Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
×
Privacy Security

Krebs: 'Men Who Sent SWAT Team, Heroin to My Home Sentenced' (krebsonsecurity.com) 209

An anonymous reader quotes KrebsOnSecurity: On Thursday, a Ukrainian man who hatched a plan in 2013 to send heroin to my home and then call the cops when the drugs arrived was sentenced to 41 months in prison for unrelated cybercrime charges. Separately, a 19-year-old American who admitted to being part of a hacker group that sent a heavily-armed police force to my home in 2013 was sentenced to three years probation.

Sergey Vovnenko, a.k.a. "Fly," "Flycracker" and "MUXACC1," pleaded guilty last year to aggravated identity theft and conspiracy to commit wire fraud. Prosecutors said Vovnenko operated a network of more than 13,000 hacked computers, using them to harvest credit card numbers and other sensitive information... A judge in New Jersey sentenced Vovnenko to 41 months in prison, three years of supervised released and ordered him to pay restitution of $83,368.

Separately, a judge in Washington, D.C. handed down a sentence of three year's probation to Eric Taylor, a hacker probably better known by his handle "Cosmo the God." Taylor was among several men involved in making a false report to my local police department at the time about a supposed hostage situation at our Virginia home. In response, a heavily-armed police force surrounded my home and put me in handcuffs at gunpoint before the police realized it was all a dangerous hoax known as "swatting"... Taylor and his co-conspirators were able to dox so many celebrities and public officials because they hacked a Russian identity theft service called ssndob[dot]ru. That service in turn relied upon compromised user accounts at data broker giant LexisNexis to pull personal and financial data on millions of Americans.

This discussion has been archived. No new comments can be posted.

Krebs: 'Men Who Sent SWAT Team, Heroin to My Home Sentenced'

Comments Filter:
  • 3 years probation (Score:5, Insightful)

    by nitehawk214 ( 222219 ) on Sunday February 19, 2017 @01:40PM (#53896235)

    For what is essentially attempted murder?

    • by Comboman ( 895500 ) on Sunday February 19, 2017 @01:51PM (#53896273)
      To be fair, it's not his fault that American police forces have become an over-armed, under-trained occupying army ready to rain down deadly violence with few checks and balances.
      • Re: (Score:2, Insightful)

        by Anonymous Coward

        No that's not his fault but he knowingly placed everyone involved in danger...

      • by Anonymous Coward

        I agree that American police break down doors in far too many instances when they shouldn't, but you need to quit being so dramatic. They got a credible report of a hostage situation - they SHOULD roll up armed. And despite the press amplification of every single case (if the racial makeup is correct) the odds of an unarmed person getting shot by police are extremely low.

        • by AutodidactLabrat ( 3506801 ) on Sunday February 19, 2017 @03:22PM (#53896541)
          So how many "odds" does it take for a man laying face down, compliant with police, in a public arena, with a knee on his neck, to get shot through the heart and his murderer to walk away with 2 years?
          1
        • by lgw ( 121541 ) on Sunday February 19, 2017 @04:30PM (#53896813) Journal

          I agree that American police break down doors in far too many instances when they shouldn't, but you need to quit being so dramatic. They got a credible report of a hostage situation - they SHOULD roll up armed

          The correct response to a reported hostage situation is absolutely not to have a bunch of over-armed thugs in mall-ninja gear kick down the door. The correct response is a negotiator, a sniper, some normal cops in vests, and patience. You know, how SWAT teams worked before the cops starting playing soldier.

          • That depends entirely on the situation. In the case of an active shooter (which is what most of these calls claim) the police are obligated to storm in to save lives. After Columbine these policies were changed because if the police had moved in immediately they would have saved a lot of lives. Instead they did what you suggest as the standard procedure at the time, but that procedure doesn't work with a shooter whose aiming to kill people and doesn't care if they live or die. In that situation the only way

            • by lgw ( 121541 )

              "Reports of" an active shooter mean fuck-all. Mass shootings are incredibly, vanishingly rare events. The false-positive rate is over 99%. Yes, you want cops in vests, just in case, but there's no rational excuse to go in gangbusters until there's first-hand evidence that it will do more good than harm.

        • While the police reaction was justified, the situation so often turns to the "wrong" target dead, that 3 years of probation for exposing someone to this kind of danger is a joke.

          It shouldn't be that the police doesn't react to reports of hostage situations. It should be that nobody ever knowingly, falsely reports such a situation - for fear of the consequences.

          • by Cederic ( 9623 ) on Sunday February 19, 2017 @06:11PM (#53897247) Journal

            While the police reaction was justified, the situation so often turns to the "wrong" target dead

            You appear to have contradicted yourself.

            • by Dog-Cow ( 21281 )

              No, he didn't. You appear to be looking in a funhouse mirror.

              • by Cederic ( 9623 )

                No, I really look like this.

                A police response that 'so often' kills innocent people is not justified, especially based on a single fucking phone call.

                • As long as the number of people saved exceeds the number of people wrongly killed, then the intervention is justified. Accidents happen always. Currently, they happen excessively often and it's a worrisome trend which should be corrected, but only when SWAT kills more innocents than would people SWAT is called to, it needs to be dissolved entirely.

                  • by Cederic ( 9623 )

                    You appear to have omitted alternative threat responses that don't require everybody in the house to be shot.

                    You know, basic shot like working out what the situation is before bursting in, shooting the dog, throwing grenades at the kids and risking the lives of everyone in the building.

                    I stand more chance of being shot by the US police than I do by a criminal and I don't even fucking live in the US

                    • I'm arguing that responding to a report of a hostage situation and treating it with full seriousness of actual hostage situation, dispatching the designated unit and handling the situation according to the procedures without shade of assumption this is just a stupid prank is the correct course of action. "Dispatch did nothing wrong."

                      I'm absolutely not arguing that the designated unit is best for this kind of work, or that the procedures - or behavior outside of these procedures - is any good. Simply put, SW

        • They got a credible report of a hostage situation - they SHOULD roll up armed.

          They got a report. Was it a "credible" report? No. They dealt with the situation appropriately.

          • Credible does not mean "real".
            It means "likely to be real".

            Real can only be determined AFTER you show up. Credible determines IF you show you up - and to a lesser extent how you show up.

      • It may not be his fault- but he is fully aware of this fact - and directed them against an innocent person. That amounts to attempted murder with a deadly weapon.
        Just because the weapon in this case happens to be the police changes nothing - using the police as a weapon isn't even new. Ever heard of "suicide by cop" ?

    • Re:3 years probation (Score:5, Interesting)

      by clovis ( 4684 ) on Sunday February 19, 2017 @02:59PM (#53896457)

      It looks to me like Eric Taylor's sentence wasn't for the swatting incident, and it was a plea bargain.
      http://www.washingtontimes.com... [washingtontimes.com]

      From the linked article:

      A teenager hacker was sentenced in D.C. federal court Wednesday for a slew of cybercrimes committed against President Trump, Michelle Obama and former CIA Director John Brennan, among others.

      Mr. Taylor and multiple co-conspirators are accused by the government of illegally obtaining personal information from high-profile victims and publishing it on a website, Exposed.Su, in 2013. He pleaded guilty last year to related charges and was sentenced at 2 p.m. Wednesday by U.S. District Judge Randolph Moss in Washington, D.C., The Times has learned.

      Allegations against Mr. Taylor and others charged in the conspiracy were filed under seal, and Wednesday’s sentencing hearing was not listed on the court’s website. Details of the sentencing were confirmed to The Times by individuals familiar with the case but not authorized to publicly discuss the matter.

      Because everything is sealed, I suspect that the defense attorney's threatened to use the trial to dump into the public record everything that Eric et al had stolen, and that would be harmful to the high-profile people they hacked. Hence the light sentence and plea bargain.

      • I knew it was going to be a plea bargain. District Attorneys are lazy anymore and would rather give someone a light sentence than risk a not guilty verdict. They bring up a dozen scary charges and then act like they are doing a favor with a deal. If people stopped doing plea deals the courts would grind to a halt with backlogged cases.

        All the outrage over the rapist Brock Turner getting six months? He agreed to a plea deal and so did the victim. The judge could only sentence for the lesser crime he agreed t

        • > The judge could only sentence for the lesser crime he agreed to.

          And you conveniently forget that, that lesser crime is liable for a sentence of up to 10 years. To give 6 months on a crime with an up-to-10-years sentence requires very, very strong mitigating circumstances. A judge who does that is effectively saying "this person has pled guilty, or technically broken a law, with no malicious intent and his actions really shouldn't be a crime but since I'm forced to punish him I'll give him a rap on the

    • For what is essentially attempted murder?

      Absolutely correct, this is attempted murder, and should be handled as such by the legal system.

    • by raymorris ( 2726007 ) on Sunday February 19, 2017 @03:58PM (#53896687) Journal

      The offender wasn't *trying* to kill Krebs. So not attempted murder.

        Krebs didn't die, so not manslaughter.

      The offender did act in a way to create a dangerous situation with no regard for the fact that Krebs, other people in his home, or police officers could be seriously injured. That neatly matches the definition of "reckless endangerment".

      Had someone actually died, it would match the definition of "depraved-heart murder", which is second-degree homicide in many states. Depraved-heart murder is killing someone through actions not actually *intended* to kill them, but by reckless disregard for their safety.

      • Thank you for a new phrase for my daily vocabulary exercise, "depraved-heart murder". Now I just have to work the phrase into three sentences using different tenses.

      • by ranton ( 36917 )

        Had someone actually died, it would match the definition of "depraved-heart murder", which is second-degree homicide in many states. Depraved-heart murder is killing someone through actions not actually *intended* to kill them, but by reckless disregard for their safety.

        One really messed up part of our judicial system is that punishment is often more interested in the results of the perpetrator's actions instead of the intent. There is no sane reason why attempted murder and murder have different punishments, since the intent was the same. Similarly, there should be no difference in the punishment for depraved-heart murder and reckless endangerment.

        • I agree it's an issue. The difference in penalties may be too great in many instances. There are of course a couple of reasons sentences are, and should be, different.

          Keeping closest to the viewpoint you brought up, many things are dangerous. Heck, MOST things involve some risk. Consequences should fit the actual risk. Suppose I shoot off some fireworks in the middle of some soccer fields, full of short green, moist grass (which doesn't burn). Another person shoots off fireworks in their apartment complex

          • Buying a butcher knife with the intent to use it on someone is attempted murder

            In what jurisdiction? Doesn't seem to be US, UK, Australia, ... ?

            • Buying a butcher knife with the intent to use it on someone is attempted murder

              In what jurisdiction? Doesn't seem to be US, UK, Australia, ... ?

              More like a component of "conspiracy to commit murder" in the UK I'd have thought. I think you actually have to physically try to kill someone for it to be attempted murder.

            • You're right, that would probably be "mere preparation" and therefore not attempted murder. Though as someone else pointed out, if TWO people go get the knife, there's conspiracy to commit murder.

              Anyway, a very weak attempt is an attempt.

        • Had someone actually died, it would match the definition of "depraved-heart murder", which is second-degree homicide in many states. Depraved-heart murder is killing someone through actions not actually *intended* to kill them, but by reckless disregard for their safety.

          One really messed up part of our judicial system is that punishment is often more interested in the results of the perpetrator's actions instead of the intent. There is no sane reason why attempted murder and murder have different punishments, since the intent was the same. Similarly, there should be no difference in the punishment for depraved-heart murder and reckless endangerment.

          But then you would end up with people being put in prison for pure thought-crimes.

      • by lgw ( 121541 )

        It varies a lot by state (and even more outside the US). The intent to kill isn't a hard requirement for attempted murder - sometimes the line is drawn at an intentional action that could reasonably cause death. Seems like the sort of charge an ambitious prosecutor might try on.

        Also worth noting: if maliciously calling in a fake 911 call is a felony, then in most states it would be murder if someone actually died as a result.

    • I'd call it "reckless endangerment", not quite as severe as attempted murder but still a serious felony. Its doing something that a reasonable person would realize places others at risk of harm or death, even if that wasn't the intent.

      • Is reckless endangerment directed at a single person?

        There's wire fraud and causing severe mental distress involved here.

  • Cosmo the Cumbucket

    Seriously, this sentence seems absurd. I thought "on a computer" was supposed to add orders of a magnitude to a sentence.

  • After the sentence is finished, the Ukrainian guy should be sent to Ukraine, maybe the most violent part of that war torn country. On the other hand, the Russian mafia may put him to use there. Oh, well.
  • by LeftCoastThinker ( 4697521 ) on Sunday February 19, 2017 @01:56PM (#53896285)

    The US needs to force phone companies to update the ancient VOIP protocols with some kind of security certificate/trust system to eliminate spoofed phone numbers and crack down on SWATing. In an act where Krebs or one of his family members could have been killed, this kind of behavior needs to be treated like attempted murder, not some prank. Even under the best of circumstances, the family pet is often killed by the SWAT team to avoid injury.

    With a security cert system, the phone network would refuse to route any calls without a valid certificate, and valid certificates could be traced back to a credit card/drivers license/IP address all tied to that certificate number, as well as a physical device and it's actual IP. I am sure there are still ways to circumvent it, but it would be a good starting point, and would catch most of the script kiddies, which is where 90% of this SWATing comes from.

    Fly by night shady companies that refuse to collect this information or programs of the same nature simply wouldn't be able to place calls at all. For the same reason that it should be illegal to protest with a mask concealing your face, it should be illegal to obscure/spoof your identity through the phone system, and attempting to do so in and of it'self should be a federal crime with heavy penalties (I am looking at you telemarketers).

    • by Registered Coward v2 ( 447531 ) on Sunday February 19, 2017 @02:25PM (#53896361)
      Good points but this wasn't spoofing a number but rather using the TTY service setup for deaf people to make the call. Scammers use them as well because they are required by law to transcribe verbatim dialogue. They may also be prevented from identifying themselves as an intermediary.
    • by cyber-vandal ( 148830 ) on Sunday February 19, 2017 @02:45PM (#53896417) Homepage

      Why should it be illegal to hide your face during a protest?

      • by Threni ( 635302 )

        Because it's harder to investigate criminals that way. If you're taking part in a protest but being anonymous, what are you actually doing there?

      • Re: (Score:2, Interesting)

        by Anonymous Coward

        Why should it be illegal to hide your face during a protest?

        Ask the KKK.

        Literally.

        The KKK is why those laws exist in the first place.

      • As others have stated, those hiding their identity during protests are usually doing so to avoid identification so they can commit crimes during their "protesting". It is already illegal in Washington DC, but it should be illegal (and enforced) nation wide.

        • So as an example, a gay man working for a homophobic employer would not be able to take part in a gay rights demonstration for fear that his employer would dismiss him should he appear on TV? I'm sure there are plenty of similar hypothetical situations where this can be considered a bad idea even where the government is not involved.

          • Actually it is illegal for an employer to discriminate in that way and they can face serious sanction if they do.

            The more likely scenario these days is someone participating in a pro marriage or pro life march being discriminated against, as multiple CEOs have been targeted and lost their jobs because of their religious beliefs. Either way, it is pointless to march with a mask on. It indicates that you support your cause, just not enough to put your name/identity at stake.

    • I think it's been established that making use of an IP address to connect an individual to a crime won't stand up in court. The same might be a problem for a VOiP connected phone because of the hacking of its IP address.
    • Re: (Score:3, Insightful)

      by XparXnoiaX ( 4714613 )
      Anonymity was crucial to the founding of our democracy, and people should be allowed to protest without being recognized. Giving the government a huge new surveillance tool is not the right answer to stopping swatting.
      • This would not be a new surveillance tool. The VOIP digital signature/trust cert would be run by private industry, but when the government comes to the phone company with a warrant, or if you call 911, that information is readily available and accurate. In theory you are already identified when you call 911, unless you are spoofing or otherwise manipulating your information.

    • by AmiMoJo ( 196126 ) on Sunday February 19, 2017 @03:43PM (#53896633) Homepage Journal

      Nice idea but it seems like it wouldn't work with a lot of services. You can sign up for various VOIP accounts for free and they obliged to provide emergency service for safety. IP addresses are easily masked. Even credit cards are easily bought for a few Bitcoins and someone can always use a payphone.

      A better, simpler solution would be to not send in armed police, fingers on triggers because of a single phone call.

      • by Ogive17 ( 691899 )
        The problem is if they do not response appropriately and there is a true emergency and someone dies, they may get sued over that.

        We have devolved as a society. I believe trust and civility are necessary for a successful society, trust is all but gone now. Shit, we have a President that lies his ass off about any subject he doesn't like.

        I do worry about the future for my son. Are we going to leave some shit storm for future generations to deal with?
      • Nice idea but it seems like it wouldn't work with a lot of services. You can sign up for various VOIP accounts for free and they obliged to provide emergency service for safety. IP addresses are easily masked. Even credit cards are easily bought for a few Bitcoins and someone can always use a payphone.

        A better, simpler solution would be to not send in armed police, fingers on triggers because of a single phone call.

        Unfortunately, it is completely unrealistic to expect the police not to be anticipating a fight if you supposedly call them threatening to kill someone or blow up something etc. That is just not the real world.

        Yes, there are ways to circumvent any system in theory. However, those VOIP sevices (which I have used myself in the past) would be required to get a scan of your drivers license, credit card, and their software/hardware would take that information and integrate it into your IP or IP route (or somet

    • Agreed. Those with a legitimate use-case for spoofing (LEO's, PI's, skip-tracers, &c.) should be required to obtain and maintain a licence to use spoofing. In no way, shape, or form should the general public be allowed to spoof phone numbers. Anyone who spoofs illicitly should be charged federally with wire fraud and prosecuted to the full extent of the law. That would cut down on this bullshit.
  • Too lenient (Score:5, Insightful)

    by Anonymous Coward on Sunday February 19, 2017 @02:11PM (#53896323)

    People who are charged with uploading songs, movies, and academic journals to the internet (with no financial gain to themselves) are threatened with decades of prison time and absurd financial penalties. These people deceive SWAT teams and recklessly endanger lives and get probation? Misplaced priorities, folks. The so-called swatters should receive more severe penalties, in my opinion.

    • The guy took a plea deal from the DA. The judge can only sentence for this lesser crime.

    • by Rakarra ( 112805 )

      People who are charged with uploading songs, movies, and academic journals to the internet (with no financial gain to themselves) are threatened with decades of prison time and absurd financial penalties.

      People are "threatened" all the time with ridiculous penalties for all sorts of crimes, it's what happens to "cut a deal" so they can avoid the expense and bother of a trial, but I've yet to hear of the person actually serving a 30-year sentence for just sharing some songs on the Internet.

  • by fuzzyfuzzyfungus ( 1223518 ) on Sunday February 19, 2017 @03:06PM (#53896477) Journal
    So, the only illicit aspect of the "Russian identity theft service called ssndob[dot]ru" is the fact that it used compromised LexisNexis accounts to pull personal details from their gigantic database; rather than paying for access like a decent customer...

    How supremely comforting.
  • No where does it say what happened to the heroin.

  • by PopeRatzo ( 965947 ) on Sunday February 19, 2017 @04:03PM (#53896701) Journal

    On Thursday, a Ukrainian man who hatched a plan in 2013 to send heroin to my home and then call the cops when the drugs arrived was sentenced to 41 months in prison for unrelated cybercrime charges. Separately, a 19-year-old American who admitted to being part of a hacker group that sent a heavily-armed police force to my home in 2013 was sentenced to three years probation.

    Sergey Vovnenko, a.k.a. "Fly," "Flycracker" and "MUXACC1," pleaded guilty last year to aggravated identity theft and conspiracy to commit wire fraud. Prosecutors said Vovnenko operated a network of more than 13,000 hacked computers, using them to harvest credit card numbers and other sensitive information... A judge in New Jersey sentenced Vovnenko to 41 months in prison, three years of supervised released and ordered him to pay restitution of $83,368.

    And now people like this are in charge of our elections.

  • Break their fingers. Bat to hand style.

"All the people are so happy now, their heads are caving in. I'm glad they are a snowman with protective rubber skin" -- They Might Be Giants

Working...