Welcome to Invita!
According to court filings, this is how the sting went down:
FBI agents requested that the two suspects--20-year-old Alexey Ivanov and 25-year-old Vasiliy Gorshkov--crack the security on "Invita's own computers."
During the hack, the FBI agents monitored the duo's activities with a "sniffer"--a program designed to trap all keystrokes made on a computer. When the suspects allegedly downloaded hacking tools from two servers in Russia using their usernames and passwords, the sniffer collected the tools needed to access the accounts.
Typically, US law enforcement would wait on their counterparts in Russia to search the servers. Yet, while the United States has more than 25 mutual legal assistance treaties to aid law enforcement in capturing data in other countries, Russia has signed an agreement to help the US in investigating only some crimes--and computer crimes are not among them.
Nevertheless, the Department of Justice did request assistance from Russian authorities, but without answer. After several unsuccessful attempts to get Russian authorities to cooperate, the FBI--with the help of a security expert--used the usernames and passwords to access the two servers.
Once in, investigators browsed through the directories on both servers and selected, then compressed, a large number of files. The agents then downloaded the 1.3GB file to their own computers.
Before they began to sift for evidence, the FBI did obtain a search warrant to look at the files.
Thought to be the first public acknowledgement of US hacking-for-access, the tactics have set off alarm bells among cyber-savvy lawyers.
If a judge rules in favour of the FBI, the precedent will be clear, said Matthew Yarbrough, head of the Cyberlaw Section for Dallas-based law firm Fish & Richardson: The United States can pursue investigations of data in other countries, widening the boundaries of the investigation to cyberspace.
Yet, while the United States can hack servers in other countries, those countries could also return the favour, he said.
"Whenever you deal with international criminal problems, you have to be careful, because the rule is: Whatever we do to them, they can do to us," said Yarbrough, a former Department of Justice cybercrime prosecutor. "I don't think we want KGB agents--or whatever organisation handles law enforcement now--to be hacking our servers to get evidence for their cases."
