Guy Accused Of Leaking President Bush's Paintings Indicted For Hacking In The US

from the extradition-coming dept

An online hacker who went by the name "Guccifer" got a lot of attention a year and a half ago or so for regularly hacking into the email and social media accounts of various political officials and insiders along with some Hollywood folks, with the most high profile being former President George W. Bush's email, leading to the leaking of some of Bush's early attempts at painting. But that was hardly all. Among others, he hacked into email and/or social media accounts of Senator Lisa Murkowski, Colin Powell, top Hillary Clinton advisor Sidney Blumenthal, venture capitalist John Doerr, former White House chief of staff Kenneth Duberstein, actor Jeffrey Tambor (Jeffrey Tambor?!?!), Sex and the City author Candace Bushnell, Watergate reporter Carl Bernstein, President Obama's head of the National Intelligence Council Christopher Kojm and the head of the National Nuclear Security Administration Neile Miller. In other words, Guccifer was pretty busy.

Then, earlier this year he was arrested in Romania. It turned out that he was Marcel Lazar Lehel, a Romanian cabdriver. Thing is, he didn't just hack the famous and powerful in the US -- but in Romania as well. Just last week, he was sentenced to four years in jail in Romania, with the possibility of more for earlier hacks. And, just like that, the FBI has announced an indictment against him as well, meaning that the US will likely to get him extradited (and, yes, the US has an extradition treaty with Romania).

While the indictment does not name the people who were hacked, calling them Victim 1, 2, 3, 4 and 5, it's not difficult to figure out that Victim 1 is President Bush's sister Dorothy Bush, which is how he got the GWB paintings (GWB had sent photos of them to his sister) and Victim 3 is Colin Powell, who had to deny an affair with a foreign diplomat after some of his emails were leaked. The indictment appears to suggest a particular infatuation with Powell, as it also included hacks of his Facebook page and posting anti-Bush rants on Powell's Facebook page.

I'm always a little nervous about computer hacking cases, because the government is fairly well known for exaggerating non-hacking situations and pretending that they're hacking under the CFAA, but assuming that this guy really did get into all of these accounts, it seems like what the CFAA was more written to cover in the first place.

The full indictment is below, but what I'm trying to figure out is how "victim 2" got included in the list. Notice if you can spot which one of the following "is different from the others" in the list below:
  • Victim 1... was a family member of two former U.S. presidents who was the true owner of an AOL account....
  • Victim 2... was a sanitation engineer who was the true owner of an AOL account....
  • Victim 3... was a former U.S. Cabinet member who resided in the Eastern District of Virginia. Victim 3 was the true owner of an AOL account with subaccounts and a Facebook account....
  • Victim 4... was a former member of the U.S. Joint Chiefs of Staff who was the true owner of a Facebook account....
  • Victim 5, known to the grand jury, was a journalist and former presidential advisor who was the true owner of an AOL account with subaccounts....
It just seems that if you were to put the five of those together at a Washington DC cocktail party, one of them would stick out as somewhat different from the others.

Reader Comments (rss)

(Flattened / Threaded)

  1.  
    identicon
    Anonymous Coward, Jun 13th, 2014 @ 5:44am

    Is someone actually a "True Owner"of an account, or merely a licensee. I would like to know AOL's opinion on whether a person actually OWNS the account.
    You know, because like music and e-books and software, we merely license them, and have no right to do what we want with them.

     

    reply to this | link to this | view in thread ]

  2.  
    identicon
    Michael, Jun 13th, 2014 @ 5:46am

    Victims 1, 3, 4, and 5 handed the American people a load of s*** and victim #2 dealt with one?

     

    reply to this | link to this | view in thread ]

  3.  
    identicon
    Anonymous Coward, Jun 13th, 2014 @ 5:46am

    Re:

    Yep... I think everyone knows that AOL and "NSA" are the true owners of all email accounts on their servers.

     

    reply to this | link to this | view in thread ]

  4.  
    icon
    PaulT (profile), Jun 13th, 2014 @ 6:07am

    Re:

    It'll be the same definition as those other venues - whether you licence or own something changes according to what's best for *them* at that moment.

     

    reply to this | link to this | view in thread ]

  5.  
    identicon
    Anonymous Coward, Jun 13th, 2014 @ 6:07am

    Too bad you can't get the death penalty for being a complete tool.

     

    reply to this | link to this | view in thread ]

  6.  
    icon
    John Fenderson (profile), Jun 13th, 2014 @ 6:08am

    Re:

    AOL (just like any other online service) isn't even licensing software. You're using a service. You aren't in possession of the software in the first place, so you aren't even licensing it, let alone own it, any more than using the internet gives you ownership or license over the internet itself.

     

    reply to this | link to this | view in thread ]

  7.  
    identicon
    Anonymous Coward, Jun 13th, 2014 @ 6:09am

    third party doctrine

    What happened to the third party doctrine - no expectation of privacy?

    Many years ago, I took my little ones to a workshop on the internet given by 2 lawyers at the local library. They said the internet was run by the Department of Defense and there was no expectation of privacy on emails. What has changed since?

    The first uses were in universities. The lawyers used email to transfer case laws back and forth for current court cases.

    This was back in the 90's when you would spend your whole lunch break at home trying to get a free connection on dial-up.

    The gov. just argued that there is no expectation of privacy on the internet and cell phones because the data is given to third parties.

    What's up with that?

    Doesn't apply to gov?

     

    reply to this | link to this | view in thread ]

  8.  
    icon
    PaulT (profile), Jun 13th, 2014 @ 6:10am

    Re: Re:

    But what about the account attached to that service? I don't know for sure, but I suspect that there might be different ownerships attached to the account (and the content stored behind that account) and the service it's used to access...

     

    reply to this | link to this | view in thread ]

  9.  
    icon
    MadAsASnake (profile), Jun 13th, 2014 @ 6:14am

    So let's get this right. He's a Romanian, and got caught in Romania by Romanians and banged up in Romania for crimes against Romanians? With all the capabilities / overreach the US has, how come none of the NSA / FBI / CIA or anyone else US side got even close?

     

    reply to this | link to this | view in thread ]

  10.  
    identicon
    Michael, Jun 13th, 2014 @ 6:21am

    Re:

    To Americans, Romainians all look the same.

     

    reply to this | link to this | view in thread ]

  11.  
    identicon
    Anonymous Coward, Jun 13th, 2014 @ 6:40am

    I'm gonna say Guccifier most likely deployed email fishing, combined with Cross-site scripting – cookie theft.

    - Send the victim a convincing looking email in HTML format, with a picture embedded in the message body.

    - Get the victim to view the HTML email message in their web browser.

    - The picture loads up from server Guccifier controls.

    - Some cross-site JavaScript code executes, and all the victims session cookies get sent to Guccifier's server.

    - Guccifier loads those session cookies into his web browser, and logs into the victim's AOL account without ever having to type in a password.

    - Then changes the account password. Logs out and then back in, using the new password he just created.

    - Email account has now been hijacked.

    It's just a guess, but that's how I'd do it. If it is how he did it, it just goes to show us how dangerous it is to view HTML web mail in a browser.

    Stick with POP3 and IMAP email clients. Even if HTML messages are viewed in email clients, JavaScript is usually disabled. At least in Thunderbird it is.

     

    reply to this | link to this | view in thread ]

  12.  
    identicon
    Anonymous Coward, Jun 13th, 2014 @ 6:50am

    Its all a joke...

    you can be indicted by a federal grand jury for pissing on a bush.

    None this shit makes the legal system even remotely believable or respectable anymore. I know no longer trust the crimes people are accused with as being genuinely serious because the benign offender is often treated just as bad or worst as the most evil offender!

     

    reply to this | link to this | view in thread ]

  13.  
    identicon
    Anonymous Coward, Jun 13th, 2014 @ 6:51am

    Victim #2 could fit in one of two ways

    First way is that victim #2 has routine non-career interactions with the others. The article itself mentions that one of the alleged victims was Dorothy Bush, who was likely interesting to Guccifier not because of where she works / worked, but because she is an immediate relative of someone interesting. Assuming victim #2 is not Dorothy Bush directly, the same explanation could apply. Expand the non-career web out to touch parents, siblings, and adult offspring of interesting well known personalities and you have a decent sized list. Expand it again to touch the spouses, siblings, etc. of those people and the list is huge. Techdirt's critique of NSA's "three hops" theory shows how things grow fast, especially if we include friends instead of only blood/legal relatives.

    Second way is that victim #2 has an account name that is "close enough" to the account name of someone interesting that Guccifier targeted it either hoping it was an alias or by mistake. Even if victim #2 is a "little guy" who ordinarily could not interest the Feds in investigating his/her case, once they realized that Guccifier had hit him and that they already had Guccifier, they would throw it on the list to extend the charge sheet.

     

    reply to this | link to this | view in thread ]

  14.  
    identicon
    Michael, Jun 13th, 2014 @ 6:53am

    Re: Its all a joke...

    you can be indicted by a federal grand jury for pissing on a bush

    Assaulting a former president may even be treason.

     

    reply to this | link to this | view in thread ]

  15.  
    identicon
    Anonymous Coward, Jun 13th, 2014 @ 6:53am

    I think these five people are the only ones left on AOL, that's what they have in common.

     

    reply to this | link to this | view in thread ]

  16.  
    icon
    John Fenderson (profile), Jun 13th, 2014 @ 6:55am

    Re: Re: Re:

    What do you mean by "the account"? That's a serious question. You do, of course, retain ownership of your content (and you license it to the service).

     

    reply to this | link to this | view in thread ]

  17.  
    icon
    PaulT (profile), Jun 13th, 2014 @ 6:58am

    Re: third party doctrine

    "They said the internet was run by the Department of Defense and there was no expectation of privacy on emails."

    They were wrong, or at least greatly simplifying things for the kids.

    The structure of the internet was originally based on ARPANET, which was indeed a project originated by the US DoD. However, it's since been greatly expanded and commercialised and is built on things like TCP/IP, FTP and HTTP. While some of these protocols were originally developed for use on ARPANET, they are free and open for anyone to use.

    Basically, unless your ISP is part of the DoD, it has nothing to do with them - especially if the traffic is routed or accessed outside of US jurisdiction.

    "The lawyers used email to transfer case laws back and forth for current court cases."

    In that case, what they might have been saying is that they could not guarantee privacy via emails. That is, email is by its very nature insecure and as such is a poor platform for sending secure traffic and documents. Email can easily be manipulated and intercepted by unauthorised third parties, and as such an alternative method of exchanging documents is to be preferred.

     

    reply to this | link to this | view in thread ]

  18.  
    identicon
    Anonymous Coward, Jun 13th, 2014 @ 7:27am

    Isn't it obvious? Victim 2 is the man behind the curtain, the head of the illuminati that controls everything. Garbage man? That's a cover.


    He's also a reptilian.

     

    reply to this | link to this | view in thread ]

  19.  
    identicon
    Anonymous Coward, Jun 13th, 2014 @ 7:33am

    Re:

    If that was possible, we would never get to a presidents 1st day in office.

     

    reply to this | link to this | view in thread ]

  20.  
    identicon
    Michael, Jun 13th, 2014 @ 7:39am

    Re:

    Are you STILL pissed off that the garbage guy took your tinfoil hat?

     

    reply to this | link to this | view in thread ]

  21.  
    icon
    Josh (profile), Jun 13th, 2014 @ 7:59am

    common thread

    AOL?

     

    reply to this | link to this | view in thread ]

  22.  
    identicon
    Anonymous Coward, Jun 13th, 2014 @ 8:13am

    Re: third party doctrine

    I sometimes wonder if the internet would have ever become so popular (i.e., had so many people so freely divulge and communicate their most personal information over it) if they had actually known what you're suggesting is true about 3rd Party Doctrine in relation to the internet.

    For example, would most people accept Facebook's TOS if it were written to accurately communicate what they intend to do with your information?

    Facebook's "honest" TOS:

    "We watch you every minute that you’re here. We watch every detail of what you do, what you look at, who you’re paying attention to, what kind of attention you’re paying for how long, what you do next, and how you feel about it based on what you search for. We have wired the web so that we watch all the pages that you touch that aren’t ours, so that we know exactly what you’re reading all the time, and we correlate that with your behavior here. Your children spend hours every day with us. Every minute of those hours, we spy upon them more efficiently than you will ever be able to. And we reserve the right keep, sell, and/or otherwise do whatever we want with your personal information forever and ever. Muh. Ha. Ha.”

    Accept?

     

    reply to this | link to this | view in thread ]

  23.  
    identicon
    Rain, Rain, Jun 13th, 2014 @ 8:29am

    Victim 2 is not a riddle

    It's obvious why Victim 2 is named in the indictment; ust read the thing. Guccifer (seriously? Guccifer?)got information from the important accounts he had hacked, then used the account of Victim 2 to send that information to the press. Victim 2 is a key part of the narrative, so of course the lawyers include him.

    By the way it's "Guccifer" not "Guccifier." Though there's still time for him to become a household name, it's unlikely he'll ever be worth of a back-formation.

     

    reply to this | link to this | view in thread ]

  24.  
    identicon
    Anonymous Coward, Jun 13th, 2014 @ 8:43am

    Re: Re: third party doctrine

    "They were wrong, or at least greatly simplifying things for the kids."

    What they should have told the kids was "The law is arbitrary, depending upon who is involved in the case and the whims of the presiding judge. You may or may not have an expectation of privacy in email, depending on how important you are and how it affects the government. Deal with it."

    Of course, we don't like telling children the truth.

     

    reply to this | link to this | view in thread ]

  25.  
    identicon
    Anonymous Coward, Jun 13th, 2014 @ 8:45am

    Re: Its all a joke...

    "you can be indicted by a federal grand jury for pissing on a bush."

    Or pissing off a Bush, in this case.

     

    reply to this | link to this | view in thread ]

  26.  
    identicon
    Anonymous Coward, Jun 13th, 2014 @ 8:48am

    Re: Re: Re: third party doctrine

    We don't even like telling ourselves the truth.

     

    reply to this | link to this | view in thread ]

  27.  
    identicon
    Anonymous Coward, Jun 13th, 2014 @ 9:15am

    personal security mistakes

    Beware the misguided whistleblower! Although prolific, this guy is not some über hacker but just an obsessed script kiddy. His exploits show off some of the most egregious security mistakes made by individuals and the companies that control their accounts. Security questions used as a backup for forgotten passwords actually reduce security greatly. It is too easy to look up personal information that will enable you to answer the typical security question. I'm sorry, but you can't use information that you, yourself, just remember offhand. Instead, if the question is "your favorite vacation spot" a secure answer (until now) will be "equator on Venus". The other issue is linking personal accounts via a primary email address. If that email address is compromised, then all those other accounts are also compromised. In my view, such security questions should be eliminated altogether. You don't want to be the next Cantwell F. Muckenfuss III (A DC lawyer).

     

    reply to this | link to this | view in thread ]

  28.  
    identicon
    Anonymous Coward, Jun 13th, 2014 @ 9:19am

    Re: Victim #2 could fit in one of two ways

    Victim #2 is the "jaywalking" in arson, murder, and jaywalking.

     

    reply to this | link to this | view in thread ]

  29.  
    identicon
    Michael, Jun 13th, 2014 @ 9:22am

    if the question is "your favorite vacation spot" a secure answer (until now) will be "equator on Venus"

    How the heck did you know my security answer?

     

    reply to this | link to this | view in thread ]

  30.  
    identicon
    Anonymous Coward, Jun 13th, 2014 @ 9:37am

    Re: Victim 2 is not a riddle

    Correct! an astute insight. Victim 2's account however, wasn't the only account used to publicly post information.

    a portmanteau of Gucci and Lucifer? Yes, it's too cumbersome for a proper back-formation. Although, consider the Guccimeister, Guccirino, the Guccifier, making copies of personal info.

     

    reply to this | link to this | view in thread ]

  31.  
    identicon
    Michael, Jun 13th, 2014 @ 9:45am

    Re: Re: Victim 2 is not a riddle

    He used to go by "Gucci", but he was sued.

     

    reply to this | link to this | view in thread ]

  32.  
    identicon
    Anonymous Coward, Jun 13th, 2014 @ 9:47am

    Re: personal security mistakes

    "Instead, if the question is "your favorite vacation spot" a secure answer (until now) will be "equator on Venus"."

    Well, at least it sounds better than something having to do with Uranus.

     

    reply to this | link to this | view in thread ]

  33.  
    icon
    aldestrawk (profile), Jun 13th, 2014 @ 10:15am

    Re: Re: Victim 2 is not a riddle

    "a portmanteau of Gucci and Lucifer?"

    Not likely, everybody knows the devil wears Prada.

     

    reply to this | link to this | view in thread ]

  34.  
    icon
    aldestrawk (profile), Jun 13th, 2014 @ 10:22am

    Re: common thread

    They still have 2.5 million subscribers (and dropping).

     

    reply to this | link to this | view in thread ]

  35.  
    identicon
    Michael, Jun 13th, 2014 @ 10:31am

    Re: Re: common thread

    In other news, 2.5 million Americans do not carefully inspect their credit card bills for unnecessary recurring payments.

     

    reply to this | link to this | view in thread ]

  36.  
    icon
    beltorak (profile), Jun 13th, 2014 @ 10:51am

    Re: Re: personal security mistakes

    Q: What is your favorite vacation spot?

    A: The dark spot on Uranus

     

    reply to this | link to this | view in thread ]

  37.  
    icon
    beltorak (profile), Jun 13th, 2014 @ 11:05am

    Re: personal security mistakes

    My method is to generate security answers the same way I do passwords - 4 to 10 diceware words. Since security questions can also be used on the phone as part of a human interaction to verify account ownership, it has the advantage of being able to say it easily. From the FAQ:


    You can think of the Diceware word list as a giant alphabet of 7776 symbols. If you pick seven words from the list, there are

    7776 X 7776 X 7776 X 7776 X 7776 X 7776 X 7776 =
    1,719,070,799,748,422,591,028,658,176

    possibilities. That works out to a little more than 90 bits of strength, or about 12.9 bits per word. Note, by the way, that each of the passphrase selection methods we just talked about above, -- random single case alphabet letters, random upper and lower lower case letters and digits, random Chinese characters and Diceware -- are equally secure, as long as the number of symbols selected give the same number of bits of strength. The only advantage of Diceware is that it is more user friendly: the passphrase is easier to remember and perhaps easier to type accurately.


    Of course a password manager (e.g. KeePass) and secure cloud (e.g.: SpiderOak) go a long way to keeping my sanity.

    Q: What is your favorite pet's name?

    A: altair drown bema hurty

     

    reply to this | link to this | view in thread ]

  38.  
    icon
    Ray Trygstad (profile), Jun 13th, 2014 @ 11:07am

    OH NO...

    ...my anonymous online persona is a sanitation engineer! But wait...no AOL account . What a relief. Who still has an AOL account, anyway?

     

    reply to this | link to this | view in thread ]

  39.  
    icon
    art guerrilla (profile), Jun 13th, 2014 @ 11:22am

    Re:

    wondering if victim #2 didn't have his account hijacked, or otherwise used by the hacker to hide his tracks...

     

    reply to this | link to this | view in thread ]

  40.  
    icon
    aldestrawk (profile), Jun 13th, 2014 @ 12:26pm

    prosecutor overreach

    I don't have much sympathy for this guy. He seemed to think he was doing some kind of public service doxing various famed people among the illuminati(???). In reality, he is just an annoying miscreant publicizing any personal information he got his hands on via guessing answers to account security questions. By now, any serious hacker knows you cannot rely on the use of a single proxy to maintain your anonymity. Yet, he made that mistake and he sometimes used screen captures when the same data was available via files. This reveals his lack of true hacker skills. No l33t H4x0r is he! The main reason I don't have much sympathy for him though, is he is a cab driver and I have had some very bad experiences with cab drivers in Eastern Europe.

    Despite all that, The US DOJ is still overreaching in its prosecution here. There are 9 counts.

    For counts 1-3, wire fraud, they include "...to obtain money and property...". From what is revealed in the indictment and various media reports, he was not selling the information he illicitly acquired or using it for extortion. Yet, they will argue, as with Weev, that he profited from his hacking, so a charge of fraud applies. That charge is not justified.

    Count 7, Aggravated Identity Theft: Guccifer's actions consisted of sending an email from victim 4 to victim 3, intending to provoke victim 3. I can see how that fits into identity theft but I wonder how believable, to victim 3, that email was. I doubt the prosecution would want take that into account. My hunch is that, being provocative, it was not so believable and then count 7 would not be justified.

    Count 8, Cyberstalking: Without further information it is hard to evaluate this charge. This is what mystifies me though. How can a hacker thousands of miles away be both capable of surveillance and able to harass a victim at the same time? It were talking about control of an email account and possibly other social media accounts, it would seem, that once the victim became aware of the hacking they could changes passwords and answers to security questions and block the surveillance.

    Count 9, Obstruction of Justice: This seems too easy to add as a serious crime when it can include any attempt by the culprit to stay hidden or erase his tracks. Recent examples are:
    1: An obstruction of justice charge against Barret Brown's mother for putting a laptop in a kitchen cabinet.

    2: A recent charge against Khairullozhon Matanov, a friend of the Boston bombers. He erased some of the browser history on his computer not to cover any crime he did (The FBI does not think he was involved) but his connection with the bombers, his interest in jihad, and his interest in news coverage of the story. So, the indictment mentions his erasure of his browser history for CNN coverage of the bombing story as an example of obstruction of justice.

    A final issue, is when someone is convicted in a foreign country is there any overlap when the US charges them with similar crimes. Is it fair to convict them of the same crime in two different countries? The indictment even asks for forfeiture when you can be sure Romania has already seized his computer and he did not gain any property from his exploits.

     

    reply to this | link to this | view in thread ]

  41.  
    identicon
    Michael, Jun 13th, 2014 @ 12:37pm

    Re: prosecutor overreach

    you can be sure Romania has already seized his computer

    They better not have put it in a kitchen cabinet.

     

    reply to this | link to this | view in thread ]

  42.  
    identicon
    Anonymous Coward, Jun 13th, 2014 @ 12:53pm

    Re: Re: Its all a joke...

    lol, yea... I though... I should have made it more of a pun after reading my post again considering the context.

    As a conservative myself, I never understood what people saw in Bush. Sure he treated the Military better than others, but DHS and the Patriot Act has done far more damage to our nation than any terrorist act could ever do.

     

    reply to this | link to this | view in thread ]

  43.  
    identicon
    Pragmatic, Jun 17th, 2014 @ 9:32am

    Re: Re: Re: Its all a joke...

    Thank you. It's the neocons that caused all the problems. Unfortunately, many of them are still in office or retain influence. They all need to go.

     

    reply to this | link to this | view in thread ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
Advertisement
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
Advertisement
Recent Stories
Advertisement
Support Techdirt - Get Great Stuff!

Close

Email This

This feature is only available to registered users. Register or sign in to use it.