Guy Accused Of Leaking President Bush's Paintings Indicted For Hacking In The US
from the extradition-coming dept
An online hacker who went by the name "Guccifer" got a lot of attention a year and a half ago or so for regularly hacking into the email and social media accounts of various political officials and insiders along with some Hollywood folks, with the most high profile being former President George W. Bush's email, leading to the leaking of some of Bush's early attempts at painting. But that was hardly all. Among others, he hacked into email and/or social media accounts of Senator Lisa Murkowski, Colin Powell, top Hillary Clinton advisor Sidney Blumenthal, venture capitalist John Doerr, former White House chief of staff Kenneth Duberstein, actor Jeffrey Tambor (Jeffrey Tambor?!?!), Sex and the City author Candace Bushnell, Watergate reporter Carl Bernstein, President Obama's head of the National Intelligence Council Christopher Kojm and the head of the National Nuclear Security Administration Neile Miller. In other words, Guccifer was pretty busy.Then, earlier this year he was arrested in Romania. It turned out that he was Marcel Lazar Lehel, a Romanian cabdriver. Thing is, he didn't just hack the famous and powerful in the US -- but in Romania as well. Just last week, he was sentenced to four years in jail in Romania, with the possibility of more for earlier hacks. And, just like that, the FBI has announced an indictment against him as well, meaning that the US will likely to get him extradited (and, yes, the US has an extradition treaty with Romania).
While the indictment does not name the people who were hacked, calling them Victim 1, 2, 3, 4 and 5, it's not difficult to figure out that Victim 1 is President Bush's sister Dorothy Bush, which is how he got the GWB paintings (GWB had sent photos of them to his sister) and Victim 3 is Colin Powell, who had to deny an affair with a foreign diplomat after some of his emails were leaked. The indictment appears to suggest a particular infatuation with Powell, as it also included hacks of his Facebook page and posting anti-Bush rants on Powell's Facebook page.
I'm always a little nervous about computer hacking cases, because the government is fairly well known for exaggerating non-hacking situations and pretending that they're hacking under the CFAA, but assuming that this guy really did get into all of these accounts, it seems like what the CFAA was more written to cover in the first place.
The full indictment is below, but what I'm trying to figure out is how "victim 2" got included in the list. Notice if you can spot which one of the following "is different from the others" in the list below:
- Victim 1... was a family member of two former U.S. presidents who was the true owner of an AOL account....
- Victim 2... was a sanitation engineer who was the true owner of an AOL account....
- Victim 3... was a former U.S. Cabinet member who resided in the Eastern District of Virginia. Victim 3 was the true owner of an AOL account with subaccounts and a Facebook account....
- Victim 4... was a former member of the U.S. Joint Chiefs of Staff who was the true owner of a Facebook account....
- Victim 5, known to the grand jury, was a journalist and former presidential advisor who was the true owner of an AOL account with subaccounts....
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: cfaa, colin powell, doj, email, fbi, george w. bush, guccifer, hacking, marcel lazar lehel
Reader Comments
Subscribe: RSS
View by: Time | Thread
You know, because like music and e-books and software, we merely license them, and have no right to do what we want with them.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
third party doctrine
Many years ago, I took my little ones to a workshop on the internet given by 2 lawyers at the local library. They said the internet was run by the Department of Defense and there was no expectation of privacy on emails. What has changed since?
The first uses were in universities. The lawyers used email to transfer case laws back and forth for current court cases.
This was back in the 90's when you would spend your whole lunch break at home trying to get a free connection on dial-up.
The gov. just argued that there is no expectation of privacy on the internet and cell phones because the data is given to third parties.
What's up with that?
Doesn't apply to gov?
[ link to this | view in chronology ]
Re: third party doctrine
They were wrong, or at least greatly simplifying things for the kids.
The structure of the internet was originally based on ARPANET, which was indeed a project originated by the US DoD. However, it's since been greatly expanded and commercialised and is built on things like TCP/IP, FTP and HTTP. While some of these protocols were originally developed for use on ARPANET, they are free and open for anyone to use.
Basically, unless your ISP is part of the DoD, it has nothing to do with them - especially if the traffic is routed or accessed outside of US jurisdiction.
"The lawyers used email to transfer case laws back and forth for current court cases."
In that case, what they might have been saying is that they could not guarantee privacy via emails. That is, email is by its very nature insecure and as such is a poor platform for sending secure traffic and documents. Email can easily be manipulated and intercepted by unauthorised third parties, and as such an alternative method of exchanging documents is to be preferred.
[ link to this | view in chronology ]
Re: Re: third party doctrine
What they should have told the kids was "The law is arbitrary, depending upon who is involved in the case and the whims of the presiding judge. You may or may not have an expectation of privacy in email, depending on how important you are and how it affects the government. Deal with it."
Of course, we don't like telling children the truth.
[ link to this | view in chronology ]
Re: Re: Re: third party doctrine
[ link to this | view in chronology ]
Re: third party doctrine
For example, would most people accept Facebook's TOS if it were written to accurately communicate what they intend to do with your information?
Facebook's "honest" TOS:
"We watch you every minute that you’re here. We watch every detail of what you do, what you look at, who you’re paying attention to, what kind of attention you’re paying for how long, what you do next, and how you feel about it based on what you search for. We have wired the web so that we watch all the pages that you touch that aren’t ours, so that we know exactly what you’re reading all the time, and we correlate that with your behavior here. Your children spend hours every day with us. Every minute of those hours, we spy upon them more efficiently than you will ever be able to. And we reserve the right keep, sell, and/or otherwise do whatever we want with your personal information forever and ever. Muh. Ha. Ha.”
Accept?
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
- Send the victim a convincing looking email in HTML format, with a picture embedded in the message body.
- Get the victim to view the HTML email message in their web browser.
- The picture loads up from server Guccifier controls.
- Some cross-site JavaScript code executes, and all the victims session cookies get sent to Guccifier's server.
- Guccifier loads those session cookies into his web browser, and logs into the victim's AOL account without ever having to type in a password.
- Then changes the account password. Logs out and then back in, using the new password he just created.
- Email account has now been hijacked.
It's just a guess, but that's how I'd do it. If it is how he did it, it just goes to show us how dangerous it is to view HTML web mail in a browser.
Stick with POP3 and IMAP email clients. Even if HTML messages are viewed in email clients, JavaScript is usually disabled. At least in Thunderbird it is.
[ link to this | view in chronology ]
Its all a joke...
None this shit makes the legal system even remotely believable or respectable anymore. I know no longer trust the crimes people are accused with as being genuinely serious because the benign offender is often treated just as bad or worst as the most evil offender!
[ link to this | view in chronology ]
Re: Its all a joke...
Assaulting a former president may even be treason.
[ link to this | view in chronology ]
Re: Its all a joke...
Or pissing off a Bush, in this case.
[ link to this | view in chronology ]
Re: Re: Its all a joke...
As a conservative myself, I never understood what people saw in Bush. Sure he treated the Military better than others, but DHS and the Patriot Act has done far more damage to our nation than any terrorist act could ever do.
[ link to this | view in chronology ]
Re: Re: Re: Its all a joke...
[ link to this | view in chronology ]
Victim #2 could fit in one of two ways
Second way is that victim #2 has an account name that is "close enough" to the account name of someone interesting that Guccifier targeted it either hoping it was an alias or by mistake. Even if victim #2 is a "little guy" who ordinarily could not interest the Feds in investigating his/her case, once they realized that Guccifier had hit him and that they already had Guccifier, they would throw it on the list to extend the charge sheet.
[ link to this | view in chronology ]
Re: Victim #2 could fit in one of two ways
[ link to this | view in chronology ]
[ link to this | view in chronology ]
He's also a reptilian.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
common thread
[ link to this | view in chronology ]
Re: common thread
[ link to this | view in chronology ]
Re: Re: common thread
[ link to this | view in chronology ]
Victim 2 is not a riddle
By the way it's "Guccifer" not "Guccifier." Though there's still time for him to become a household name, it's unlikely he'll ever be worth of a back-formation.
[ link to this | view in chronology ]
Re: Victim 2 is not a riddle
a portmanteau of Gucci and Lucifer? Yes, it's too cumbersome for a proper back-formation. Although, consider the Guccimeister, Guccirino, the Guccifier, making copies of personal info.
[ link to this | view in chronology ]
Re: Re: Victim 2 is not a riddle
[ link to this | view in chronology ]
Re: Re: Victim 2 is not a riddle
Not likely, everybody knows the devil wears Prada.
[ link to this | view in chronology ]
personal security mistakes
[ link to this | view in chronology ]
Re: personal security mistakes
Well, at least it sounds better than something having to do with Uranus.
[ link to this | view in chronology ]
Re: Re: personal security mistakes
A: The dark spot on Uranus
[ link to this | view in chronology ]
Re: personal security mistakes
Of course a password manager (e.g. KeePass) and secure cloud (e.g.: SpiderOak) go a long way to keeping my sanity.
Q: What is your favorite pet's name?
A: altair drown bema hurty
[ link to this | view in chronology ]
How the heck did you know my security answer?
[ link to this | view in chronology ]
OH NO...
[ link to this | view in chronology ]
prosecutor overreach
Despite all that, The US DOJ is still overreaching in its prosecution here. There are 9 counts.
For counts 1-3, wire fraud, they include "...to obtain money and property...". From what is revealed in the indictment and various media reports, he was not selling the information he illicitly acquired or using it for extortion. Yet, they will argue, as with Weev, that he profited from his hacking, so a charge of fraud applies. That charge is not justified.
Count 7, Aggravated Identity Theft: Guccifer's actions consisted of sending an email from victim 4 to victim 3, intending to provoke victim 3. I can see how that fits into identity theft but I wonder how believable, to victim 3, that email was. I doubt the prosecution would want take that into account. My hunch is that, being provocative, it was not so believable and then count 7 would not be justified.
Count 8, Cyberstalking: Without further information it is hard to evaluate this charge. This is what mystifies me though. How can a hacker thousands of miles away be both capable of surveillance and able to harass a victim at the same time? It were talking about control of an email account and possibly other social media accounts, it would seem, that once the victim became aware of the hacking they could changes passwords and answers to security questions and block the surveillance.
Count 9, Obstruction of Justice: This seems too easy to add as a serious crime when it can include any attempt by the culprit to stay hidden or erase his tracks. Recent examples are:
1: An obstruction of justice charge against Barret Brown's mother for putting a laptop in a kitchen cabinet.
2: A recent charge against Khairullozhon Matanov, a friend of the Boston bombers. He erased some of the browser history on his computer not to cover any crime he did (The FBI does not think he was involved) but his connection with the bombers, his interest in jihad, and his interest in news coverage of the story. So, the indictment mentions his erasure of his browser history for CNN coverage of the bombing story as an example of obstruction of justice.
A final issue, is when someone is convicted in a foreign country is there any overlap when the US charges them with similar crimes. Is it fair to convict them of the same crime in two different countries? The indictment even asks for forfeiture when you can be sure Romania has already seized his computer and he did not gain any property from his exploits.
[ link to this | view in chronology ]
Re: prosecutor overreach
They better not have put it in a kitchen cabinet.
[ link to this | view in chronology ]