had their suspect sit down at the sniffer in Seattle, and then didn't look at the logs until they obtained a search warrant.

However, we're going to piss off a lot of countries if we continue to assert that the FBI can do whatever it wants outside of the US.

The War on Hackers has turned up a notch.

Re:Electronic Evidence

[Cid Highwind]

But then we know how technically literate US federal judges are...

Prosec: "When we examined the system."
Defens: "Objection: Prove that the system was not tampered with or completely ghosted by a backup system between the time of the events in question and the time the material was secured."
Judge: Counselor, if you don't stop spouting electronic gobbledygook, I'll have you held in contempt. The prosecution may continue.

Invicta?

[PD]

Could this fake company name be a purposeful mishmash of the words "indict" and "convict"? Who said that the suits don't have sense of humor?

Re:FBI & Chechnya

[Ektanoor]

If I clearly understand this:

he takes the risk of venerating those same "terrorists" he so despises

then I'm not overreacting. There is nothing to venerate on those animals. And note: a large part of these "freedom fighters" are no ethnical chechens. It is just scum gathered from all ex-USSR, mainly from Caucasus, and which found a hot seat in Chechnya at the beginning of the 90's. On what concerns Chechens themselves then I know some of them, who are great people and have nothing in common with these swines that are even unable to read the Al-Khoran.

FBI & Chechnya

[Ektanoor]

You know this method reminds me how "chechen" groups sometimes lured people. I know it because I had a few acknowledgements being lured this way before the 1st Chechen War (1994-1996).

In Russia this is consider as the same as kidnapping. I think the FBI has done it because not even the average citizen will understand this. So you US Government Fuckers how better you are than those terrorist groups in Chechnya? How can you talk about human rights if you act the same way as bandits, terrorists and outlaws? Have these guys commited a crime? Maybe. Anyway it is a economic felony which barely touch people's physical well-being. But now their crime is pointless because you committed a bigger crime, you kidnapped people against their will in a foreign sovereign country. You lured people, invited to commit a crime and got them incarcerated. The typical move of "chechen" terrorists and mobs.

You disrespect local laws and rules and you what us to hear you? Go Fuck! Next time the US Government will talk about Human Rights in Russia they can pick the paper and stuck it in their ass. The sound will be more hearable than their voice.

Re:Two key points

[Ektanoor]

Ok, so they brought them to the U.S., told them to log into their computers in Russia, sniffed the passwords, and then used the sniffed passwords to log into the Russian machines. This is hacking? Social engineering, maybe...

If this happened than FBI can happily know that it violated article 272, part 2 of chapter 28 of the Criminal Code of the Russian Federation. The article claims setences starting from 500 minimal salaries (about US$4000) and up to 5 years of detention. Note that this considers only the fact of illegally accessing a computer.

On what concerns the arguments about local police doing nothing against criminal hackers then I can state this is pure BS. In fact in every major Russian city there is now a special department called 'Direction "R"' that fights computer crimes. Maybe the guys are not as effective as FBI "bright minds". But still is amazing to see how FBI treats their colleagues.

More interesting is that Chelyabinsk is one of the later military centers in Russia. So I believe that if police is sleeping there (Direction R is a police force) than the ex-KGB is surely not sleeping. And I believe that even the most corrupt FSB general would not leave these guys in the fresh air. People are now fucking sensitive to such things after a few major break-ups in Moscow and other cities.

So I can take only one conclusion from FBI's actions: bravado.

What's next? SEALs landing in some Mokrovka village to catch a small group of teenagers playing a cracked Xbox?

Re:FBI & Chechnya

[Ektanoor]

Have you seen them you dude? Have you talked with them? Have you dealed with them? Have they dealed with you?

No? So what the fuck are you talking about? I saw people being threatened, beaten and nearly killed. By these same so called "chechens", "freedom fighters" and "independentists". I saw what they wanted to do out of Russia you jerk because I had to deal with these bastards out of Chechnya before the war came. I saw only extortion, explotation, rape, and brute violance that reached cutting fingers and stabbing people. I had to save people from their hands and even save myself. So you sucker don't talk to me about Chechnya.

On what concerns what I despise then I despise because it HAPPENED in front of me and WITH me, you motherfucker.

Re:Many great lines here

[Ektanoor]

Excuse me people, but correct if I'm wrong. For several years I heard that "all are equal in front of the law" and, with exception of intelligence agencies, everyone else was bound to follow the law by the book. And, for years, I heard that in the US this was a sacred rule. So sacred that you made tons of serials and films about it...

Now, it seems that law enforcement has more rights to overcome the law?

Re:FBI & Chechnya

[Ektanoor]

However, what ever crimes have been committed in Chechnya by chechens has nothing to do with what has happened in this case.

This does not change the nature of the method used to lure people. It is clear on the article that these guys were invited to US with the high probability to commit a supposed crime. According to the article: "asked the men to demonstrate their prowess on a computer outfitted with ?sniffer? software to record every keystroke".

Here there were criminals stealing monies and resources from US citizens. The US ask for help from the Russian government, who did not even respond.

BS. Pure BS. You think that FBI phones MVD and no one takes up the phone? There are several of such cases hapenning in Russia and there were already tens of arrests. Besides not only against credit card fraud but also against child pornography. Curiously I noted that the arrests were mainly done with european police forces. US police forces seemed to be missing in most arrest stories here. Now I start thinking why this happens...

The rights extended to non-US citizen by the US far exceed those extended by many other countries including Russia.

Give me a break a? One does not need to live in the US to see how double standarded is your system. You even don't have foreigners but only "aliens". Let's remember that some state of yours sent a german killer to the electric chair for a few deaths and you made a whole mess when some american citizen gets capital punishment for transporting drugs.

On what concerns Russia you haven't seen what saw. I saw people going directly against laws and rules to help foreigners to avoid returning to their countries. as most of these people may suffer persecutions or have their country in shambles. Now I would remind that I have now two friends in the US who are forced to leave soon because their visa expired. No matter that their country is on fire...

I personally feel these two got just what they deserve. They will have plenty of opportunity to defend themself in court.

Well dear American citizens, and what can I say of this guy? A court is only a court if it is located in the US? And did they really got what they deserve? The crime was commited in the other side of the globe. Was expertise preformed? Criminal experts, interviews, analysis? Maybe this guys are only "executors". Mercenaries burned in a "descent mission" to Invita, Seattle. Excuse me dear American citizens but your co-citizen is just the typical portrait of your American Fat-Colestherol patriots...

I have one last observation. Either, you have a very small vocabulary or are not very well educated. The prolific use of vulgar words to make a completely idiotic argument does not lend anything to your credibility.

My vocabulary is not perfect as I am not a WASP, BASP or any other kind of freak. But for such an educated jerk like you, it goes as far as your mind may understand. And i am not chasing credibility. I don't need that shit. I stated only and only my OWN fucking opinion.

Re:FBI & Chechnya

[Ektanoor]

Rarely a nation can be considered as a commiter of a crime. So I consider you naming "Chechen" someone guilty of rape gives already a level of how biased you are. The only equivalence one may take, is with the Republic of Chechnya, that was turned into a safe heaven for criminals. So I name the "chechen" groups, and not the Chechen nation.

I cannot understand your reference on Russians for someone advertising a site, with clear muslim marks... And, besides, which talks about Jihad. Jihad cannot be against a nation.

On what concerns censorship and mis-information then it is a prerrogative of every state. Unfortunately they cannot live with it. No matter it is Russia, the US, the EU, China, the Republic of Ichkeria or anyone else.

On what concerns the facts I testified. They are what I lived and overlived for nearly a year among people related to the Republic of Ichkeria. They are not to be cited as a game of who's right or wrong. I don't play games with the suffering of people, as I directly testified too many times for the death and suffering of millions on Earth. For evaluating the wrongs or rights of such events there are courts. Public forums are not a place to judge such things. Specially when they are political or pro-political ones.

Anyway, this personal testimony is what gives me the right to name "Chechens" as a nation with the right to self-determination and to name those, who destroyed this dream, as criminals and bandits with lots of self-esteem and bravado. Hope, one day, this nation will be wiser on choosing their leaders and capable of holding them from doing silly actions.

In any case I started to compare FBI to "chechen" groups not for "evidences". I used it to show where I see spectacular parallels in the nature of the actions taken to lure people. It's my opinion and it is an opinion based on an harsh experience. If you have another opinion let it be. But don't level MY opinion as a justification of YOUR opinion as they are diametrally different. In such case beware, as I am not easy with people playing words...

Anyway, Peace.

Give 'em the Chair.

[FreeUser]

Give the russian extortionists the electric chair and reprimand the FBI Agents for violating Russian law and possibly violating American law. Allow the agents to pay their fines out of the confiscated funds, the balance of which are to be used to fund further anti-cracking/extortion campaigns ...

Seriously, I wonder if Russians realize that their government's unwillingness or inability to persue these sorts of criminals makes them look to the rest of the world like a haven of corruption and crime. As appearances go: Chechnya is to Russia as Russia to the rest of the world ...

Very interesting post! Please mod parent up!

[FreeUser]

On what concerns the arguments about local police doing nothing against criminal hackers then I can state this is pure BS. In fact in every major Russian city there is now a special department called 'Direction "R"' that fights computer crimes. Maybe the guys are not as effective as FBI "bright minds". But still is amazing to see how FBI treats their colleagues.

Just when I'm about to give up on slashdot as a source of never ending, mindless drivel I find a gem like this, buried beneath the countless posts posturing and belaboring the obvious. I for one had no idea that Russian law enforcement was this involved in tracking down computer criminals (as my other rather provocative post in this thread demonstrates). This is the sort of thing we here in the west hear nothing about, and it colors our perceptions of Russia inappropriately as a result.

More interesting is that Chelyabinsk is one of the later military centers in Russia. So I believe that if police is sleeping there (Direction R is a police force) than the ex-KGB is surely not sleeping.

Unless, of course, it is ex-KGB freelancers that are engaged in these activities, with friends and contacts within the existing law enforcement structure running cover for them. I have no idea if that is the case for these two individuals ... somehow I doubt it, as ex-KGB would never have been stupid enough to fall into the FBI's hands. I say this not to insult Russia but to point out a grim reality ... this sort of thing happens in the United States more than we like to admit, it is certainly plausible that it could happen in Russia as well.

So I can take only one conclusion from FBI's actions: bravado.

That is almost certainly the case. It is also a political game -- they can trot out successes like this one come budget time and probably get more funding as a result.

What's next? SEALs landing in some Mokrovka village to catch a small group of teenagers playing a cracked Xbox?

No, but if you are native American, speaking out against the government in Washington, watch out!

Privacy invasion is okay now?

[MikeFM]

So how does someone being in a foreign country give our spooks the right to invade their privacy? So suppose some Russian spooks think I'm doing something that breaks their laws.. maybe not even our laws.. just theirs.. and so decide to hack into my machines and spy on me or destroy my files.. is that supposed to be okay?

I for one think our country should keep it's police in our country and think that other countries should do the same. If that other country doesn't give our country permission that is even more of a reason not to do it. It sounds like these FBI agents are nothing more than criminals.

Isn't the CIA supposed to handle international stuff? Or in this case possibly the NSA?

Re:being clueless

[ethereal]

Hang on there - just because the Russian government isn't able to do something in their own country (and may not even want to, since they didn't invite the FBI to come in and arrest these guys) and the FBI does have the means and the opportunity to do so, doesn't give the FBI the right to do so. That's what being a sovereign nation means - you can maintain your territorial integrity even when it annoys other countries. If other countries violate your territory, you make an incident out of it as a matter of course.

In reality, if you don't defend your territory enough, you end up not being sovereign any more, because there's no world organization that enforces nations' rights against each other. But that's another story.

If they approached us for help on getting somebody in our country, and if it was all according to extradition treaties, we'd help them out.

If another country approached the U.S. for the extradition of a criminal, and the U.S. didn't recognize the crime (say, distributing soft-core pornography to Muslim countries, or sending Nazi memorabilia to France (the horror)) and so didn't hand the U.S. citizen over, and then a foreign power lured said citizen out of the country, entrapped them to get their password, and then used said password to steal information out of U.S. territory, you can bet the U.S. government would have a cow. If they didn't, then it would be open season on U.S. citizens the world over.

The Interesting Ending

[Jethro73]

Perhaps more interesting was how they lured them into this country with the promise of a job (and toilet paper, bread, etc.), and nabbed them when they got here... Brilliant!

Jethro

Many great lines here

[Lumpish Scholar]

The Russians were part of "The Expert Group of Protection Against Hackers." (Are gangsters "The Expert Group of Protection Against Bricks Being Thrown Through Your Storefront Window Panes"?) No doubt about it, if these really are the guys the FBI says they are, they needed to be shut down.

Let's see: The theory is, "reverse hacking" is good, because it's done by law enforcement; but had a /.'er done the same thing, to shut down the same Black Hats, it would have been just plain old "hacking" (cracking), and would have been bad. Or that's the idea. Let me get back to you on this one....

Defendent "Gorshkov's attorney, Kenneth Kanev, said it was illegal for the FBI to obtain Gorshkov's username and password and use them to access potentially incriminating data from computers halfway around the world without a search warrant." Interesting point. Does this mean the FBI guys are in trouble? Does it mean the evidence is inadmissable? Are these questions independent?

U.S. Attorney "Schroeder says Gorshkov was using someone else's computer and had no reasonable expectation of privacy." If the Russians broke into third party computers, the FBI broke into them, too? (If the evidence is all from the FBI computer the Russians hacked into, and perhaps through, then it's a clean bust, IMHO.)

"They and associates who remain in Russia are believed to have made tens of thousands of probes and intrusions into computer systems, usually through a vulnerable version of Microsoft Windows NT." Is anyone suprised?-)

Reverse Hacking?

[Ralph Wiggam]

What is reverse hacking? Ugly solutions to non-existent problems? White hat...black hat...grey hat...whatever illegal shit the FBI does in the name of law and order...it's just hacking.

-B

Reverse hacking?

[Plasmic]

"FBI uses reverse hacking to catch Russians" -- CNN.com

Oh yeah, reverse hacking... that's kinda like when someone punches you in the stomach and then you use reverse punching to get back at 'em.

Let's take a look at an executive summary of the etymology of this term: it's cropped up in a couple of mailing lists and yet it seems to have no useful meaning. A mere 35 hits on Google [google.com] for 'reverse hacking', but it seems to have a different meaning each time it was used, from "corporate cyber-vigilantism" to "hacking your own computer." Although, it's used exclusively on reputable mailing lists like 'The Hacker Bulletin Board' and 'Windows Security Advice'.

"Reverse hacking" was referenced as early as 1987 by 1 person in the phreaking community to describe "services putting a carrier tone in thier recordings to fool your friendly hacking program into thinking that the code was valid". If that doesn't prove that this term adds no value to the English language, I'm not sure what would.

Anyhow, it's amusing that I suspected that this term was only used by a moron at CNN, and after 5 minutes of investigation, I determined that it was only used by morons around the world.

Re:Double Standard

[SEWilco]

• A better double standard example is:
• Can Russian law enforcement break into the computer of a U.S. citizen?
• Can Russian law enforcement break into the computer of a third party which was being used without permission by a U.S. citizen?

Time To Create Russian Honeypots

[scotpurl]

Quick, someone get a honeypot up in the .ru domain. Then we can all see exactly how the FBI hacks.

No privacy violation here

[Shotgun]

the use of the "sniffer" software violated his client's right to privacy

BWHAAHAAHA! Right to privacy! That's a good one guys!

"The cop just sat there and watched as I walked into the bank. You can't just sit there and watch criminal who are minding their own business. That's invading their privacy!"

Idiots. The courts have upheld that if a police officer believes there is sufficient probability to support that evidence may be destroyed, they may take steps to protect that evidence. Like they can stop drug dealers from flushing during a raid.

These jerks are BUSTED, plain an simple. Good going FBI with the human engineering!!

Re:Reverse Hacking?

[Janthkin]

Reverse Hacking is starting with a nice, elegant, and simple solution...and then turning it into Windows.

dumb crackers

[segmond]

if those guys were smart, and were running OpenBSD with encrypted partition/swap space on their laptop, used their laptop and authenticated across with 3DES when trying to demonstrate their skills, we wouldn't be hearing about this.

Re:Invicta?

[segmond]

I am going to register a company now, Invicta! If the FBI uses it again, I will sue them for damages!

Is that within their charter?

[werdna]

I thought international work was the jurisdiction of the CIA.

Re:Double Standard

[jazman_777]

Plus, Taiwan and China have the same people, and Taiwan has less resources, but Taiwan is a prosperous and wealthy nation while China is still trying to keep peasants from starving to death while selling vegatables at government-controlled prices. The reason for this is quite simple: Taiwan is a free and open society, while China is not. China has meddled very little with Hong Kong's laws, because having an open economy creates wealth. Freedom brings prosperity to a nation. Those Russian hackers wanted to come here because they knew that being able to live in a freer and more open society would let them live better lives.

I don't recall mentioning Taiwan anywhere. Is Taiwan an independent country? Have the US recognized it as such?

What is interesting to me is the direction China and the US are taking. Deng Xiaoping said, "To get rich is glorious" which sounds like a paeon to the free market, which is the direction they are going--towards liberty. Even now, they are problably not much more economically regulated than the US are (no Americans with Disablities Acts, no EPA, FDA, etc, etc, etc). They are not there (civil liberty) by any stretch of delusion, but they just may get there. The US, OTOH, are moving toward a ponderous socialist worker's paradise...

Why are US Civil "Liberties" always accompanied by Government regulations, which always seem to remove Liberty?
--

Amazing

[Hard_Code]

"The agents downloaded the data, but did not view it until they obtained a search warrant from a U.S. federal court, he said."

Am I the only one completely amazed by this statement. Here, these agents plainly admit to *copying* data which may not be legal to have or view. Um, how is this different from copying some piece of music or literature you may or may not be allowed to use, without listening to or reading it? This seems like it could set (or shatter) a big precedent. Imagine that, *copying* digital data may not necessarily be equivalent to "stealing" it. Amazing.

What are the politics of this?

[solios]

A situation similar to this could easily be considered an act of war- particularly if the hackers or script-kiddies were targeting .gov sites as opposed to corps [who, given the technology and $ at their disposal, are asking for it if they leave their systems open].

Technically, if the compromised hardware, software, company, what have you is physically *inside* united states boundaries, then the attacker could be persecuted under US law, yes? Conversly, if some 1337 d00d in Jersey hacked a Russian site and pissed them off, he should likewise be subject to the same considerations.

Yeah, it's the internet, no physical boundaries and all that. Root my server and the only thing seperating you from a fractured skull is the distance factor- something governments don't have to worry about. Crackers do this kind of shit because they know they're not going to get caught- a few serious, well-founded PROVEN criminal cases may serve as a deterrent, or at least get the issue out in the open.

Re:Crackerjack!

[CormacJ]

Crackerjack was a UK kids TV pantomime/game show.

It was introduced whit: "It's friday, it`s 5 to 5, it's CRACKERJACK !"

The prizes were pretty crap - you could win a cabbage, or a crackerjack pencil. Later I guess they must have gotten a budget and you could win a crackerjack pen.

One of the things the show had, was that anytime any of the hosts said the word "crackerjack" the audience would yell out "crackerjack" really loudly.

It was a very strange show.

Heres a short clip [80snostalgia.com]

Re:The Interesting Ending

[bugg]

But that's pretty different from luring in someone from another country; with the "free prize" sting operations, at least these are people who fall under police jursiction by their residency in the state in question (or residency in the United States if it's a federal operation)

What would have been less, well, wrong would have been to have the FBI work with Russian authorities to arrest them (perhaps by luring them to a job in Russia) and then continue the extradition procedures.

Re:Great line

[po_boy]

That's the dissenting opinion that McVeigh quoted at his sentencing hearing. Pretty harshly written for a Supreme Court Justice.

Re:Very Bad Joke

[po_boy]

I thought it was the 3Ff B33 3y3!@#$

Re:The Interesting Ending

[BlueUnderwear]

Maybe what he meant was "US laws broken on US soil, but suspect fled to another country". Sure, if you smoke pot in New York, and then move to Amsterdam, they'd have grounds to arrest you/have you extradited.

Gold Old NT

[selectspec]

Once again, someone proves that NT's only security is that it is likely to crash while your cracking it.

Re:Time To Create Russian Honeypots

[slykens]

Quick, someone get a honeypot up in the .ru domain. Then we can all see exactly how the FBI hacks.

Better yet, VPN a subnet back to the US from Russia so that the system simply appears to be on a really bad connection in Russia, but in reality is an American system. FBI breaking into computers on American soil would be a great story, especially doing it without a search warrant simply because they THOUGHT it was somewhere else. That would be worth a few million dollars in constitutional rights violations and would learn them a lesson. The only way to know would be that extra delay, which could be attributed to a slow connection domesitcally in Russia.

Is there any sort of law that would make it an "international" system simply because traffic leaves the United States but returns to reach it?

I can just see the next X-Files...

[Greyfox]

Mulder: 1 4M 1337 H4X0R B140+CH!
Scully: 411 UR B453 4R3 B310NG 2 U5!

At which point hopefully the smoking man comes in and shoots them both in the back of the head.

Great line

[RollingThunder]

I just LOVE this line...

He also maintains that no search warrant was needed because the FBI lacks jurisdiction in Russia.

Pardon me for being clueless... but if you don't have jurisdiction there... then you have NO legal right to do that, meaning you BROKE THE LAW. Just because it's another country doesn't whitewash it!

Paypal culprits

[nharmon]

The suspects also allegedly set up a fictitious site that mimicked the Web site of PayPal in an attempt to gain access to users' accounts, Schroeder said.

I for one am glad to see the FBI going after real criminals for a change.

Reversed

[nharmon]

So what happens when this is reversed?

Say, for example, John Doe sells some Nazi merchandise on a website which French users can view. Then John travels to France, where he's arrested for a crime which isn't a crime in the country he "commited" it.

Opens the door to a lot of international mistrust.

Serious questions of Jurisdiction.

[catseye_95051]

If these computers were over-seas then the FBi probably over-stepped their authority ina bad way.

The FBI is absolutely forbidden from engaging in foreign survailance. This is the role of the CIA.

I suspect this is just the beginning of how the net is going to break down all our preconceptions of geography and force major changes in the structure of our scoiety,

Re:Invicta?

[Richy_T]

It's a real word.

Rich

Re:Invicta?

[Richy_T]

Don't know, probably Latin. It means "Unconquered" or something. It's very popular in Kent in the UK where some invading army failed to conquer Kent because of the "Men of Kent" or somesuch.

As I say, it's very popular, there are Invicta public houses, Invicta garages and even "Invicta FM" (often termed "Inflicta FM")

Rich

Re:Invicta?

[Richy_T]

I've just noticed as well that the tires on my minivan are, in fact, "Goodyear Invicta"s. And no, to the ACs who have guessed at the roots of the word, I don't think it has anyhting to do with Spanish or invitations. I think it comes from "in" for "not" (incapabale, invisible etc) and "vict" from the same as "victory". I.e. "No victory" or "unbeaten".

Rich

Re:did you make that up or did they change it alre

[heikkile]

Invita Koekkener is an old player on the Danish market for kichen furniture. The addresses and names mentioned above seem legitimate enough for a Danish company. www.invita.com seems to talk about their stuff.

Re:The Interesting Ending

[susano_otter]

[I] think there will be a bit of 'uh... who should do it?' for awhile.

What's more likely is that each agency scrambled to put together a political argument in favor of getting authority over this new jurisdiction, and with it, more funding and recognition. The FBI may be with winner, with a fait accompli and attendant media circus.

Re:What hack?

[locutus074]

One would think that the method used here would be considered by the /. community to be a "hack" by merit of its elegance and wit. But I guess since it's "the man", people like you will continue to look for ways to rag on them.

Well, I originally thought, after reading the article, that referring to it as hacking or cracking was going a bit far. But after reading your thoughts, I have to agree with you to a point. I think that it was a clever bit of social hacking (or social engineering, whatever you want to call it).

I still haven't figured out whether I agree with what the agents did, but I have to admit that I admire the way in which they did it.

--

Re:This quote says it all...

[Kingfox]

They'll only have to pay $50 + court costs, $75... but if you get a lawyer to do a class action suit, then you can actually hit them up for the whole $2.7 million with ONE court case.

As evil as class action suits are in the eyes of many, they're great for just that sort of thing. $75 is a thorn in the side, but a class action suit is a huge lamb-feces encrusted iron spike.

should have used S/Key

[peccary]

Or another one-time password scheme. Other posters have suggested SSH, which misses the point.

Re:Double Standard

[firewort]

Actually, that doesn't work well either- Non-US citizens have US rights. The rights claimed by the Bill of Rights aren't just for Americans, only originally asserted by them. Illegal Aliens get due process.

The way I understand it, since it's a US Law Enforcement agency, they're bound to uphold and respect US rights and procedure, whether their targets are US citizens or not.

A host is a host from coast to coast, but no one uses a host that's close

Re:The Interesting Ending

[ichimunki]

What I find interesting is that this is the FBI doing this, which I've always thought was a domestic agency. Am I wrong when I suppose that international matters of this sort should be in the hands of the CIA or the military? Of course, I'm also willing to believe the whole thing was orchestrated by Microsoft to get their source code back.

It's a real company!

[sulli]

Here's their web site. [invictagroup.co.uk] They are famous for Mastermind [invictagroup.co.uk], a game that I remember playing back in the seventies and that's still available now!

Re:One word

[ScuzzMonkey]

You've either never been cracked or you are a freakin' genius or your didn't recover right. Just because you find a compromise on day X, it does not mean that it happened on day X... could have been yesterday, last week, a month ago. It takes time to go back and validate all of your data even if you were doing regular backups through that time. You have to find the last trusted backup, not just the last one you happened to make. It can take weeks to properly do forensics and work your way back to a trusted backup set.

Re:FBI's jurisdiction arguement

[ScuzzMonkey]

Which argument? The first sentence is pretty well established case law; if it weren't, you wouldn't be able to keep logs and no one would ever get busted for cracking. The second, I dunno. Jurisdiction regarding information is not, in my mind, the same as jurisdiction regarding physical apprehension. I mean, they can collect information about the movement of suspects outside the US without any by-your-leave from anyone, or read a foreign newspaper, or whatever. I think jurisdiction is probably the wrong word. Russian law may have been violated, but OTOH, it doesn't seem like the Russian authorities were too keen on following up on the original case against the crackers, so I doubt they're too concerned about the FBI doing it. Personally, I don't have an issue with it--there are places in the world which are pretty much beyond the pale of ordinary international cooperation for law enforcement. Just because there are not any agreements for enforcement in those areas does not mean that criminals operating there should just get a bye. If local law can't constrain them, why should it constrain the Feds?

Re:One word

[ScuzzMonkey]

A vanilla webserver is a little different than a full-blown e-commerce system with a back-end database to worry about, sure. Presumably you can re-format, re-configure, slap source back on it and be running again in no time.

It's easy, and to some extent valid, to observe that different policies and procedures would prevent or minimize damage after the fact. People should always use a compromise as an excuse to review their procedures. But security is always a compromise on usability, and determining ahead of time exactly where to draw that fine line is an impossible art.

Incidentally, if you don't feel that NT/IIS has adequate security, it seems to me that you've missed your own point--properly installed and configured, that setup can be as secure as anything else on the market. But perhaps you were trying to say that in your case, you couldn't provide the functionality that you wanted with the security you wanted. I guess that would be my point--you've got to make that tradeoff somewhere, and I'm not sure you should castigate these guys for doing so. Nobody likes a whiner, but I think it's reasonable to be pretty pissed off when you get jammed like that.

Re:FBI's jurisdiction arguement

[ScuzzMonkey]

It seems that way because that's what the FBI have said, and it fits our prejudices.

Well, maybe that's why it seems that way to you but it seems that way to me because I've tried to get Russian authorities to move on extortion threats received from Russian nationals, and not gotten very far. I don't have any trouble believing that the victims in these cases didn't have any better luck. Do you have any evidence to the contrary, or were you just talking out of your ass because you don't like the FBI?

Re:One word

[ScuzzMonkey]

I certainly wouldn't argue that most breaches--and I would go so far as to say ALL breaches--are preventable; it's just that it's much easier to see what would have prevented them in retrospect than it is beforehand. Certainly people should follow minimal best practices, at least--I completely agree with you on that point.

I guess I just find it disturbing that you seem to hold the victims more responsible for the problem than the attackers. Prudence is one thing, culpability another. To draw a poor analogy, if you're going to walk at night in a bad part of town, you should be prepared for muggers--but that doesn't mean you should just accept being mugged. You should still call the cops, try to find the guys who did it, and take them off the streets. That's not whining, it's civic responsibility. Vengeance is not the point--justice is. There may always be someone else, but that doesn't excuse these guys in particular--they should be pursued and removed from the scene.

Aside; that's an interesting argument against NT/IIS--usually what people say is that it's less secure because there are fewer reported vulnerabilities weekly than other, more open platforms... implying that more open platforms are better reviewed for security. If you really believe that, though, you should take a look at the actual numbers: securityfocus stats [securityfocus.com] Considering the percentage of all webservers that are hosted on NT, it actually has fewer reported vulnerabilities for its market penetration than some Other operating systems (not naming any names here ;) And if I remember the attrition.org numbers correctly, it's actually cracked less often per share, too.

I don't like how MS handles flaws, either, but it's really just a mirror for corporate America. I've never worked anywhere where the PHBs were more concerned with fixes than features--until after they got hit.

Re:One word

[ScuzzMonkey]

I don't think your view of law and duty is actually all that different from mine. I agree with pretty much everything you've said; I just don't think (returning to the lousy mugger analogy) that it's acceptable to say "Don't walk in certain neighborhoods," instead of trying to address the root problem. Your point that such things are often symptomatic of greater social ills is well-taken--however, it crosses your point of individual responsibility being the only really relevant matter. If the muggee needs to be responsible for watching his or her back in indian country, then the mugger also needs to be responsible for, well, being a mugger. And I don't think that justice is not a deterrent, either. I think it's a great deterrent, where it's actually applied. Deterrence, however, is not easily measured in most contexts, so I can't cite anything for you particularly... it's just an observation of human nature. If you have an expectation that you're going to get caught and punished you're less likely to commit a rational crime. Murder would be an example--it has a very high clearance rate, and it's also the least common violent crime. And I guess, in short, that I don't think that being stupid means its okay to be victimized. I suppose I'm idealistic enough to think that our society should be such that you simply shouldn't have to worry about getting mugged/cracked.

Aside: The point about the stats, though, is that even though NT is higher than everything but the aggregate of all linux distros, it's not as much higher in exploits as it is in market penetration. If NT had 100% market share, they would have 100% of all exploits. In other words, you should see a correlation between how wide-spread an OS is an how many 'sploits are found for it, presuming all other factors are equal. But NT actually has a lower percentage of 'sploits against it than it has market penetration. So, for instance, if you took certain other operating systems and extrapolated them out to having the market share that NT currently does, you would actually see them with more exploits against them than NT has. You could argue that this is a Bad Thing and that more problems found mean more fixed; but I don't think you can argue that NT has more exploits for market share than other operating systems.

I don't have a comment on the nature of the exploits, since I can't seem to find any relevant stats for that. Off the top of my head, I can only think of a few popular IIS/NT exploits that allow full file access or arbitrary code execution.

Re:FBI's jurisdiction arguement

[ScuzzMonkey]

It wasn't a statement, it was a question. As for Russian authorities, personal experience. But the question stands. Having trouble answering?

Re:Packet Sniffing

[agentZ]

The Russians should have been using SSH for there remote communications.. At least that way it would have taken the FBI longer to figure out what they were actually doing and how they were doing it.

Maybe. But even SSH is vulnerable to a keyboard monitor. Since they were using the FBI's computer, they could have easily installed one. Looks like this:

ssh -l foo -p 31337 host.bar.com^MallYourb4se4reBELongtoUS!^M

and there you have it.

Interesting

[Auckerman]

"He also maintains that no search warrant was needed because the FBI lacks jurisdiction in Russia."

This raises an interesting constitutional issue. Lets say, for example, your are an american business man and often travel to Russia. Now, the FBI thinks your a low life money launderer for the Russian Mob and the only reason you haven't been arrested in Russia is because you pay off the police. They don't have much to prove this. In fact, they can't even get a wire tap for your cell, which is provided by an american company.

So one day, you are in Russia and using a Russian ISP, you check your email. Now the FBI, through perfectly legal means, gets your IP, breaks into your computer, and finds....NOTHING except a LOT of porn with couple images that MAY be girls under 18. You come back to the states, they arrest you under for child porn (when they know its contestable) so they can get warrents to check your house in the vague hope of finding something to prove you are with the russian mob.

At no point did they get a warrent.

Sound far fetched. Maybe. But it does raise an interesting Constitutional issue for American Citizens. If I travel to Russia, the FBI, who has not jurisdiction there, should NEED a warrent to invade my property in Russia. Here it is implied that since Russia is not America, the govt can use means that fly in the face of the Constitution to catch someone.

I doubt any evidence gained from a search with no warrent, regardless of the computer being in Russia or not, would NOT pass Constitutional muster. If it did, we need to extend the US constitution.

Re:Interesting

[Auckerman]

"The natural result of forcing US protections on non-US citizens on foreign soil is that the US would have the right to prosecute foreign nationals who have violated American laws without harming American interests. This sort of extra-territoriality would not be thought of highly."

"In this case, the FBI did the right thing."

Here you have done two things: Put words in my mouth and contradicted yourself.

I'll start with the first. I have neither implied nor suggested that US laws apply over seas. What I have implied is that the FBI, which enforces federal law (among other things), should have American Law apply to it, regardless of where the person who is being investigated lives. This is not to protect foreign nationals, but to limit the right of the FBI to investigate ME when I travel abroad. Since, in this case the FBI did NOT know what nationality the people were, it could have been American Citizens. FBI does NOT and should NOT have the authority to do that to me, regardless of where I am at.

Re:Interesting

[Auckerman]

"And just which court do you think you would go to to get such a search warrant"

I'm sure down the road from their office is a federal court that has a judge who would sign a warrent to invistage crimes commited against people on American soil. They HAVE juristiction, else they couldn't arrest these people for their crimes.

"Certainly it has been proven in court that foreign nationals on foreign soil are not granted US protections."

What if these people had been americans? FBI didn't know where they were, they could have just as easily been americans.

"The natural result of forcing US protections on non-US citizens on foreign soil is that the US would have the right to prosecute foreign nationals who have violated American laws without harming American interests. This sort of extra-territoriality would not be thought of highly."

"In this case, the FBI did the right thing."

I have address part of this in a previous post and above, and would like to point out the contradiction. First you point out how "extra-territoriality would not be thought of highly" then go on to say "In this case, the FBI did the right thing". Interesting. Since by the FBI's claim (and your assumed acceptence of said claim), it had no jurisdiction in Russia, yet it was investigating a crime commited by people on Russian soil against American interests. Isn't that the "extra-territoriality" that wouldn't be "thought highly of" you were talking about? How is it a good thing in the light of it being "extra-territorial"?

My claim is the crime was commited on American soil. The server that was attacked was on US soil, the data was stolen from US soil, every part of the crime was on US soil. US laws do apply, even such inconveinces as warrents and due process. As such the FBI needs a warrent.

Indymedia raided by FBI

[teatime]

The Indymedia center in Seattle was raided [indymedia.org] by the FBI. Not only that but the federal government has required that all phones have a tracking device by 2005 [foxnews.com] We should not support a government that hacks into the citizens of other countries computers. It is only matter of time before they do it to us. If they haven't already started. Welcome to the corporate police state.

hmmm....

[canning]

The agents downloaded the data, but did not view it until they obtained a search warrant from a U.S. federal court, he said.

*cough* bullshit *cough*

That was honest of them. I know I couldn't resist sneaking a tiny peek.

Re:Ah..

[bmongar]

ut what are they doing against US crackers hacking Chinese computers? Hire them.

Re:Entrapment (was Re: ...ramifications)

[bmongar]

It may be illegally gathered evidence, but it is nowhere near entrapment. Entrapment is enticing someone to do something they may not have done without your influence.

Re:Entrapment (was Re: ...ramifications)

[bmongar]

I should be more clear enticing someone to commit a crime they may not have done without your influence.

Re:How much clearer can it get?

[bmongar]

No it isn't entrapment because, they aren't charging them with any crime committed in the bogus company. They used the company to gather information on the crimes they had previously committed.

Re:Reverse Hacking?

[Calle Ballz]

The FBI didn't really hack anything. They conned the guy's passwords with a keystroke logger and then logged right in. No hacking involved. Probably illegal, but I figure that the laws about hacking apply to the FBI as well as anyone else... If the damage isn't over $5000, would the FBI have to investigate their own actions? But I guess the FBI knows as much about hacking as the geniuses with their name all over attrition.org who claim to "root" NT boxes.

It's not a look warrant!

[shyster]

Obviously, the FBI agents broke Russian law, but I don't think the Russians would try to prosecute, and I don't think the US Gov't is going to give the agents up for extradition...and I really doubt the agents will be tricked into going to Russia. =)

Did the FBI break US law? It certainly seems that they might have. The whole wash about not having jurisdiction is BS, as the article states the sniffing and login were done in the US...Seattle to be precise.

After Ivanov arrived in Seattle, accompanied by Gorshkov, agents posing as Invita officials asked the men to demonstrate their prowess on a computer outfitted with "sniffer" software to record every keystroke. After arresting the duo, they used account numbers and passwords obtained by the program to gain access to data stored in the computers in Russia, Schroeder said.

Now, the sniffer wasn't a problem, I don't think, since the FBI legally owned that computer and are free to install whatever monitoring tools they want (BTW, I don't think it was a sniffer but a key logger). The using of the passwords to log onto an account that was not theirs, however, is a crime. And I believe that if a private US citizen were to hack another computer in another country, that US law would still be applicable. If I kill a Russian citizen visiting the US, am I not guilty of murder in the US? Or am I only guilty in Russia?

So, the FBI broke the law by hacking another computer. This would be OK if they had a search warrant, but, obviously, they didn't get one until after the fact. I wonder if they tried to get one before the operation, and were turned down by a judge who stated that they didn't need one. Barring that, I would say they definitely need a search warrant before downloading the data (including simply viewing the data and gaining access). After all, for the time between downloading the data and having a search warrant for it, that data was effectively stolen merchandise.

And, besides, it's called a search warrant, not a look warrant!

Re:Double Standard

[Lawbeefaroni]

The CNN article mentions that the prosecution's argument was that the FBI didn't require a warrant because Russia isn't under their jurisdiction. Can someone explain? Does this mean that a Dade County Sherrif (Florida) can break into my Ann Arbor (Michigan) apartment sans warrant to legally gather evidence?
Of couse this was only their argument and not necessarily the law, but it's fairly brash. As was the "expectation of privacy" argument.

I bet they used scripts.

Re:The Interesting Ending

[raju1kabir]

Furthermore, the CIA does not have investigative powers. They do not serve out serch warrants or the like. The CIA is under the Executive Branch of the government, whereas the FBI is under the legislative branch, and can serve search warrants and the like.

Sounds like you were sleeping in civics class.

Both the FBI and the CIA are under the Executive Branch (the FBI is part of the Department of Justice, a presidential cabinet department). The Executive Branch quite specifically is charged with execution of the law, including investigation of crimes. The legislative branch only makes laws.

Re:Double Standard

[raju1kabir]

the tactics they used for obtaining the passwords are extremely questionable, and probably border on entrapment.

There is nothing even vaguely like entrapment going on here. Entrapment is when a law enforcement officer commits a crime in order to encourage a suspect to commit that same crime, and then turns around and arrests the suspect when he does. For instance, if I'm a cop and I take you to the store and I shoplift something and say "go ahead, it's fun!" and then you shoplift something too, you Get Out Of Jail Free (tm) because I entrapped you.

Just tricking someone into revealing information about their guilt is not entrapment; it's simply a worthy and useful police tactic.

Re:The Interesting Ending

[chris_mahan]

The CIA investigates events outside the US. The FBI investigates events within the US.

For example, if a Russian diplomat is in Washington DC, the FBI investigates (tails) him.

The two agencies cooperate (they say), so that they do not overstep on each other's areas.

This is why the FBI went to the bombed US embassies in Africa a couple years back, since they're technically US sovereign soil.

Furthermore, the CIA does not have investigative powers. They do not serve out serch warrants or the like. The CIA is under the Executive Branch of the government, whereas the FBI is under the legislative branch, and can serve search warrants and the like.

As far as what they were doing with the hackers in Russia, I surmise only that since the hackers had commited crimes in the United States, it only makes sense that a US investigative body would investigate.

About the military, I don't think we want them investigating commercial crimes (you stole an apple, so we're sending the Marines).

New USMC slogan: "All your base are belong to U.S."

As far as Microsoft wanting their source code back, I am fairly certain that was not the case. They are already experts at introducing nearly unfixable bugs into their source code.

Re:They did need a search warrent

[dachshund]

The question is: exactly how did they download the data without looking at it? Recursive FTP starting at the top-level directory? Or did they poke around 'til they saw things that looked interesting? One could argue that the poking around would be a violation.

This is all aside from the international angle-- I'm not sure how that plays out. I guess no matter how you look at the data, if you're viewing it from a computer in the US you're technically copying it into the country, even if it only lives in RAM for a few seconds. This sort of wild argument has often been used against "hackers" in order to convict them of theft.

Re:Amazing

[cavemanf16]

The rules are always different for government workers in positions of power. In fact, lots of rules don't even apply to them. Like Bill Clinton, for example. He was the Commander in Chief of all of the armed services at the time that he lied about the Monica Lewinski scandal. I know the creed of the Air Force Academy is: "We will not lie, cheat, or steal, nor tolerate among us anyone who does." Uhhh, don't you think the 'high commander' would be subject to this rule? Apparently not, because he's got good lawyers and all the power.

So don't think this will set a precedence in your favor of copying digital media. If anything, it will give the government more power to do whatever they want, and you less. Sorry man.

Re:being clueless

[Rogerborg]

• If another country approached the U.S. for the extradition of a criminal

Say, for example, Russia asking the USA to extradite an FBI agent for hacking machines in Russia owned by a couple of (innocent until proven guilty) Russians.

Please, oh please.

Re:The Interesting Ending

[Guppy06]

Would you rather the FBI try to argue that it can arrest people in Russia? The still have their nukes, ya know...

Re:Double Standard

[Guppy06]

Yeah, double standard. They were supposed to get a search warrant from a judge in the local oblast before they... hey, wait a second... Oblast? Oblast! This is a FOREIGN COUNTRY! These were not US citizens, they were not living on US soil, and until they enter the US, the US Constitution doesn't apply to them. Why do you think they had to be lured here before they could be arrested?

The only odd thing I see here is that I think this might have been the CIA's jurisdiction, since they're the ones usually in charge of information-gathering outside US borders.

If you want to argue that the US Constitution protects the rights of those nowhere near our borders, then I hope you're one of the first to volunteer for the military as they're deployed to China to enforce our Constitution on them.

The US Constitution doesn't apply

[Guppy06]

I've said it twice already here, but nobody seems to understand it, so I'll say it again: The US Constitution (and it's protection against unreasonable search and siesure) does not apply here. They weren't US citizens. They weren't even resident aliens, illegal or otherwise. No Russian oblastey, respublik, okrugov, or krayev have ratified the US Constitution and become a US state. It hasn't even been put to a vote. The only time our Constitution applied to Russian territory and Russian people is when Seward helped buy Alaska.

This is wholly outside the jurisdiction of any US state or federal laws. The only "laws" that do apply are international treaties, and I have yet to hear of any that forbids a nation-state from taking nessecary action to protect itself from outside threat.

If the US were trying to enforce Constitutional law outside its borders, then the Chinese and others are right: We really ARE hegemonic. And I'd hate to be part of the military that tries to enforce those laws on the rest of the world.

Re:The US Constitution doesn't apply

[Guppy06]

"In a previous attempt to do something similar a U.S. Law Enforcement office was arrested and charged with kidnapping on foreign soil. He spent 3 months in jail before he was released."

However, there was no kidnapping involved in this case. They flew to the US voluntarily. Bait-and-switch, yes, but no kidnapping.

"Law enforcement agencies have no jurisdiction outside of the country."

The computers being hacked were within the US.

"This is against international law."

The crime was against US citizens and US property within US territory. What you're saying sounds like we don't have the right to attack a ship shooting missiles at the US if the ship is outside territorial waters.

Re:Double Standard

[Guppy06]

"Does the proposition 'all men are created equal' mean anything to you"

Yes, it measn that all people, no matter where they come from, have the opportunity to become US citizens. They didn't become citizens before hacking US computers, so...

"I always thought that we hold our rights to such a high standard that they apply universally."

We, as Americans, have the right to decide (through democracy) what laws do or do not apply to us and our property. A people's right to self-government. If the suspects made no effort to be a part of our self-government, why should we force it upon them?

"If a country does not have these protections, don't we call them 'undemocratic' and threaten them with sanctions or worse?"

The suspects were made aware of their rights when they were arrested. They have the right to a lawyer. If they cannot afford legal consul, it will be provided to them free-of-charge. They have a right to only be held in prison for a year and a day before being put on trial. They have a right not to be interrogated without consul available. They have the right to a trial before a judge or a jury (their choice), where they have the right to challenge any and all evidence presented against them. They have the right to continue to have some contact with the outside world while incarcerated (probably with the local Russian Consulate). They have a right not to be denied bail without due process of law. They have the right to appeal a guilty verdict. And, last but not least, they have a right not to be subjected to cruel and unusual punishment.

It's not like they're being dragged off into a dark alley and shot. They haven't "disappeared" like Chinese dissidents.

"But it is ok for the US to do any damned thing to people who are not inside it's borders because the Constitution does not apply."

The computers attacked were owned and operated by US citizens on US soil. Once the suspects entered US territory, the Constitution applied to them. It does not, however, apply to the evidence-gathering while they were outside the US.

Re:The US Constitution doesn't apply

[Guppy06]

All amendment 10 says is that the rights not explicitly granted to the feds by the Constitution belong to the states or the people.

On the other hand, amendment 4 says:

The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated(.)

There's nothing anywhere in the Constitution that suggests that "people" here means anything but the "people of the United States," as mentioned in the preamble. If it meant all people, then you'd be suggesting that US law applies to everybody and every nation the world over.

Besides, if you're in the process of comitting a crime, and the feds are sitting there watching you do it, wouldn't a search of you and your posessions be "reasonable?"

Moral: Don't Use Windows NT

[Guppy06]

From the above-mentioned CNN article:

... Gorshkov and Ivanov used computers ... to scan the Internet for vulnerable business operating systems. They ... are believed to have made tens of thousands of probes and intrusions into computer systems,

usually through a vulnerable version of Microsoft Windows NT

Holy crap

[sllort]

Check it out the FBI defaced the hacker's web site [f2s.com].

Now that's just cold.

Two key points

[sllort]

Two very interesting things in the article:

1) "After Ivanov arrived in Seattle, accompanied by Gorshkov, agents posing as Invita officials asked the men to demonstrate their prowess on a computer outfitted with "sniffer" software to record every keystroke. After arresting the duo, they used account numbers and passwords obtained by the program to gain access to data stored in the computers in Russia, Schroeder said."

Ok, so they brought them to the U.S., told them to log into their computers in Russia, sniffed the passwords, and then used the sniffed passwords to log into the Russian machines. This is hacking? Social engineering, maybe...

2) "The agents downloaded the data, but did not view it until they obtained a search warrant from a U.S. federal court, he said."

Now this is interesting. They don't need a search warrant to break into your computer, only to read what's there. Which means that breaking into a computer isn't search and seizure.
Does this mean that if I break into FBI computers, but don't look at anything, that I haven't hacked them?

Very, very interesting precedent...