FBI Employs High-Tech Net to Snag Alleged Hackers

Invita Security Corp. looked like a typical Internet company: It had offices, computers, employees and a secure computer system. The only thing missing was the customers.

Far from being a failed start-up, the aptly named Invita turned out to be a bogus company set up by the FBI to ensnare two young Russians accused of breaking into U.S. Internet companies' computers, stealing sensitive data and trying to extort money.

Authorities say Alexey Ivanov, 21, and Vasily Gorshkov, 25, both of Chelyabinsk, fell for the bait. They were arrested and jailed on charges including conspiracy and fraud and are set for trial May 29 in federal court in Seattle.

The FBI declined to comment. But in recently unsealed court documents that read like a spy novel, agents tell how they snagged the alleged thieves by creating the shell company and inviting Ivanov and Gorshkov to try to hack into it.

After Ivanov and Gorshkov succeeded from afar, FBI agents posing as Invita employees invited the two to Seattle to discuss a partnership and further display their hacking prowess.

As the Russians demonstrated their skills at the shell company, the FBI used a computer eavesdropping technique to reach across the Internet and break into the suspects' own computer system in Russia.

Internet security experts say the case illustrates well how the FBI's cybercrime-fighting abilities have evolved -- though the defense is questioning the legality of the agency's methods.

"What they did was phenomenal. It was exceptionally effective," says Kevin Mandia, who worked for the Air Force office of special investigations and taught FBI courses in hacker attacks before joining the Irvine, Calif., Internet security company Foundstone. "Five years ago they wouldn't be able to do that kind of thing."

Mandia says that the FBI, after being ridiculed as ill-equipped to fight computer crime, has made remarkable progress, including adding a program that has trained more than 1,000 agents in cybercrime.

The FBI believes the Russian suspects or their associates could have been involved in hundreds of crimes against U.S. companies, including Kirkland-based Lightrealm.com, an Internet access company, and Palo Alto, Calif.-based PayPal, an online payment business.

First, the FBI alleges, the hackers broke into computer systems. Then, authorities say, they sent e-mails to company officials demanding payment in exchange for not distributing or destroying sensitive documents including financial records.

After tracking down the suspects over the Internet, the FBI invited them to Seattle in November for the Invita gambit.

Court records show that while Gorshkov was using an Invita computer, the FBI secretly used a "sniffer" program that logs every keystroke a person types.

Using passwords recorded by the "sniffer," the FBI was then able to enter the computers in Russia where Gorshkov kept his data and download immense amounts of information.

In court documents, Gorshkov's lawyer, Kenneth E. Kanev, has challenged the FBI's right to use that material, claiming his client's privacy was invaded because he did not consent to have his computer usage recorded. Kanev contends the FBI should have obtained a search warrant before downloading the information.

The investigators say they were forced to follow this procedure because they needed to secure the incriminating information before the two suspects' Russian counterparts destroyed the data.

The Invita case could define how far U.S. law enforcement can go to catch non-citizens who break into American systems.

"This case is going to resolve a very thorny legal question," says Marc J. Zwillinger, a former Justice Department computer expert now in private practice in Washington.

The case could test the admissibility of evidence obtained through the covert recording of computer keystrokes, a technique the FBI also used in a case against an alleged mobster in New Jersey, Nicodemo S. Scarfo Jr., that is expected to go to trial later this year.

Today's most serious hacker threats come from outside the United States or go through computers abroad. Russian hackers, in particular, have been behind several of the biggest Internet theft cases.