Guy Accused Of Leaking President Bush's Paintings Indicted For Hacking In The US
from the extradition-coming dept
An online hacker who went by the name “Guccifer” got a lot of attention a year and a half ago or so for regularly hacking into the email and social media accounts of various political officials and insiders along with some Hollywood folks, with the most high profile being former President George W. Bush’s email, leading to the leaking of some of Bush’s early attempts at painting. But that was hardly all. Among others, he hacked into email and/or social media accounts of Senator Lisa Murkowski, Colin Powell, top Hillary Clinton advisor Sidney Blumenthal, venture capitalist John Doerr, former White House chief of staff Kenneth Duberstein, actor Jeffrey Tambor (Jeffrey Tambor?!?!), Sex and the City author Candace Bushnell, Watergate reporter Carl Bernstein, President Obama’s head of the National Intelligence Council Christopher Kojm and the head of the National Nuclear Security Administration Neile Miller. In other words, Guccifer was pretty busy.
Then, earlier this year he was arrested in Romania. It turned out that he was Marcel Lazar Lehel, a Romanian cabdriver. Thing is, he didn’t just hack the famous and powerful in the US — but in Romania as well. Just last week, he was sentenced to four years in jail in Romania, with the possibility of more for earlier hacks. And, just like that, the FBI has announced an indictment against him as well, meaning that the US will likely to get him extradited (and, yes, the US has an extradition treaty with Romania).
While the indictment does not name the people who were hacked, calling them Victim 1, 2, 3, 4 and 5, it’s not difficult to figure out that Victim 1 is President Bush’s sister Dorothy Bush, which is how he got the GWB paintings (GWB had sent photos of them to his sister) and Victim 3 is Colin Powell, who had to deny an affair with a foreign diplomat after some of his emails were leaked. The indictment appears to suggest a particular infatuation with Powell, as it also included hacks of his Facebook page and posting anti-Bush rants on Powell’s Facebook page.
I’m always a little nervous about computer hacking cases, because the government is fairly well known for exaggerating non-hacking situations and pretending that they’re hacking under the CFAA, but assuming that this guy really did get into all of these accounts, it seems like what the CFAA was more written to cover in the first place.
The full indictment is below, but what I’m trying to figure out is how “victim 2” got included in the list. Notice if you can spot which one of the following “is different from the others” in the list below:
- Victim 1… was a family member of two former U.S. presidents who was the true owner of an AOL account….
- Victim 2… was a sanitation engineer who was the true owner of an AOL account….
- Victim 3… was a former U.S. Cabinet member who resided in the Eastern District of Virginia. Victim 3 was the true owner of an AOL account with subaccounts and a Facebook account….
- Victim 4… was a former member of the U.S. Joint Chiefs of Staff who was the true owner of a Facebook account….
- Victim 5, known to the grand jury, was a journalist and former presidential advisor who was the true owner of an AOL account with subaccounts….
It just seems that if you were to put the five of those together at a Washington DC cocktail party, one of them would stick out as somewhat different from the others.
Filed Under: cfaa, colin powell, doj, email, fbi, george w. bush, guccifer, hacking, marcel lazar lehel
Comments on “Guy Accused Of Leaking President Bush's Paintings Indicted For Hacking In The US”
Is someone actually a “True Owner”of an account, or merely a licensee. I would like to know AOL’s opinion on whether a person actually OWNS the account.
You know, because like music and e-books and software, we merely license them, and have no right to do what we want with them.
Re: Re:
Yep… I think everyone knows that AOL and “NSA” are the true owners of all email accounts on their servers.
Re: Re:
It’ll be the same definition as those other venues – whether you licence or own something changes according to what’s best for them at that moment.
Re: Re:
AOL (just like any other online service) isn’t even licensing software. You’re using a service. You aren’t in possession of the software in the first place, so you aren’t even licensing it, let alone own it, any more than using the internet gives you ownership or license over the internet itself.
Re: Re: Re:
But what about the account attached to that service? I don’t know for sure, but I suspect that there might be different ownerships attached to the account (and the content stored behind that account) and the service it’s used to access…
Re: Re: Re: Re:
What do you mean by “the account”? That’s a serious question. You do, of course, retain ownership of your content (and you license it to the service).
Victims 1, 3, 4, and 5 handed the American people a load of s*** and victim #2 dealt with one?
Re: Re:
wondering if victim #2 didn’t have his account hijacked, or otherwise used by the hacker to hide his tracks…
Too bad you can’t get the death penalty for being a complete tool.
Re: Re:
If that was possible, we would never get to a presidents 1st day in office.
third party doctrine
What happened to the third party doctrine – no expectation of privacy?
Many years ago, I took my little ones to a workshop on the internet given by 2 lawyers at the local library. They said the internet was run by the Department of Defense and there was no expectation of privacy on emails. What has changed since?
The first uses were in universities. The lawyers used email to transfer case laws back and forth for current court cases.
This was back in the 90’s when you would spend your whole lunch break at home trying to get a free connection on dial-up.
The gov. just argued that there is no expectation of privacy on the internet and cell phones because the data is given to third parties.
What’s up with that?
Doesn’t apply to gov?
Re: third party doctrine
“They said the internet was run by the Department of Defense and there was no expectation of privacy on emails.”
They were wrong, or at least greatly simplifying things for the kids.
The structure of the internet was originally based on ARPANET, which was indeed a project originated by the US DoD. However, it’s since been greatly expanded and commercialised and is built on things like TCP/IP, FTP and HTTP. While some of these protocols were originally developed for use on ARPANET, they are free and open for anyone to use.
Basically, unless your ISP is part of the DoD, it has nothing to do with them – especially if the traffic is routed or accessed outside of US jurisdiction.
“The lawyers used email to transfer case laws back and forth for current court cases.”
In that case, what they might have been saying is that they could not guarantee privacy via emails. That is, email is by its very nature insecure and as such is a poor platform for sending secure traffic and documents. Email can easily be manipulated and intercepted by unauthorised third parties, and as such an alternative method of exchanging documents is to be preferred.
Re: Re: third party doctrine
“They were wrong, or at least greatly simplifying things for the kids.”
What they should have told the kids was “The law is arbitrary, depending upon who is involved in the case and the whims of the presiding judge. You may or may not have an expectation of privacy in email, depending on how important you are and how it affects the government. Deal with it.”
Of course, we don’t like telling children the truth.
Re: Re: Re: third party doctrine
We don’t even like telling ourselves the truth.
Re: third party doctrine
I sometimes wonder if the internet would have ever become so popular (i.e., had so many people so freely divulge and communicate their most personal information over it) if they had actually known what you’re suggesting is true about 3rd Party Doctrine in relation to the internet.
For example, would most people accept Facebook’s TOS if it were written to accurately communicate what they intend to do with your information?
Facebook’s “honest” TOS:
“We watch you every minute that you?re here. We watch every detail of what you do, what you look at, who you?re paying attention to, what kind of attention you?re paying for how long, what you do next, and how you feel about it based on what you search for. We have wired the web so that we watch all the pages that you touch that aren?t ours, so that we know exactly what you?re reading all the time, and we correlate that with your behavior here. Your children spend hours every day with us. Every minute of those hours, we spy upon them more efficiently than you will ever be able to. And we reserve the right keep, sell, and/or otherwise do whatever we want with your personal information forever and ever. Muh. Ha. Ha.?
Accept?
So let’s get this right. He’s a Romanian, and got caught in Romania by Romanians and banged up in Romania for crimes against Romanians? With all the capabilities / overreach the US has, how come none of the NSA / FBI / CIA or anyone else US side got even close?
Re: Re:
To Americans, Romainians all look the same.
I’m gonna say Guccifier most likely deployed email fishing, combined with Cross-site scripting ? cookie theft.
– Send the victim a convincing looking email in HTML format, with a picture embedded in the message body.
– Get the victim to view the HTML email message in their web browser.
– The picture loads up from server Guccifier controls.
– Some cross-site JavaScript code executes, and all the victims session cookies get sent to Guccifier’s server.
– Guccifier loads those session cookies into his web browser, and logs into the victim’s AOL account without ever having to type in a password.
– Then changes the account password. Logs out and then back in, using the new password he just created.
– Email account has now been hijacked.
It’s just a guess, but that’s how I’d do it. If it is how he did it, it just goes to show us how dangerous it is to view HTML web mail in a browser.
Stick with POP3 and IMAP email clients. Even if HTML messages are viewed in email clients, JavaScript is usually disabled. At least in Thunderbird it is.
Its all a joke...
you can be indicted by a federal grand jury for pissing on a bush.
None this shit makes the legal system even remotely believable or respectable anymore. I know no longer trust the crimes people are accused with as being genuinely serious because the benign offender is often treated just as bad or worst as the most evil offender!
Re: Its all a joke...
you can be indicted by a federal grand jury for pissing on a bush
Assaulting a former president may even be treason.
Re: Its all a joke...
“you can be indicted by a federal grand jury for pissing on a bush.”
Or pissing off a Bush, in this case.
Re: Re: Its all a joke...
lol, yea… I though… I should have made it more of a pun after reading my post again considering the context.
As a conservative myself, I never understood what people saw in Bush. Sure he treated the Military better than others, but DHS and the Patriot Act has done far more damage to our nation than any terrorist act could ever do.
Re: Re: Re: Its all a joke...
Thank you. It’s the neocons that caused all the problems. Unfortunately, many of them are still in office or retain influence. They all need to go.
Victim #2 could fit in one of two ways
First way is that victim #2 has routine non-career interactions with the others. The article itself mentions that one of the alleged victims was Dorothy Bush, who was likely interesting to Guccifier not because of where she works / worked, but because she is an immediate relative of someone interesting. Assuming victim #2 is not Dorothy Bush directly, the same explanation could apply. Expand the non-career web out to touch parents, siblings, and adult offspring of interesting well known personalities and you have a decent sized list. Expand it again to touch the spouses, siblings, etc. of those people and the list is huge. Techdirt’s critique of NSA’s “three hops” theory shows how things grow fast, especially if we include friends instead of only blood/legal relatives.
Second way is that victim #2 has an account name that is “close enough” to the account name of someone interesting that Guccifier targeted it either hoping it was an alias or by mistake. Even if victim #2 is a “little guy” who ordinarily could not interest the Feds in investigating his/her case, once they realized that Guccifier had hit him and that they already had Guccifier, they would throw it on the list to extend the charge sheet.
Re: Victim #2 could fit in one of two ways
Victim #2 is the “jaywalking” in arson, murder, and jaywalking.
I think these five people are the only ones left on AOL, that’s what they have in common.
Isn’t it obvious? Victim 2 is the man behind the curtain, the head of the illuminati that controls everything. Garbage man? That’s a cover.
He’s also a reptilian.
Re: Re:
Are you STILL pissed off that the garbage guy took your tinfoil hat?
common thread
AOL?
Re: common thread
They still have 2.5 million subscribers (and dropping).
Re: Re: common thread
In other news, 2.5 million Americans do not carefully inspect their credit card bills for unnecessary recurring payments.
Victim 2 is not a riddle
It’s obvious why Victim 2 is named in the indictment; ust read the thing. Guccifer (seriously? Guccifer?)got information from the important accounts he had hacked, then used the account of Victim 2 to send that information to the press. Victim 2 is a key part of the narrative, so of course the lawyers include him.
By the way it’s “Guccifer” not “Guccifier.” Though there’s still time for him to become a household name, it’s unlikely he’ll ever be worth of a back-formation.
Re: Victim 2 is not a riddle
Correct! an astute insight. Victim 2’s account however, wasn’t the only account used to publicly post information.
a portmanteau of Gucci and Lucifer? Yes, it’s too cumbersome for a proper back-formation. Although, consider the Guccimeister, Guccirino, the Guccifier, making copies of personal info.
Re: Re: Victim 2 is not a riddle
He used to go by “Gucci”, but he was sued.
Re: Re: Victim 2 is not a riddle
“a portmanteau of Gucci and Lucifer?”
Not likely, everybody knows the devil wears Prada.
personal security mistakes
Beware the misguided whistleblower! Although prolific, this guy is not some ?ber hacker but just an obsessed script kiddy. His exploits show off some of the most egregious security mistakes made by individuals and the companies that control their accounts. Security questions used as a backup for forgotten passwords actually reduce security greatly. It is too easy to look up personal information that will enable you to answer the typical security question. I’m sorry, but you can’t use information that you, yourself, just remember offhand. Instead, if the question is “your favorite vacation spot” a secure answer (until now) will be “equator on Venus”. The other issue is linking personal accounts via a primary email address. If that email address is compromised, then all those other accounts are also compromised. In my view, such security questions should be eliminated altogether. You don’t want to be the next Cantwell F. Muckenfuss III (A DC lawyer).
Re: personal security mistakes
“Instead, if the question is “your favorite vacation spot” a secure answer (until now) will be “equator on Venus”.”
Well, at least it sounds better than something having to do with Uranus.
Re: Re: personal security mistakes
Q: What is your favorite vacation spot?
A: The dark spot on Uranus
Re: personal security mistakes
My method is to generate security answers the same way I do passwords – 4 to 10 diceware words. Since security questions can also be used on the phone as part of a human interaction to verify account ownership, it has the advantage of being able to say it easily. From the FAQ:
Of course a password manager (e.g. KeePass) and secure cloud (e.g.: SpiderOak) go a long way to keeping my sanity.
Q: What is your favorite pet’s name?
A: altair drown bema hurty
if the question is “your favorite vacation spot” a secure answer (until now) will be “equator on Venus”
How the heck did you know my security answer?
OH NO...
…my anonymous online persona is a sanitation engineer! But wait…no AOL account . What a relief. Who still has an AOL account, anyway?
prosecutor overreach
I don’t have much sympathy for this guy. He seemed to think he was doing some kind of public service doxing various famed people among the illuminati(???). In reality, he is just an annoying miscreant publicizing any personal information he got his hands on via guessing answers to account security questions. By now, any serious hacker knows you cannot rely on the use of a single proxy to maintain your anonymity. Yet, he made that mistake and he sometimes used screen captures when the same data was available via files. This reveals his lack of true hacker skills. No l33t H4x0r is he! The main reason I don’t have much sympathy for him though, is he is a cab driver and I have had some very bad experiences with cab drivers in Eastern Europe.
Despite all that, The US DOJ is still overreaching in its prosecution here. There are 9 counts.
For counts 1-3, wire fraud, they include “…to obtain money and property…”. From what is revealed in the indictment and various media reports, he was not selling the information he illicitly acquired or using it for extortion. Yet, they will argue, as with Weev, that he profited from his hacking, so a charge of fraud applies. That charge is not justified.
Count 7, Aggravated Identity Theft: Guccifer’s actions consisted of sending an email from victim 4 to victim 3, intending to provoke victim 3. I can see how that fits into identity theft but I wonder how believable, to victim 3, that email was. I doubt the prosecution would want take that into account. My hunch is that, being provocative, it was not so believable and then count 7 would not be justified.
Count 8, Cyberstalking: Without further information it is hard to evaluate this charge. This is what mystifies me though. How can a hacker thousands of miles away be both capable of surveillance and able to harass a victim at the same time? It were talking about control of an email account and possibly other social media accounts, it would seem, that once the victim became aware of the hacking they could changes passwords and answers to security questions and block the surveillance.
Count 9, Obstruction of Justice: This seems too easy to add as a serious crime when it can include any attempt by the culprit to stay hidden or erase his tracks. Recent examples are:
1: An obstruction of justice charge against Barret Brown’s mother for putting a laptop in a kitchen cabinet.
2: A recent charge against Khairullozhon Matanov, a friend of the Boston bombers. He erased some of the browser history on his computer not to cover any crime he did (The FBI does not think he was involved) but his connection with the bombers, his interest in jihad, and his interest in news coverage of the story. So, the indictment mentions his erasure of his browser history for CNN coverage of the bombing story as an example of obstruction of justice.
A final issue, is when someone is convicted in a foreign country is there any overlap when the US charges them with similar crimes. Is it fair to convict them of the same crime in two different countries? The indictment even asks for forfeiture when you can be sure Romania has already seized his computer and he did not gain any property from his exploits.
Re: prosecutor overreach
you can be sure Romania has already seized his computer
They better not have put it in a kitchen cabinet.