- SEATTLE (CBS) - Even for
the FBI, it was an audacious sting, reports CBS News Correspondent Wyatt
Andrews.
-
- With the help of some new computer spying software, FBI
agents were able to out-hack a pair of Russian hackers who had stolen
thousands of credit card numbers and broken into Web sites like Pay Pal,
the leading online bill payer, and online auctioneer eBay.
-
- The challenge, said Assistant U.S. Attorney Floyd Short,
was that the suspects, Alexei Ivanov and Vasily Gorshkov, were Russians.
And their server where Short says they kept thousands of stolen credit
card numbers was also in Russia.
-
- The game -- which was successful -- was for authorities
in Seattle, Wash. to steal the passwords and codes to the Russians' server
in Russia.
-
- "Gorshkov went on the Internet," said Floyd.
"We obtained the name of the server in Russia, his user name and
his password. & It was critical to the case.''
-
- How exactly did the FBI record an encrypted password
and codes? With a $100 piece of software invented by Richard Eaton of
Kinnewick, Wash.
-
- Eaton's program, WinWhatWhere Investigator, has revolutionized
computer snooping with what's called keystroke logging. The software secretly
records everything a user types, coded or not, and sends a report to a
third party who is spying on the user.
-
- "The Russians just sat down and entered their passwords.
It couldn't have been any better than that," said Eaton.
-
- "The principle, I think, is a very dangerous one,"
said Gorshkov's lawyer John Lundin.
-
- What the FBI did, Lundin said, should make Americans
afraid. Using the keystroke logging program, agents lifted the Russians
passwords, and used them to enter the main server in Russia and copy files.
Only then did the agents get a search warrant to read what they downloaded.
-
- "They consciously bypassed that legal requirement
and used an intercepted password to unlock a safe to get into and access
private papers," said Lundin, comparing the Russians' server in Chelyabinsk
to a locked safe.
-
- "The problem, I think, is a misuse of information
obtained from the keystroke technology."
-
- Lundin lost his attempt to have the stolen evidence kicked
out of court. Prosecutors were able to fend off the privacy challenge by
pointing out how precisely the FBI lured the Russians into the trap.
-
- The FBI set up a bogus computer security company named
"Invita" in downtown Seattle and let it be known they needed
hackers as consultants on computer security. In an elaborate scheme, FBI
agents posing as Invita employees made phone and e-mail contact with Gorshkov
and Ivanov, and offered them consulting work as Internet security experts.
-
- While demonstrating their hacker skills, the Russians
also took time out to use an Internet connection to tap into their server
in Russia. What they didn't realize was that the keystroke logging program
was copying everything. FBI agents used those passwords to tap into the
Russian server and copy what was there.
-
- Gorshkov was convicted on Oct. 10, 2001 of 20 counts
of fraud and computer crimes. Ivanov, who has other charges against him
in Connecticut and California, is still awaiting trial.
-
- Legal experts stress that the Russian case is an exception,
that even now as keystroke spying grows more pervasive, the FBI still
needs a warrant to raid a private computer.
|
