User:Dsheffie/sandbox235

This article is currently the subject of an educational assignment.

United States v. Ivanov was a 2001 computer crimes case centered on charges of conspiracy, computer fraud, extortion, and possession of illegal access devices. Aleksey Vladimirovich Ivanov of Chelyabinsk, Russia committed his cyber-crimes while physically located in Russia. The servers he was unlawfully accessing were located in the United States. Ivanov attacked several well-known Internet companies spread across the United States; however, he was tried for his crimes against the Online Information Bureau (OIB) of Vernon, Connecticut after being lured to the United States in a sting organized by the Federal Bureau of Investigation (FBI). Ivanov was ultimately found guilty and sentenced to 48 months in prison followed by 3 months of supervised release^[1].

Background

Unlawful access to Speakeasy and the Online Information Bureau

Ivanov’s crimes were initially noticed in the fall of 1999 when internet service provider (ISP) Speakeasy discovered their network had been comprised. Speakeasy informed the Seattle branch of the FBI after detecting illegal access on their network. In early 2000, OIB also detected an attack and notified the FBI in Connecticut. Ivanov was able to obtain superuser (root) access to OIB machines. By gaining root access to OIB's machines, Ivanov was effectively able to “control the data, e.g. credit card numbers and merchant account numbers, stored in OIB computers”^[2]. After gaining access to OIB’s systems, Ivanov contacted OIB using his online handle ‘subbsta’ offering security assistance in exchange $10,000. OIB refused to pay Ivanov which resulted in a final email “now imagine please Somebody hack you network (and not notify you about this), he downloaded Atomic software with more than 300 merchants, transfer money, and after this did ‘rm –rf’ and after this you company be ruined. I don’t want this, and because this I notify you about possible hack in you network, if you want you can hire me and im allways check security in you network. What you think about this”^[2]. Using network forensics, FBI agents were able to trace the traffic back to the same machines in Russia that had perpetrated attacks on Speakeasy.

Detection by FBI

Between late 1999 and early 2000, several large Internet corporations also experienced similar attacks to Speakeasy and OIB^[3]. In particular, CD Universe’s credit database was nearly erased and both Yahoo and Ebay experienced abnormally heavy network traffic. Computer forensics determined the Internet traffic originated from the same machine in Russia (tech.net.ru)^[3] used to attack Speakeasy and OIB. The FBI was able to identify Ivanov as a potential suspect when his resume was found at both OIB and Speakeasy. Information on the resume associated the handle “substta” with Ivanov; however, the exact process is not clear from available information. However, Ivanov’s resume is still available online and his email address ("subbsta@surnet.ru") references his online alias “substta” in it^[4]. After determining Ivanov’s identity, the FBI initiated a sting operation to lure him to the United States for arrest.

Arrest

The FBI constructed a false computer security company, Invita, in Seattle, Washington and invited Ivanov to interview for a position. Ivanov was interviewed on November 10th, 2000. ^[5] Ivanov’s interview involved hacking an FBI controlled honeypot. While Ivanov was hacking the FBI honeypot, all keystrokes and network traffic were recorded as potential evidence^[6]. In addition, video and audio recordings were made of the entire interview process. After Ivanov successfully gained unlawful access to the FBI honeypot, he was arrested. The FBI immediately used the recorded keystrokes and network traffic log to access the computers Ivanov used in Russia to hack servers.

When the FBI accessed Ivanov’s machines, they were able to find evidence in the form of folders with data corresponding to the companies he had remotely attacked. Over 2.3 GB of data was recovered from Ivanov's machines; however, the FBI was unable to analyze the data until they were granted a warrant ^[7]. A warrant was granted to the FBI 10 days after the download^[7]. In addition, Ivanov's laptop was also seized at the time of his arrest^[7]. FBI analysis of the files on tech.net.ru found both the tools used to gain illegal access and scripts that referenced companies that had been attacked.

Trial

When brought to trial in Connecticut (he was tried several other states), Ivanov was indicted on eight counts in Connecticut^[2]; however, counts four and five were not germane to Ivanov’s appeal. Count one charged Ivanov with conspiracy to commit computer fraud in violation of 18 U.S.C. § 371. Charges two, three and six are all based on the allegation that Ivanov’s activity violated 18 U.S.C. § 1030, the Computer Fraud and Abuse Act. Specifically, Counts two and three charged Ivanov with knowingly accessing OIBs computers with intent to defraud and intentionally accessing OIB’s machines with intent to collect information, in violation of 18 U.S.C. § 1030. Charge six alleged Ivanov “transmitted in interstate and foreign commerce communications containing a threat to cause damage to protected computers owned by OIB” ^[2]. Count seven charged Ivanov with disrupting commerce by means of extortion in violation of 18 U.S.C. § 1051 while count eight charged Ivanov with possession of “unauthorized accesses devices” in violation of 18 U.S.C. § 1029, which regulates fraud in connection with access devices. Ivanov was subject to up to ninety years in prison for his crimes^[6].

Ivanov’s crimes were not limited to Connecticut. He was also prosecuted and convicted in Washington^[8], New Jersey^[9], and California^[10] for similar crimes. In total, Ivanov was tried in five district courts, more than any other case listed on the United States Department of Justice listing of computer crimes ^[11].

Appeal

After his indictment, Ivanov filled for a motion to dismiss all charges because he was physically located in Russia the time of the crimes and believed he should be held to US laws if not physically present in the country. The appeal of United States v. Ivanov is particularly notable as it developed a justification for applying United States computer crimes laws to hacker located in foreign country. This justification enabled the prosecution of Ivanov though he was physically located in Russia during his entire criminal enterprise.

18 U.S.C. § 1030, the Computer Fraud and Abuse Act, only applies when the “all of the intended and actual detrimental effects of the substantives offenses Ivanov is charged with the indictment occurred within the United States”^[2]. In his opinion, judge Alvin W. Thompson agrees with prosecution's argument that 18 U.S.C. § 1030 held despite Ivanov’s remote location because “the fact the computers were accessed by means of a complex process initiated and controlled from a remote location does not alter the fact that the accessing of the computers, i.e, part of the detrimental effect prohibited by the statue, occurred at the place where the computers were physically located, namely OIB’s place of business in Vernon, Connecticut”^[2].

Judge Thompson uses the ruling from United States v. Muench^[12] and Marc Rich & Co., A.G. v. United States^[13] to develop the argument why Ivanov should be criminally liable in the United States. Specifically, Thompson cites "the intent to cause effects within the United States.. makes it reasonable to apply to persons outside United States territory a statue which is not expressly extraterritorial in scope"^[2] from United States v. Muench, "it has long been a commonplace of criminal liability that a person may be charged in the place where the evil results, even though he is beyond the jurisdiction where he starts the train of events of which the evil is the fruit"^[2] from United States v. Steinberg, and "the government may punish a defendant in the same manner as if [he] were present in the jurisdiction when the detrimental effects occurred"^[2] from the Marc Rich case.

Building upon the previous citations, Judge Thompson again cites an argument from Rich case to further build justification for prosecution of Ivanov in the United States. Specifically, Thompson cites "It is certain that the courts of many countries, even of countries which have given their criminal legislation a strictly territorial character, interpret criminal law in the sense that offences, the authors of which at the moment of commission are in the territory of another State, are nevertheless to be regarded as having been committed in the national territory, if one of the constituent elements of the offence, and more especially its effects have taken place there"^[2].

To tie the citations from early court cases to the trial of Ivanov, Judge Thompson states "The fact that the computers where accessed by means of a complex process initiated and controlled from a remote location does not alter the fact that the accessing of the computers, i.e part of the detrimental effect prohibited by the statute, occurred at the place where the computers were physically located"^[2]. Judge Thompson effectively showed historical president for extraterritorial application from previous cases. In addition, Judge Thompson also states "the defendant's motion should also be denied because, as to each of the statutes under which the defendant has been indicted for a substantive offense, there is clear evidence that the statue was intended to by Congress to apply extraterritorially".^[2]

Holding

Judge Thompson denied Ivanov's appeal for the reasons given in the previous section.

Impact

As noted in “Software and Internet Law”, shortly after Ivanov’s trial, the USA PATRIOT Act increased the scope of the Computer Fraud and Abuse Act to cover machines outside the United States ^[14].

1. Newcomb, Penny. "Russian Man Sentenced for Hacking into Computers in the United States". U.S. Department of Justice. Retrieved 2/6/2012. {{cite web}}: Check date values in: |accessdate= (help)
2. Thompson, Alvin. "US District Court 175 F. Supp. 2d 367" (PDF). U.S. District Court for the District of Connecticut. Retrieved 2/4/2012. {{cite web}}: Check date values in: |accessdate= (help)
3. Traore, Issa. "Chapter 8: Computer Forensics" (PDF). University of Victoria. Retrieved 2/6/2012. {{cite web}}: Check date values in: |accessdate= (help)
4. "Cached copy of Ivanov's resume".
5. "RUSSIAN NATIONAL ARRESTED AND INDICTED FOR PENETRATING U.S. CORPORATE COMPUTER NETWORKS, STEALING CREDIT CARD NUMBERS, AND EXTORTING THE COMPANIES BY THREATENING TO DAMAGE THEIR COMPUTERS".
6. "A hacker story". CIO Asia. Retrieved 2/6/2012. {{cite web}}: Check date values in: |accessdate= (help) Cite error: The named reference "hackstory" was defined multiple times with different content (see the help page).
7. Attfield, Philip. "United States v Gorshkov Detailed Forensics and Case Study; Expert Witness Perspective". IEEE. Retrieved 2/18/2012. {{cite web}}: Check date values in: |accessdate= (help)
8. "Russian Computer Hacker Convicted by Jury". Retrieved 2/18/2012. {{cite web}}: Check date values in: |accessdate= (help)
9. {{cite web|title=United States v Alexey V.Ivanov|url=http://www.cybercrime.gov/ivanovInfo_NJ.htm%7Caccessdate=2/18/2012}
10. "RUSSIAN COMPUTER HACKER INDICTED IN CALIFORNIA FOR BREAKING INTO COMPUTER SYSTEMS AND EXTORTING VICTIM COMPANIES". Retrieved 2/18/2012. {{cite web}}: Check date values in: |accessdate= (help)
11. "Computer Crime and Intellectual Property Section". Retrieved 2/18/2012. {{cite web}}: Check date values in: |accessdate= (help); Unknown parameter |Publisher= ignored (|publisher= suggested) (help)
12. "United States v. Muench" (PDF). Retrieved 2/27/2012. {{cite web}}: Check date values in: |accessdate= (help)
13. "Marc Rich & Co., A.G. v. United States". Retrieved 2/27/2012. {{cite web}}: Check date values in: |accessdate= (help)
14. Lemley, Mark; Menell, Peter; Merges, Robert; Samuelson, Pamela; Carver, Brian. Software and Internet Law (4th ed.). ISBN 9780735589155.