Guy Accused Of Leaking President Bush's Paintings Indicted For Hacking In The US

from the extradition-coming dept

An online hacker who went by the name “Guccifer” got a lot of attention a year and a half ago or so for regularly hacking into the email and social media accounts of various political officials and insiders along with some Hollywood folks, with the most high profile being former President George W. Bush’s email, leading to the leaking of some of Bush’s early attempts at painting. But that was hardly all. Among others, he hacked into email and/or social media accounts of Senator Lisa Murkowski, Colin Powell, top Hillary Clinton advisor Sidney Blumenthal, venture capitalist John Doerr, former White House chief of staff Kenneth Duberstein, actor Jeffrey Tambor (Jeffrey Tambor?!?!), Sex and the City author Candace Bushnell, Watergate reporter Carl Bernstein, President Obama’s head of the National Intelligence Council Christopher Kojm and the head of the National Nuclear Security Administration Neile Miller. In other words, Guccifer was pretty busy.

Then, earlier this year he was arrested in Romania. It turned out that he was Marcel Lazar Lehel, a Romanian cabdriver. Thing is, he didn’t just hack the famous and powerful in the US — but in Romania as well. Just last week, he was sentenced to four years in jail in Romania, with the possibility of more for earlier hacks. And, just like that, the FBI has announced an indictment against him as well, meaning that the US will likely to get him extradited (and, yes, the US has an extradition treaty with Romania).

While the indictment does not name the people who were hacked, calling them Victim 1, 2, 3, 4 and 5, it’s not difficult to figure out that Victim 1 is President Bush’s sister Dorothy Bush, which is how he got the GWB paintings (GWB had sent photos of them to his sister) and Victim 3 is Colin Powell, who had to deny an affair with a foreign diplomat after some of his emails were leaked. The indictment appears to suggest a particular infatuation with Powell, as it also included hacks of his Facebook page and posting anti-Bush rants on Powell’s Facebook page.

I’m always a little nervous about computer hacking cases, because the government is fairly well known for exaggerating non-hacking situations and pretending that they’re hacking under the CFAA, but assuming that this guy really did get into all of these accounts, it seems like what the CFAA was more written to cover in the first place.

The full indictment is below, but what I’m trying to figure out is how “victim 2” got included in the list. Notice if you can spot which one of the following “is different from the others” in the list below:

  • Victim 1… was a family member of two former U.S. presidents who was the true owner of an AOL account….
  • Victim 2… was a sanitation engineer who was the true owner of an AOL account….
  • Victim 3… was a former U.S. Cabinet member who resided in the Eastern District of Virginia. Victim 3 was the true owner of an AOL account with subaccounts and a Facebook account….
  • Victim 4… was a former member of the U.S. Joint Chiefs of Staff who was the true owner of a Facebook account….
  • Victim 5, known to the grand jury, was a journalist and former presidential advisor who was the true owner of an AOL account with subaccounts….

It just seems that if you were to put the five of those together at a Washington DC cocktail party, one of them would stick out as somewhat different from the others.

Filed Under: , , , , , , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Guy Accused Of Leaking President Bush's Paintings Indicted For Hacking In The US”

Subscribe: RSS Leave a comment
Anonymous Coward says:

third party doctrine

What happened to the third party doctrine – no expectation of privacy?

Many years ago, I took my little ones to a workshop on the internet given by 2 lawyers at the local library. They said the internet was run by the Department of Defense and there was no expectation of privacy on emails. What has changed since?

The first uses were in universities. The lawyers used email to transfer case laws back and forth for current court cases.

This was back in the 90’s when you would spend your whole lunch break at home trying to get a free connection on dial-up.

The gov. just argued that there is no expectation of privacy on the internet and cell phones because the data is given to third parties.

What’s up with that?

Doesn’t apply to gov?

PaulT (profile) says:

Re: third party doctrine

“They said the internet was run by the Department of Defense and there was no expectation of privacy on emails.”

They were wrong, or at least greatly simplifying things for the kids.

The structure of the internet was originally based on ARPANET, which was indeed a project originated by the US DoD. However, it’s since been greatly expanded and commercialised and is built on things like TCP/IP, FTP and HTTP. While some of these protocols were originally developed for use on ARPANET, they are free and open for anyone to use.

Basically, unless your ISP is part of the DoD, it has nothing to do with them – especially if the traffic is routed or accessed outside of US jurisdiction.

“The lawyers used email to transfer case laws back and forth for current court cases.”

In that case, what they might have been saying is that they could not guarantee privacy via emails. That is, email is by its very nature insecure and as such is a poor platform for sending secure traffic and documents. Email can easily be manipulated and intercepted by unauthorised third parties, and as such an alternative method of exchanging documents is to be preferred.

Anonymous Coward says:

Re: Re: third party doctrine

“They were wrong, or at least greatly simplifying things for the kids.”

What they should have told the kids was “The law is arbitrary, depending upon who is involved in the case and the whims of the presiding judge. You may or may not have an expectation of privacy in email, depending on how important you are and how it affects the government. Deal with it.”

Of course, we don’t like telling children the truth.

Anonymous Coward says:

Re: third party doctrine

I sometimes wonder if the internet would have ever become so popular (i.e., had so many people so freely divulge and communicate their most personal information over it) if they had actually known what you’re suggesting is true about 3rd Party Doctrine in relation to the internet.

For example, would most people accept Facebook’s TOS if it were written to accurately communicate what they intend to do with your information?

Facebook’s “honest” TOS:

“We watch you every minute that you?re here. We watch every detail of what you do, what you look at, who you?re paying attention to, what kind of attention you?re paying for how long, what you do next, and how you feel about it based on what you search for. We have wired the web so that we watch all the pages that you touch that aren?t ours, so that we know exactly what you?re reading all the time, and we correlate that with your behavior here. Your children spend hours every day with us. Every minute of those hours, we spy upon them more efficiently than you will ever be able to. And we reserve the right keep, sell, and/or otherwise do whatever we want with your personal information forever and ever. Muh. Ha. Ha.?


Anonymous Coward says:

I’m gonna say Guccifier most likely deployed email fishing, combined with Cross-site scripting ? cookie theft.

– Send the victim a convincing looking email in HTML format, with a picture embedded in the message body.

– Get the victim to view the HTML email message in their web browser.

– The picture loads up from server Guccifier controls.

– Some cross-site JavaScript code executes, and all the victims session cookies get sent to Guccifier’s server.

– Guccifier loads those session cookies into his web browser, and logs into the victim’s AOL account without ever having to type in a password.

– Then changes the account password. Logs out and then back in, using the new password he just created.

– Email account has now been hijacked.

It’s just a guess, but that’s how I’d do it. If it is how he did it, it just goes to show us how dangerous it is to view HTML web mail in a browser.

Stick with POP3 and IMAP email clients. Even if HTML messages are viewed in email clients, JavaScript is usually disabled. At least in Thunderbird it is.

Anonymous Coward says:

Its all a joke...

you can be indicted by a federal grand jury for pissing on a bush.

None this shit makes the legal system even remotely believable or respectable anymore. I know no longer trust the crimes people are accused with as being genuinely serious because the benign offender is often treated just as bad or worst as the most evil offender!

Anonymous Coward says:

Re: Re: Its all a joke...

lol, yea… I though… I should have made it more of a pun after reading my post again considering the context.

As a conservative myself, I never understood what people saw in Bush. Sure he treated the Military better than others, but DHS and the Patriot Act has done far more damage to our nation than any terrorist act could ever do.

Anonymous Coward says:

Victim #2 could fit in one of two ways

First way is that victim #2 has routine non-career interactions with the others. The article itself mentions that one of the alleged victims was Dorothy Bush, who was likely interesting to Guccifier not because of where she works / worked, but because she is an immediate relative of someone interesting. Assuming victim #2 is not Dorothy Bush directly, the same explanation could apply. Expand the non-career web out to touch parents, siblings, and adult offspring of interesting well known personalities and you have a decent sized list. Expand it again to touch the spouses, siblings, etc. of those people and the list is huge. Techdirt’s critique of NSA’s “three hops” theory shows how things grow fast, especially if we include friends instead of only blood/legal relatives.

Second way is that victim #2 has an account name that is “close enough” to the account name of someone interesting that Guccifier targeted it either hoping it was an alias or by mistake. Even if victim #2 is a “little guy” who ordinarily could not interest the Feds in investigating his/her case, once they realized that Guccifier had hit him and that they already had Guccifier, they would throw it on the list to extend the charge sheet.

Rain, Rain says:

Victim 2 is not a riddle

It’s obvious why Victim 2 is named in the indictment; ust read the thing. Guccifer (seriously? Guccifer?)got information from the important accounts he had hacked, then used the account of Victim 2 to send that information to the press. Victim 2 is a key part of the narrative, so of course the lawyers include him.

By the way it’s “Guccifer” not “Guccifier.” Though there’s still time for him to become a household name, it’s unlikely he’ll ever be worth of a back-formation.

Anonymous Coward says:

Re: Victim 2 is not a riddle

Correct! an astute insight. Victim 2’s account however, wasn’t the only account used to publicly post information.

a portmanteau of Gucci and Lucifer? Yes, it’s too cumbersome for a proper back-formation. Although, consider the Guccimeister, Guccirino, the Guccifier, making copies of personal info.

Anonymous Coward says:

personal security mistakes

Beware the misguided whistleblower! Although prolific, this guy is not some ?ber hacker but just an obsessed script kiddy. His exploits show off some of the most egregious security mistakes made by individuals and the companies that control their accounts. Security questions used as a backup for forgotten passwords actually reduce security greatly. It is too easy to look up personal information that will enable you to answer the typical security question. I’m sorry, but you can’t use information that you, yourself, just remember offhand. Instead, if the question is “your favorite vacation spot” a secure answer (until now) will be “equator on Venus”. The other issue is linking personal accounts via a primary email address. If that email address is compromised, then all those other accounts are also compromised. In my view, such security questions should be eliminated altogether. You don’t want to be the next Cantwell F. Muckenfuss III (A DC lawyer).

beltorak (profile) says:

Re: personal security mistakes

My method is to generate security answers the same way I do passwords – 4 to 10 diceware words. Since security questions can also be used on the phone as part of a human interaction to verify account ownership, it has the advantage of being able to say it easily. From the FAQ:

You can think of the Diceware word list as a giant alphabet of 7776 symbols. If you pick seven words from the list, there are

7776 X 7776 X 7776 X 7776 X 7776 X 7776 X 7776 =

possibilities. That works out to a little more than 90 bits of strength, or about 12.9 bits per word. Note, by the way, that each of the passphrase selection methods we just talked about above, — random single case alphabet letters, random upper and lower lower case letters and digits, random Chinese characters and Diceware — are equally secure, as long as the number of symbols selected give the same number of bits of strength. The only advantage of Diceware is that it is more user friendly: the passphrase is easier to remember and perhaps easier to type accurately.

Of course a password manager (e.g. KeePass) and secure cloud (e.g.: SpiderOak) go a long way to keeping my sanity.

Q: What is your favorite pet’s name?

A: altair drown bema hurty

aldestrawk says:

prosecutor overreach

I don’t have much sympathy for this guy. He seemed to think he was doing some kind of public service doxing various famed people among the illuminati(???). In reality, he is just an annoying miscreant publicizing any personal information he got his hands on via guessing answers to account security questions. By now, any serious hacker knows you cannot rely on the use of a single proxy to maintain your anonymity. Yet, he made that mistake and he sometimes used screen captures when the same data was available via files. This reveals his lack of true hacker skills. No l33t H4x0r is he! The main reason I don’t have much sympathy for him though, is he is a cab driver and I have had some very bad experiences with cab drivers in Eastern Europe.

Despite all that, The US DOJ is still overreaching in its prosecution here. There are 9 counts.

For counts 1-3, wire fraud, they include “…to obtain money and property…”. From what is revealed in the indictment and various media reports, he was not selling the information he illicitly acquired or using it for extortion. Yet, they will argue, as with Weev, that he profited from his hacking, so a charge of fraud applies. That charge is not justified.

Count 7, Aggravated Identity Theft: Guccifer’s actions consisted of sending an email from victim 4 to victim 3, intending to provoke victim 3. I can see how that fits into identity theft but I wonder how believable, to victim 3, that email was. I doubt the prosecution would want take that into account. My hunch is that, being provocative, it was not so believable and then count 7 would not be justified.

Count 8, Cyberstalking: Without further information it is hard to evaluate this charge. This is what mystifies me though. How can a hacker thousands of miles away be both capable of surveillance and able to harass a victim at the same time? It were talking about control of an email account and possibly other social media accounts, it would seem, that once the victim became aware of the hacking they could changes passwords and answers to security questions and block the surveillance.

Count 9, Obstruction of Justice: This seems too easy to add as a serious crime when it can include any attempt by the culprit to stay hidden or erase his tracks. Recent examples are:
1: An obstruction of justice charge against Barret Brown’s mother for putting a laptop in a kitchen cabinet.

2: A recent charge against Khairullozhon Matanov, a friend of the Boston bombers. He erased some of the browser history on his computer not to cover any crime he did (The FBI does not think he was involved) but his connection with the bombers, his interest in jihad, and his interest in news coverage of the story. So, the indictment mentions his erasure of his browser history for CNN coverage of the bombing story as an example of obstruction of justice.

A final issue, is when someone is convicted in a foreign country is there any overlap when the US charges them with similar crimes. Is it fair to convict them of the same crime in two different countries? The indictment even asks for forfeiture when you can be sure Romania has already seized his computer and he did not gain any property from his exploits.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...