United States v. Ivanov

United States v. Ivanov was an American short-range addressing subject-matter jurisdiction for computer crimes committed by Internet users outside the United States against American businesses and infrastructure. In trial court, Aleksey Vladimirovich Ivanov of Chelyabinsk , Russia was indicted for conspiracy , computer fraud , extortion , and possession of illegal access devices; All crimes committed against the Online Information Bureau (OIB) in Vernon, Connecticut .

Ivanov moved to dismiss the indictment, claiming that the court lacked subject-matter jurisdiction, arguing that “because he was physically located in Russia when the offenses were committed, he could not be charged with violations of United States law.” [1] The court denied Ivanov’s motion, “first, because the intended and actual detrimental effects of Ivanov’s actions in Russia were within the United States, and second, because each of the statutes under which Ivanov was charged with a substantive offense was intended by Congress to apply extraterritorially. ” [1]

In a later ruling, Ivanov pleaded guilty to several crimes, including computer intrusion and computer fraud, and was sentenced to 48 months in jail followed by 3 months of supervised release. [2]

Background

Unlawful access and FBI capture

Ivanov attracted FBI attention in the Fall of 1999, when internet service provider (ISP) Speakeasy discovered their network had been compromised and informed the Seattle branch of the FBI. In early 2000, OIB also detected an attack and notified the FBI in Connecticut. Between late 1999 and early 2000, other broad Internet corporations including CD Universe , Yahoo , and Ebay also experienced similar attacks to Speakeasy and OIB. [3] Computer forensics of the Internet for all attacks originated from the same machine in Russia. [3] After linking his online alias “subbsta” and his resume, [4] the FBI determined Ivanov ‘

The FBI constructed a false computer security company, Invita, in Seattle , Washington and invited Ivanov to interview for a position on November 10, 2000. [5] Ivanov’s interview interviewed with hacking an FBI controlled honeypot . While Ivanov was hacking the FBI honeypot, all keystrokes and network traffic were recorded as potential evidence. [6] In addition, the FBI made video and audio recordings of the entire interview process. After Ivanov successfully gained access to the FBI honeypot, he was arrested. [6] The FBI used the recorded keystrokes and network traffic to the intermediary computers Ivanov used in Russia.

When the FBI accessed Ivanov’s machines, they found folders with data to the companies he had remotely attacked. Over 2.3 GB of data was recovered from Ivanov’s machines, including the tools used to gain illegal access and scripts that referenced companies that had been attacked. [7]

Attack on OIB

Ivanov obtained superuser (root) access to OIB machines. By Gaining root access to OIB’s machines Ivanov Was Effectively ble to “control the data, eg credit card numbers and merchant account numbers, stored in OIB computers.” [1] After Gaining access to OIB’s systems, Ivanov contacted OIB using His online handle “Subbsta”, offering security assistance in exchange for $ 10,000. OIB refused to pay Ivanov which resulted in a final email: “now imagine please Somebody hack you network, and downloaded Atomic software with more than 300 merchants, transfer money, and after this did ‘ rm -rf ‘And after this you company be ruined. I do not want this, and because this I notify you about possible hack in you network, If you want you can hire me and im always check security in you network. What you think about this. ” [1]

Trials

Indictment

When brought to trial in Connecticut, Ivanov was indicted on eight counts, six of which Ivanov appealed:

  • Count one charged Ivanov with conspiracy to commit computer fraud in violation of 18 USC  § 371 . [1]
  • Charges two, three and six all alleged that Ivanov’s violated activity 18 USC  § 1030 , the Computer Fraud and Abuse Act. The government alleged that Ivanov knowingly accessed OIB’s computers with intent to defraud and intentionally accessed OIB’s machines with intent to collect information. [1]
  • Count six alleged Ivanov “transmitted in interstate and foreign commerce communications containing a threat to cause damage to protected computers owned by OIB.” [1]
  • Count seven charged Ivanov with disrupting commerce by means of extortion in violation of 18 USC  § 1051 . [1]
  • Count eight charged Ivanov with possession of “unauthorized accesses devices” in violation of 18 USC  § 1029 , which regulates fraud in connection with access devices. [1]

Ivanov was found guilty on all counts. [6]

Ivanov’s appeal

After his indictment, Ivanov filed for a motion to dismiss all charges because “he was physically located in Russia when the offenses were committed” and thus “he can not be charged with violations of United States law.” [1] The district court denied its appeal following two trains of logic: “first, because the intended and actual detrimental effects of Ivanov’s actions in Russia were within the United States, and second, because each of the statutes under which Ivanov was charged with A substantive offense was intended by congress to apply extraterritorially . ” [1]

The court argued that, in the case of an. The court cited United States v. Muench got Stating, “the intent to causes effects dans le United States … Makes it reasonable to apply to persons outside United States territory was not statute qui est EXPRESSLY extraterritorial in scope.” [1] The court also cited United States v. Steinberg in claiming, “it has long been a commonplace of criminal responsibility that a person may be charged in the place where the evil results, even though he is beyond the jurisdiction where he begins the train of events of which the evil is the fruit. ” [1]

The short time argued that the detrimental effects of Ivanov’s attacks have taken place in the United States, stating, “the fact the computers were accessed by means of a complex process initiated and controlled from a remote location does not the computers, ie, share of the detrimental effect prohibited by the statute, occurred at the Place Where the computers Were PHYSICALLY located, Namely OIB’s place of business in Vernon, Connecticut. ” [1]

In a second argument, the Court stated that “in respect of each of the statutes under which the defendant has been indicted for a substantive offense, there is clear evidence that the statute was intended to be applied extraterritorially.” [1] The court then enumerated each of Ivanov’s alleged offenses, the laws they referenced, and the specific language in the laws that implied extraterritorial application.

Following these arguments, the court denied Ivanov’s motion to dismiss.

Subsequent rulings

Ivanov later pleaded guilty to several charges, including computer intrusion and computer fraud, and was sentenced to 48 months in jail followed by 3 months of supervised release. [2]

Ivanov’s crimes were not limited to Connecticut. He was also prosecuted and convicted in Washington, [8] New Jersey, [9] and California [10] for similar crimes. In total, Ivanov was tried in five court courts, more than any other case listed on the United States Department of Justice listing of computer crimes. [11]

Impact

ALTHOUGH the short Ruled que le qui Ivanov violated laws already extended extraterritorially, the USA PATRIOT Act Increased the scope of the Computer Fraud and Abuse Act to cover EXPRESSLY machinery outside the United States. [12]

References

  1. ^ Jump up to:a b c d e f g h i j k l m n o United States v. Ivanov , 175 F. Supp. 2d 36(US District Court for the District of Connecticut 2001).
  2. ^ Jump up to:a b Newcomb, Penny. “Russian Man Sentenced for Hacking into Computers in the United States” . US Department of Justice . Retrieved February 6, 2012 .
  3. ^ Jump up to:a b Traore, Issa. “Chapter 8: Computer Forensics” (PDF) . University of Victoria . Retrieved February 6, 2012 .
  4. Jump up^ “Cached copy of Ivanov’s resume” .
  5. Jump up^ “RUSSIAN NATIONAL ARRESTED AND INDICTED FOR PENETRATING US CORPORATE COMPUTER NETWORKS, STEALING CREDIT CARD NUMBERS, AND EXTORTING THE COMPANIES BY THREATENING TO DAMAGE THEIR COMPUTERS” .
  6. ^ Jump up to:a b c “A hacker story” . CIO Asia . Retrieved February 6, 2012 .
  7. Jump up^ Attfield, Philip. “United States v Gorshkov Detailed Forensics and Case Study; Expert Witness Perspective” . IEEE . Retrieved February 18,2012 . A warrant was granted to the FBI 10 days after the download
  8. Jump up^ “Russian Computer Hacker Convicted by Jury” . Retrieved February 18, 2012 .
  9. Jump up^ “United States v Alexey V. Ivanov” . Retrieved February 18, 2012 .
  10. Jump up^ “RUSSIAN COMPUTER HACKER INDICTED IN CALIFORNIA FOR BUILDING INTO COMPUTER SYSTEMS AND EXTORTING VICTIM COMPANIES” . Archived from the original on June 25, 2001 . Retrieved February 18, 2012 .
  11. Jump up^ “Computer Crime and Intellectual Property Section” . United States Department of Justice . Retrieved February 18, 2012 .
  12. Jump up^ Lemley, Mark; Menell, Peter; Merges, Robert; Samuelson, Pamela; Carver, Brian. Software and Internet Law (4th ed.). ISBN  978-0-7355-8915-5 .

Leave a Comment

Your email address will not be published. Required fields are marked *