Feeds

FBI sting snares top Russian crackers

Three years at Club Fed

  • alert
  • submit to reddit

SANS - Survey on application security programs

A Russian cracker, tricked by the FBI into visiting the US on the pretext of a job interview, has been sentenced to three years in jail.

Vasiliy Gorshkov, 27, was also ordered to pay $690,000 in compensation for his crimes by Federal District Court Judge John Coughenour, who took his family's medical and financial problems into account in sentencing the Russian to serve far less time than the 16 years demanded by prosecutors.

Last October, Gorshkov was convicted of 20 counts of conspiracy, various computer crimes, and fraud against online banks and e-commerce operations. His co-accused, Alexey Ivanov, 20, pleaded guilty in August to similar charges along with five counts of extortion, Reuters reports. He is currently in custody, awaiting sentencing.

The circumstances surrounding the November 2000 arrests of the pair put the spotlight of FBI tactics used in the case and prompted Russia's counterintelligence service, the FSB, to take the unprecedented step of charging FBI Agent Michael Schuler with hacking.

Schuler was praised by US authorities for an elaborate ruse that resulted in the arrests of Gorshkov and Ivanov. The operation arose out of a nationwide FBI investigation into Russian computer intrusions against e-commerce sites, and online banks which identified Gorshkov and Ivanov as prime suspects.

It was suspected the pair cracked into victims' computers to steal credit card information and other financial information, prior to attempting to extort money from the victims with threats to expose the sensitive data to the public or damage the victims' systems. Gorshkov and Ivanov were also suspected of defrauding PayPal through a scheme in which stolen credit cards were used to generate cash and to pay for computer parts.

The FBI lured the two to the US by posing as representatives of the fictional 'Invita' security firm, and offering the dynamic duo good jobs if they could prove their skills.

Of course the Feds set up a box rigged with a key logger and then set the pair to work demonstrating their amazing prowess. When they accessed their machines back home, the Feds recorded the login info, and later returned to root the boxes.

Having placed the pair in handcuffs, the FBI obtained a wealth of evidence from the compromised machines.

All perfectly above-board a judge said, ruling that Russian law does not apply to the agents' actions. Russia disagreed and, anxious to assert its sovereignty, filed a complaint against Schuler to the US Department of Justice.

No further news of that as yet. The case will probably die a quiet death with some form of diplomatic compromises and vague promises from the FBI to work more closely with the Russians in future. ®

Related stories

Russians accuse FBI agent of hacking
US Feds can hack overseas boxes -- judge
FBI hacked Russian hackers
Russian Mafia uses NT flaws to raid Internet banks

Combat fraud and increase customer satisfaction

More from The Register

next story
Parent gabfest Mumsnet hit by SSL bug: My heart bleeds, grins hacker
Natter-board tells middle-class Britain to purée its passwords
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Web data BLEEDOUT: Users to feel the pain as Heartbleed bug revealed
Vendors and ISPs have work to do updating firmware - if it's possible to fix this
Samsung Galaxy S5 fingerprint scanner hacked in just 4 DAYS
Sammy's newbie cooked slower than iPhone, also costs more to build
Mounties always get their man: Heartbleed 'hacker', 19, CUFFED
Canadian teen accused of raiding tax computers using OpenSSL bug
Snowden-inspired crypto-email service Lavaboom launches
German service pays tribute to Lavabit
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
prev story

Whitepapers

Designing a defence for mobile apps
In this whitepaper learn the various considerations for defending mobile applications; from the mobile application architecture itself to the myriad testing technologies needed to properly assess mobile applications risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.