Journal of Advanced Forensic Sciences

Journal of Advanced Forensic Sciences

Journal of Advanced Forensic Sciences

Current Issue Volume No: 1 Issue No: 2

Review Article Open Access Available online freely Peer Reviewed Citation

The Computer Crimes of Vasiliy Gorshkov and Alexey Ivanov

Donald L. Buresh, Ph.D., JD, LL.M. 1  

1Morgan State University.

Abstract

The purpose of this essay was to document the cybercrimes of Vasiliy Gorshkov and Alexey Ivanov, starting from their humble beginnings in Chelyabinsk, Russia to their convictions for conspiracy, violations of the Computer Fraud and Abuse Act, and other federal crimes. The paper outlines the history of these two individuals, describing the circumstances under which they were arrested and prosecuted. The essay concludes by observing that the mainstream media characterized Gorshkov and Ivanov as villainous Russian hackers, whereas in reality, they were would-be Russian entrepreneurs attempting to earn their fortune by illicit means.

Author Contributions
Received 11 Mar 2022; Accepted 22 Mar 2022; Published 23 Mar 2022;

Copyright ©  2022 Donald L. Buresh, Ph.D., JD, LL.M.

License
Creative Commons License     This is an open-access article distributed under the terms of the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original author and source are credited.

Competing interests

The authors have declared that no competing interests exist.

Citation:

Donald L. Buresh, Ph.D., JD, LL.M. (2022) The Computer Crimes of Vasiliy Gorshkov and Alexey Ivanov. Journal of Advanced Forensic Sciences - 1(2):27-32. https://doi.org/10.14302/issn.2692-5915.jafs-22-4131

Download as RIS, BibTeX, Text (Include abstract )

DOI 10.14302/issn.2692-5915.jafs-22-4131

Introduction

The purpose of this paper is to analyze the computer crimes of Vasiliy Gorshkov and Alexey Ivanov using a slight modification of the Valeriano and Maness criteria1 as what was accomplished by the author in a previous article regarding the Estonian cyber incident2. The analysis focuses on answering the following four questions3

1. How did the crimes committed by Gorshkov and Ivanov come about?

2. What were the legal, national, and international implications of the crimes committed by Gorshkov and Ivanov?

3. What was the impact of the crimes committed by Gorshkov and Ivanov? and

4. What was the reaction to the crimes committed by Gorshkov and Ivanov on the national and international levels?

There are four actors involved in the of the crimes committed by Gorshkov and Ivanov–Vasiliy Gorshkov, Alexey Ivanov, the Federal Bureau of Investigation (FBI), and the victims of Gorshkov’s and Ivanov’s crimes. The paper does not address the actions of the victims of Gorshkov’s and Ivanov’s crimes, nor does it consider in any great depth the relationship between Gorshkov and Ivanov. Rather, it concentrates on the relationship between Gorshkov and the FBI, and Ivanov and the FBI. The paper concludes by observing that it was entirely appropriate for Gorshkov and Ivanov to be prosecuted in the United States. Finally, it is entirely possible that Gorshkov, Ivanov, or both were involved in providing technical assistance to Special Prosecutor Robert Mueller indicted 12 Russian hackers, each one individually named in the complaint4.

How Did the Crimes Committed by Gorshkov and Ivanov Come About?

In this section, the facts of Gorshkov’s and Ivanov’s crimes are outlined. Gorshkov’s case is discussed in some detail. Finally, the Ivanov’s case is outlined, describing the charges and the results of the court proceedings.

A Short History about Gorshkov and Ivanov

The mainstream media is alive these days with tales of Russian hacking of American companies, political parties, and the federal government5. These hackers have been involved in some extremely large cybercrimes. For example, in 2014, Russian Federal Security Service (FSB) officers Dmitry Dokuchaev and Igor Sushchin were convicted of hacking over one billion Yahoo! Accounts6. Another example of Russian hacking occurred when Sasha Panin hacked over one million computer systems and stole credit card and bank account information7.

In 1999 and 2000, Vasiliy Gorshkov and Alexey Ivanov were two young Russians actively engaged in cybercrime8. Gorshkov and Ivanov grew up in Chelyabinsk, one of the most polluted places on the planet due to a mysterious explosion in a nuclear-bomb-making factory in the 1950s9. Gorshkov was a troubled youth even though he was a computer whiz because played with the computers in his mother’s office10 . After failing the exams at Southern Ural State University, Gorshkov affiliated himself with a group of hackers that called themselves the Expert Group of Protection Against Hackers11. The group consisted of cells of two or three hackers and paid a 30 percent protection fee to an unknown entity12. Gorshkov coordinated one of these cells, where Ivanov and another programmer called Michael were members13.

In 2000, life was good for these two hackers. Gorshkov and Ivanov would hack into a supposedly secure network in the United States, explain to the network administrators when they had just done, and then offer to fix the problem for a price14. The companies paid the programmers in cash ranging from $80 to $4,00015. Cognizant Technology Solutions (CTS), headquartered in Seattle, Washington, even gave the hackers storage space on its servers16.

In June 2000, Gorshkov received an email from Seattle company called Invita Security, asking him whether he would like to work for a cybersecurity company in America17. Gorshkov jumped at the opportunity, traveling with Ivanov for 48 hours to interview with the company18. At the interview, the two hackers demonstrated their hacking skills, and the two programmers logged into their computers in Chelyabinsk19. When the meeting was over, they were driven back to their hotel20. The car then stopped suddenly, the doors were opened, and several FBI officers arrested them.21

When Speakeasy, a Seattle-based Internet service provider, had been victimized, the FBI created Operation Flyhook, a surveillance operation to arrest and then prosecute cyber criminals23, 24. The idea was to lure hackers to the United States by offering hackers employment at a fake cybersecurity company. Because many Russian hackers were young technologists with little income, the opportunity to work in America was irresistible25. Even though Gorshkov and Ivanov were making a good living in Russia scamming and extorting money from American companies, the temptation to work for a company like Amazon or Google was bait too good to pass up26. Gorshkov and Ivanov took the bait, hook, line, and sinker.

Vasiliy Gorshkov’s Case

Gorshkov was tried and convicted of 20 counts of conspiracy, and a variety of computer crimes against the Speakeasy Network of Seattle, Washington27. Gorshkov’s attorney, Kenneth Kanev, attempted to block the use of data from the hacker’s servers in Russia28. After Gorshkov and Ivanov were arrested, the FBI proceeded to download 1.3 to 2.7 gigabytes of data from the hacker’s servers that were located in Russia29, 30. A warrant was issued to the FBI ten days after the download occurred31. While the two Russian hackers were demonstrating their talents to the FBI agents posing in Invita hiring managers, a keyboard sniffer was installed on their machines unbeknownst to Gorshkov and Ivanov, recording every keystroke32. Because the Russian servers were located in Chelyabinsk, Kanev argued that the FBI violated Gorshkov’s Fourth Amendment rights33. Four years later, the Supreme Court opined that no search warrant was necessary when American law enforcement a non-U.S. citizen’s residence in a foreign country34. Gorshkov was sentenced to three years in prison and ordered to pay $692,000 in restitution35.

Alexey Ivanov’s Case

Ivanov was indicted in Connecticut for charges of conspiracy, computer fraud, extortion, and possession of illegal access devices under the Computer Fraud and Abuse Act (CFAA)36, 37. Had Ivanov been convicted on all counts, he could have spent up to 90 years in prison38. After the indictment was handed down by the court, Ivanov filed a motion to dismiss all charges because he was physically located in Russia, not the United States when the offenses occurred, and thus he could not be charged with violating United States law. The federal district court denied Ivanov’s motion because the harm resulting from Ivanov’s action occurred in the United States and because the statutes under which he was charged were intended by Congress to apply extraterritorially. The court cited Muench which opined that when the intent is to cause harm inside the United States by individuals outside this country, the United States Law can be successfully applied against these individuals39. The court also cited Steinberg, where it concluded that there is ample precedent that a person could be charged where the harm occurs even if the individual was not physically present in the jurisdiction where the harm took place40. The court noted that the computers were located in Vernon, Connecticut where the illegal access occurred, and that there is legislative evidence indicating that the statues under which Ivanov was indicted were meant to apply .extraterritorially. At trial, Ivanov was sentenced to three years and eight months in prison and required to pay $800,000 in restitution41.

At a later date, Ivanov pleaded guilty to several of the charges and was sentenced to four years in prison followed by three months of supervised release. Ivanov was prosecuted and convicted in California42, New Jersey43, and Washington44 for similar crimes. In total, Ivanov was tried in five federal district courts for computer crime.

One event that deserves to be mentioned is that the FBI agent who was responsible for Operation Flyhook, Michael Schuler, was charged unauthorized access to computer information by Russia’s FSB45. The purpose of the Russian complaint was to assert Russian sovereignty46. If the long-arm of American law can reach into another country, entice foreign nationals to come to the United States, and then arrest and prosecute them, it is apparent that the Russian Federation felt no restraint in doing the same to an American citizen47. In Gorshkov’s trial, the federal district court ruled that Russian law does not apply to American agents48.

What Were the Legal, National, and International Implications of the Crimes Committed by Gorshkov and Ivanov?

The issue with the outcome of these two cases is that in the future other countries will feel no compunction to searching servers located in America49. The United States courts have opined that America law has personal jurisdiction extraterritorially50. In contrast, the federal district has opined that Russian law, and probably the laws of any other nation, does not apply to American agents51. This result is the most likely an outgrowth of American exceptionalism, where the United States can do what it wants, where it wants, when it wants, to whomever it wants, and however it wants52. The issue with the ideology is that the United States is unique among nations in that it presumes that America has a right to exist and that no other nation can question its actions53.

The alleged Russian hack of the servers of the Democratic National Committee (DNC) can be viewed as a negative response to American exceptionalism, where the United States holds other countries to standards that it rejects for itself54. It should be remembered that in Special Prosecutor Robert Mueller’s indictment of 12 Russians, each one of the Russians was specifically named, the address of where the hack occurred in St. Petersburg was specified, and a declaration of their rank in the Russian military was stated55. The question that begs to be asked is: How did Muller’s team find out this information? It is more than probable that the Russian military computers were hacked in violation of Russian law56. It serves as a striking example of American exceptionalism, where the rule is: Do as I say, not as I do.

What Was the Impact of the Crimes Committed by Gorshkov and Ivanov?

According to Lemos, the cases against Gorshkov and Ivanov were extremely dangerous because they open Pandora’s box where in the future, individuals as well as corporations could be criminally charged for conducting corporate espionage, particularly if the entities are headquartered in different countries57. In many cases, the CFAA exempts law enforcementofficers from being prosecuted if they engage in an unauthorized entry into a computer58. Unauthorized entry can be compared to an FBI officer driving a car beyond the speed limit to in pursuit of a criminal. Any evidence obtained when law enforcement breaks the law in performance of their duties is admissible in court59.

When evidence is obtained from a foreign country, diplomatic channels are used with all of its niceties60. The issue with employing formal communications with other nations is the length of time it takes to receive the desired evidence, sometimes as long as six months61. In the Gorshkov and Ivanov cases, a six month wait would have been too long. According to the court papers, the password to one Ivanov’s accounts was changed six days after the two Russians were arrested62. The issue with asking a foreign country to help the United States in convicting a cyber criminal located in another country is that it takes weeks and more likely months for the other nation to collect the requisite evidence63. Simply stated, such efforts take too much time because the United States is waiting for the evidence, it can be permanently deleted, thereby thwarting the prosecution of cybercriminals.

Conclusions

When Gorshkov and Ivanov were arrested, they were young adults in their twenties who were living in a country with few rules and regulations64. They were technologists who were intensely curious about computing65. They were not two evil Russian villains as characterized by the American mainstream media66. They saw themselves as entrepreneurs attempting to make their fortune in the rough and tumble world of Eastern Russia67. Should they have been prosecuted in the United States? According to American law, the answer is yes. What is interesting to note is that Gorshkov went back to Russia, while Ivanov stayed in the United States and is now working in New England and living more or less the American Dream68. It could only happen in America!

Miscellaneous Considerations

Author Contributions

The author has read and agreed to the published version of the manuscript.

Funding

This research received no external funding.

Institutional Review Board Statement

Not applicable.

Informed Consent Statement

Not applicable.

Acknowledgments

Not applicable.

The following abbreviations are used in this manuscript

Abbreviations

CFAA-Computer Fraud and Abuse Act

DNC-Democratic National Committee

FBI-Federal Bureau of Investigation

FSB-Russian Federal Security Service

References

  1. 1.Valeriano B, Maness R C.. (2015).CyberWar versus Cyber Realities: Cyber Conflict in the International System .
  1. 2.Donald L Buresh. (2020) Evaluation of the Estonian Cyber Incident. , J. of Adv, Forensic Sci 1, 2-7.
  1. 3.. , Valeriano & Maness, supranote 1.
  1. 4.. Netkysho.1: 18-cr-00215(D. Ct. D.C. 2018), United States .
  1. 5. (2017) Raymond Pompon,Russian Hackers, Face to Face. , F5 Labs. https://www.f5.com/labs/articles/threat-intelligence/russian-hackers-face-to-face
  1. 6.Dept. United States Department of Justiceof Justice Staff, U.S. Charges Russian FSB Officers and Their Criminal Conspirators for Hacking Yahoo and Millions of Email Accounts. , https://www.justice.gov/opa/pr/us-charges-russian-fsb-officers-and-their-criminal-conspirators-hacking-yahoo-and-millions
  1. 7.Panin, Ct. Doc. No. 1:11-CR-0557-AT-AJB (N. D. Geo. 2016), https://www.courtlistener.com/docket/4242291/united-states-v-panin/. United States .
  1. 8.Jahnke Art.(2005).AlexeyIvanov andVasilyGorshkov: Russian Hacker Roulette. CSO Online, https://www.csoonline.com/article/2118241/malware-cybercrime/alexey-ivanov-and-vasiliy-gorshkov--russian-hacker-roulette.html
  1. 9. (2003) Ariana Eunjung Cha,Internet Dreams Turn to Crime, The Washington Post.
  1. 10.Id.
  1. 11.Id.
  1. 12.Id.
  1. 13.Id.
  1. 14.Jahnke supra.. 8.
  1. 15.Id.
  1. 16.Id.
  1. 17.Susan W Brenner, Joseph J Schwerha. (2007) Havens: Challenges and Solutions. , American Bar Association, https://heinonline.org/HOL/LandingPage?handle=hein.journals/busiltom17&div=31&id=&page=
  1. 18.. , Jahnke supra note 8.
  1. 19.Id.
  1. 20.Id.
  1. 21.Id.
  1. 22.Id.
  1. 23.Pompon supra note 1.
  1. 24.Id.
  1. 25.Id.
  1. 26.. , Jahnke supra note 8.
  1. 27.Leyden John.(2002).Russians Accuse FBI Agent of Hacking, The Register. https://www.theregister.co.uk/2002/08/16/russians_accuse_fbi_agent/
  1. 28.Id.
  1. 29.Lemos Robert. (2002) Hack” Raises Global Security Concerns. , Cnet, https://www.cnet.com/news/fbi-hack-raises-global-security-concerns/
  1. 30.. , Jahnke supra note 8.
  1. 31.Attfield Philip.(2005).UnitedStates vGorshkov- Detailed Forensics and Case Study; Expert Witness Perspective. 1592518.
  1. 32.. , Lemos, supra note 25.
  1. 33.Id.
  1. 34.Id.
  1. 35.Janke.supra note 8.
  1. 36.Id.
  1. 37.18 U.S.C. § 1030..
  1. 38.Janke supra note 8.
  1. 39. (1998) . United States v. Muench. 97-2304 https://caselaw.findlaw.com/us-11th-circuit/1107178.html
  1. 40. (1932) United States v. Steinberg,62F.2d77 https://law.justia.com/cases/federal/appellate-courts/F2/62/77/1472534/
  1. 41.Janke supra note 8.
  1. 42.Morin Monte. (2001) U.S. Indicts Russian Citizen in Hacking Case, The Los Angeles Times. https://www.latimes.com/archives/la-xpm-2001-jun-21-me-13124-story.html
  1. 43.ABC News Staff. (2006) Russians Busted on Hacking Charges, ABC News.
  1. 44.Id.
  1. 45.Brunker Mike. (2002) . FBI Agent Charged with Hacking, NBC News. http://www.nbcnews.com/id/3078784#.XFpG56D45mM
  1. 46.Leyden supra note 23.
  1. 47.Id.
  1. 48.Id.
  1. 49.Lemos supra note 25.
  1. 50.United States v, Ivanov.. 175, 370.
  1. 51.Leyden supra note 23.
  1. 52.Tyrrell Ian. (2016) What, Exactly, Is ‘American Exceptionalism’?, The Week. https://theweek.com/articles/654508/what-exactly-american-exceptionalism
  1. 53.Id.
  1. 54.Maté Aaron. (2018) The Elite Fixation with Russiagate, The Nation. https://www.thenation.com/article/elite-fixation-russiagate/..
  1. 55.Netkysho United States v.. supra, note 3
  1. 56.Maté supr note 44.
  1. 57.Lemos supra note 29.
  1. 58.Id.
  1. 59.Id.
  1. 60.Id.
  1. 61.Id.
  1. 62.Id.
  1. 63.Id.
  1. 64.Cha supra note 5.
  1. 65.Pompon supra note 1.
  1. 66.Id.
  1. 67.Id.
  1. 68.Janke supra note 8.