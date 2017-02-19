Follow Slashdot stories on Twitter

 


Krebs: 'Men Who Sent SWAT Team, Heroin to My Home Sentenced' (krebsonsecurity.com) 121

Posted by EditorDavid
An anonymous reader quotes KrebsOnSecurity: On Thursday, a Ukrainian man who hatched a plan in 2013 to send heroin to my home and then call the cops when the drugs arrived was sentenced to 41 months in prison for unrelated cybercrime charges. Separately, a 19-year-old American who admitted to being part of a hacker group that sent a heavily-armed police force to my home in 2013 was sentenced to three years probation.

Sergey Vovnenko, a.k.a. "Fly," "Flycracker" and "MUXACC1," pleaded guilty last year to aggravated identity theft and conspiracy to commit wire fraud. Prosecutors said Vovnenko operated a network of more than 13,000 hacked computers, using them to harvest credit card numbers and other sensitive information... A judge in New Jersey sentenced Vovnenko to 41 months in prison, three years of supervised released and ordered him to pay restitution of $83,368.

Separately, a judge in Washington, D.C. handed down a sentence of three year's probation to Eric Taylor, a hacker probably better known by his handle "Cosmo the God." Taylor was among several men involved in making a false report to my local police department at the time about a supposed hostage situation at our Virginia home. In response, a heavily-armed police force surrounded my home and put me in handcuffs at gunpoint before the police realized it was all a dangerous hoax known as "swatting"... Taylor and his co-conspirators were able to dox so many celebrities and public officials because they hacked a Russian identity theft service called ssndob[dot]ru. That service in turn relied upon compromised user accounts at data broker giant LexisNexis to pull personal and financial data on millions of Americans.

  • 3 years probation (Score:5, Insightful)

    by nitehawk214 ( 222219 ) on Sunday February 19, 2017 @01:40PM (#53896235)

    For what is essentially attempted murder?

    • Re: (Score:2, Insightful)

      by Comboman ( 895500 )
      To be fair, it's not his fault that American police forces have become an over-armed, under-trained occupying army ready to rain down deadly violence with few checks and balances.

      • Re: (Score:1)

        by Anonymous Coward

        To be fair, it's not his fault that American police forces have become an over-armed, under-trained occupying army ready to rain down deadly violence with few checks and balances.

        but he knew that. So what you're saying is basically, "it's not his fault that pollonium is not just a bit toxic and killed him, after he put it in his tea"...

        (captcha: stirred. seriously?! is the captcha-bot now reading the postings ;))?

      • Re: 3 years probation (Score:2, Insightful)

        by Anonymous Coward

        I agree that American police break down doors in far too many instances when they shouldn't, but you need to quit being so dramatic. They got a credible report of a hostage situation - they SHOULD roll up armed. And despite the press amplification of every single case (if the racial makeup is correct) the odds of an unarmed person getting shot by police are extremely low.

        • So how many "odds" does it take for a man laying face down, compliant with police, in a public arena, with a knee on his neck, to get shot through the heart and his murderer to walk away with 2 years?
          1

        • Re: 3 years probation (Score:5, Insightful)

          by lgw ( 121541 ) on Sunday February 19, 2017 @04:30PM (#53896813) Journal

          I agree that American police break down doors in far too many instances when they shouldn't, but you need to quit being so dramatic. They got a credible report of a hostage situation - they SHOULD roll up armed

          The correct response to a reported hostage situation is absolutely not to have a bunch of over-armed thugs in mall-ninja gear kick down the door. The correct response is a negotiator, a sniper, some normal cops in vests, and patience. You know, how SWAT teams worked before the cops starting playing soldier.

        • While the police reaction was justified, the situation so often turns to the "wrong" target dead, that 3 years of probation for exposing someone to this kind of danger is a joke.

          It shouldn't be that the police doesn't react to reports of hostage situations. It should be that nobody ever knowingly, falsely reports such a situation - for fear of the consequences.

          • Re: (Score:2)

            by Cederic ( 9623 )

            While the police reaction was justified, the situation so often turns to the "wrong" target dead

            You appear to have contradicted yourself.

        • They got a credible report of a hostage situation - they SHOULD roll up armed.

          They got a report. Was it a "credible" report? No. They dealt with the situation appropriately.

      • Re: (Score:1)

        by Anonymous Coward

        To be fair, it's not his fault that American police forces have become an over-armed, under-trained occupying army ready to rain down deadly violence with few checks and balances.

        So by that logic, I can push you in front of a moving train, and your death isn't my fault because I didn't make the train move or make the train so heavy that it's not possible to stop in time?

        Or I could take a cut extension cord plugged into an AC outlet and electrocute you with the bare wires, and it isn't by fault because I'm not the one that placed high voltage AC over those lines?

        Does your broken logic even matter? Where do you see anyone blaming this kid for the fact the american police force is now

    • Re: (Score:3)

      by clovis ( 4684 )

      It looks to me like Eric Taylor's sentence wasn't for the swatting incident, and it was a plea bargain.
      http://www.washingtontimes.com... [washingtontimes.com]

      From the linked article:

      A teenager hacker was sentenced in D.C. federal court Wednesday for a slew of cybercrimes committed against President Trump, Michelle Obama and former CIA Director John Brennan, among others.

      Mr. Taylor and multiple co-conspirators are accused by the government of illegally obtaining personal information from high-profile victims and publishing it on a website, Exposed.Su, in 2013. He pleaded guilty last year to related charges and was sentenced at 2 p.m. Wednesday by U.S. District Judge Randolph Moss in Washington, D.C., The Times has learned.

      Allegations against Mr. Taylor and others charged in the conspiracy were filed under seal, and Wednesday’s sentencing hearing was not listed on the court’s website. Details of the sentencing were confirmed to The Times by individuals familiar with the case but not authorized to publicly discuss the matter.

      Because everything is sealed, I suspect that the defense attorney's threatened to use the trial to dump into the public record everything that Eric et al had stolen, and that would be harmful to the high-profile people they hacked. Hence the light sentence and plea bargain.

      • I knew it was going to be a plea bargain. District Attorneys are lazy anymore and would rather give someone a light sentence than risk a not guilty verdict. They bring up a dozen scary charges and then act like they are doing a favor with a deal. If people stopped doing plea deals the courts would grind to a halt with backlogged cases.

        All the outrage over the rapist Brock Turner getting six months? He agreed to a plea deal and so did the victim. The judge could only sentence for the lesser crime he agreed t

    • For what is essentially attempted murder?

      Absolutely correct, this is attempted murder, and should be handled as such by the legal system.

    • Reckless endangerment (Score:5, Informative)

      by raymorris ( 2726007 ) on Sunday February 19, 2017 @03:58PM (#53896687) Journal

      The offender wasn't *trying* to kill Krebs. So not attempted murder.

        Krebs didn't die, so not manslaughter.

      The offender did act in a way to create a dangerous situation with no regard for the fact that Krebs, other people in his home, or police officers could be seriously injured. That neatly matches the definition of "reckless endangerment".

      Had someone actually died, it would match the definition of "depraved-heart murder", which is second-degree homicide in many states. Depraved-heart murder is killing someone through actions not actually *intended* to kill them, but by reckless disregard for their safety.

      • Thank you for a new phrase for my daily vocabulary exercise, "depraved-heart murder". Now I just have to work the phrase into three sentences using different tenses.

      • Re: (Score:2)

        by ranton ( 36917 )

        Had someone actually died, it would match the definition of "depraved-heart murder", which is second-degree homicide in many states. Depraved-heart murder is killing someone through actions not actually *intended* to kill them, but by reckless disregard for their safety.

        One really messed up part of our judicial system is that punishment is often more interested in the results of the perpetrator's actions instead of the intent. There is no sane reason why attempted murder and murder have different punishments, since the intent was the same. Similarly, there should be no difference in the punishment for depraved-heart murder and reckless endangerment.

        • It's not messed up. Well, not always. When you talk about intent, you're confusing conviction and sentencing.

          Consider drink driving. If you get pulled over and blow over the limit, it's not exactly crime of the century. If you're drunk and you run over a pedestrian, it's a far more serious matter. Having said that, there are plenty of examples of habitual drunk drivers receiving custodial sentences, while a first time offender who runs someone over escapes jail.

          Sentencing has to consider culpability, the pr

    • I'd call it "reckless endangerment", not quite as severe as attempted murder but still a serious felony. Its doing something that a reasonable person would realize places others at risk of harm or death, even if that wasn't the intent.

      • Is reckless endangerment directed at a single person?

        There's wire fraud and causing severe mental distress involved here.

  • Cosmo the Cumbucket

    Seriously, this sentence seems absurd. I thought "on a computer" was supposed to add orders of a magnitude to a sentence.

    • Re: (Score:1)

      by Anonymous Coward

      Seriously, this sentence seems absurd. I thought "on a computer" was supposed to add orders of a magnitude to a sentence.

      Sounds like "Cosmo" is a rich white kid from a wealthy and politically well connected family. If he had been poor or brown, the worst case being both poor and brown, he would have received something more along the lines of what Aaron Swartz was threatened with, 50 years imprisonment and $1 million in fines and restitution. The justice system here in American could hardly be more biased against poor brown people if it was designed that way from the start, which in a manner of speaking it was.

  • After the sentence is finished, the Ukrainian guy should be sent to Ukraine, maybe the most violent part of that war torn country. On the other hand, the Russian mafia may put him to use there. Oh, well.

  • SWATing needs serious consequences (Score:5, Interesting)

    by LeftCoastThinker ( 4697521 ) on Sunday February 19, 2017 @01:56PM (#53896285)

    The US needs to force phone companies to update the ancient VOIP protocols with some kind of security certificate/trust system to eliminate spoofed phone numbers and crack down on SWATing. In an act where Krebs or one of his family members could have been killed, this kind of behavior needs to be treated like attempted murder, not some prank. Even under the best of circumstances, the family pet is often killed by the SWAT team to avoid injury.

    With a security cert system, the phone network would refuse to route any calls without a valid certificate, and valid certificates could be traced back to a credit card/drivers license/IP address all tied to that certificate number, as well as a physical device and it's actual IP. I am sure there are still ways to circumvent it, but it would be a good starting point, and would catch most of the script kiddies, which is where 90% of this SWATing comes from.

    Fly by night shady companies that refuse to collect this information or programs of the same nature simply wouldn't be able to place calls at all. For the same reason that it should be illegal to protest with a mask concealing your face, it should be illegal to obscure/spoof your identity through the phone system, and attempting to do so in and of it'self should be a federal crime with heavy penalties (I am looking at you telemarketers).

    • Re:SWATing needs serious consequences (Score:4, Insightful)

      by Registered Coward v2 ( 447531 ) on Sunday February 19, 2017 @02:25PM (#53896361)
      Good points but this wasn't spoofing a number but rather using the TTY service setup for deaf people to make the call. Scammers use them as well because they are required by law to transcribe verbatim dialogue. They may also be prevented from identifying themselves as an intermediary.

    • Why should it be illegal to hide your face during a protest?

      • Re: (Score:1)

        by Calydor ( 739835 )

        Because more often than not lately, peaceful protests very quickly become not-so-peaceful with a lot of illegal activity like vandalism, violence, looting etc.

        Adding anonymity to the mix only makes things worse, as per the Greater Internet Fuckwad Theory.

      • Re: (Score:2)

        by Threni ( 635302 )

        Because it's harder to investigate criminals that way. If you're taking part in a protest but being anonymous, what are you actually doing there?

      • Re: (Score:1)

        by Anonymous Coward

        Why should it be illegal to hide your face during a protest?

        Ask the KKK.

        Literally.

        The KKK is why those laws exist in the first place.

      • As others have stated, those hiding their identity during protests are usually doing so to avoid identification so they can commit crimes during their "protesting". It is already illegal in Washington DC, but it should be illegal (and enforced) nation wide.

    • Re: (Score:1)

      by Anonymous Coward

      > . For the same reason that it should be illegal to protest with a mask concealing your face, it should be illegal to obscure/spoof your identity through the phone system

      The reason governments want to remove anonymity during protests is in order to collect data on those that oppose the government. Sure, this means vandals might be able to get away with causing damage, but that's a small price to pay for the freedom to protest your government.

      I am not sure how that correlates with spoofing your identity

    • I think it's been established that making use of an IP address to connect an individual to a crime won't stand up in court. The same might be a problem for a VOiP connected phone because of the hacking of its IP address.

    • Re: (Score:3, Insightful)

      by XparXnoiaX ( 4714613 )
      Anonymity was crucial to the founding of our democracy, and people should be allowed to protest without being recognized. Giving the government a huge new surveillance tool is not the right answer to stopping swatting.

      • This would not be a new surveillance tool. The VOIP digital signature/trust cert would be run by private industry, but when the government comes to the phone company with a warrant, or if you call 911, that information is readily available and accurate. In theory you are already identified when you call 911, unless you are spoofing or otherwise manipulating your information.

    • Re:SWATing needs serious consequences (Score:4, Insightful)

      by AmiMoJo ( 196126 ) <mojo@@@world3...net> on Sunday February 19, 2017 @03:43PM (#53896633) Homepage

      Nice idea but it seems like it wouldn't work with a lot of services. You can sign up for various VOIP accounts for free and they obliged to provide emergency service for safety. IP addresses are easily masked. Even credit cards are easily bought for a few Bitcoins and someone can always use a payphone.

      A better, simpler solution would be to not send in armed police, fingers on triggers because of a single phone call.

      • Re: (Score:2)

        by Ogive17 ( 691899 )
        The problem is if they do not response appropriately and there is a true emergency and someone dies, they may get sued over that.

        We have devolved as a society. I believe trust and civility are necessary for a successful society, trust is all but gone now. Shit, we have a President that lies his ass off about any subject he doesn't like.

        I do worry about the future for my son. Are we going to leave some shit storm for future generations to deal with?

      • Nice idea but it seems like it wouldn't work with a lot of services. You can sign up for various VOIP accounts for free and they obliged to provide emergency service for safety. IP addresses are easily masked. Even credit cards are easily bought for a few Bitcoins and someone can always use a payphone.

        A better, simpler solution would be to not send in armed police, fingers on triggers because of a single phone call.

        Unfortunately, it is completely unrealistic to expect the police not to be anticipating a fight if you supposedly call them threatening to kill someone or blow up something etc. That is just not the real world.

        Yes, there are ways to circumvent any system in theory. However, those VOIP sevices (which I have used myself in the past) would be required to get a scan of your drivers license, credit card, and their software/hardware would take that information and integrate it into your IP or IP route (or somet

    • Agreed. Those with a legitimate use-case for spoofing (LEO's, PI's, skip-tracers, &c.) should be required to obtain and maintain a licence to use spoofing. In no way, shape, or form should the general public be allowed to spoof phone numbers. Anyone who spoofs illicitly should be charged federally with wire fraud and prosecuted to the full extent of the law. That would cut down on this bullshit.

  • Too lenient (Score:5, Insightful)

    by Anonymous Coward on Sunday February 19, 2017 @02:11PM (#53896323)

    People who are charged with uploading songs, movies, and academic journals to the internet (with no financial gain to themselves) are threatened with decades of prison time and absurd financial penalties. These people deceive SWAT teams and recklessly endanger lives and get probation? Misplaced priorities, folks. The so-called swatters should receive more severe penalties, in my opinion.

    • Re: (Score:1)

      by Anonymous Coward

      Contrariwise, people who are charged with uploading songs, movies, and academic journals to the internet should receive less severe penalties. We need fewer people in prison, not more. We shouldn't correct sentencing disparity by punishing a SWATer as hard as a copyright infringer, we should do it by reducing the penalty for copyright infringement so the SWATer's 3 year probation looks very tough in comparison.

    • The guy took a plea deal from the DA. The judge can only sentence for this lesser crime.

  • And the cheerful part... (Score:3)

    by fuzzyfuzzyfungus ( 1223518 ) on Sunday February 19, 2017 @03:06PM (#53896477) Journal
    So, the only illicit aspect of the "Russian identity theft service called ssndob[dot]ru" is the fact that it used compromised LexisNexis accounts to pull personal details from their gigantic database; rather than paying for access like a decent customer...

    How supremely comforting.

  • No where does it say what happened to the heroin.

  • Will of the People (Score:3)

    by PopeRatzo ( 965947 ) on Sunday February 19, 2017 @04:03PM (#53896701) Journal

    On Thursday, a Ukrainian man who hatched a plan in 2013 to send heroin to my home and then call the cops when the drugs arrived was sentenced to 41 months in prison for unrelated cybercrime charges. Separately, a 19-year-old American who admitted to being part of a hacker group that sent a heavily-armed police force to my home in 2013 was sentenced to three years probation.

    Sergey Vovnenko, a.k.a. "Fly," "Flycracker" and "MUXACC1," pleaded guilty last year to aggravated identity theft and conspiracy to commit wire fraud. Prosecutors said Vovnenko operated a network of more than 13,000 hacked computers, using them to harvest credit card numbers and other sensitive information... A judge in New Jersey sentenced Vovnenko to 41 months in prison, three years of supervised released and ordered him to pay restitution of $83,368.

    And now people like this are in charge of our elections.

