捷克佳/与老常谈起CBL的故事，他说，来这里进行数据恢复的每个人都有不同的故事，他印象深刻的几个事例是：加拿大国防部因抱一线希望抢救数据，将他们准备从温哥华返回多伦多的机票撕毁；美国FBI将他们的员工黑布套头，拉进不知的地点恢复数据；更为精彩的是为设在哥斯达黎加的网上赌场还原用户机密资料，时间是2003年的2月。关键词搜索：casino hacker cbl recovery
Data Recovery Article: Overseas Security Advisory Council – February 24, 2003
Crucial Data Rescued After Hacker RAID: Key Server Stripped: ‘It Was Akin to Hacking Into The Pentagon’
Three weeks ago, in a stunning RAID, Russian hackers seized control of the servers that support one of the Internet’s largest online gaming operations, demanding a ransom. It was a real-life, high-tech version of the movie Ocean’s Eleven.
By the time the ransom was paid, one key server — the one containing all operational data for 120 Internet gaming sites and a long list of consulting clients — seemed to be stripped of its data.
At stake were all the operational records of a gambling empire.
“We didn’t even have the names of customers,” says Juan Bonilla, executive vice-president of Grafix Softech F.A. of San Juan, Costa Rica. “We lost everything.”
To make matters worse, little, if any, of the data had been backed up off-site. Grafix Softech was losing an estimated US$75,000 a day in profits, and the incident left it open to lawsuits from customers whose businesses relied on Grafix Softech’s services.
What could have been a major disaster became a bump in the corporate road. In an amazing feat of ingenuity, CBL Data Recovery Technologies Limited of Markham, Ont., managed to recover all the lost data. It was a close call, admits Bill Margeson, president of CBL.
“We got the hard drives late Sunday, Feb. 9. By Tuesday, we were ready to throw in the towel; it looked hopeless,” he says. “Then on Wednesday, on a conference call, one of our guys in San Diego had this terrific insight. One of our London guys added to it, and by Friday we were able to get Juan back on a plane to Costa Rica with all the records restored.”
The trouble started Feb. 5, when all of the sites supported by Grafix Softech suddenly went down. The company’s support staff found that Russian hackers had managed to bypass firewalls and other security systems and insert a virus into the five servers Grafix uses for its online operations. Four of them support the sites and one contains all operational data. The virus encrypted all information on the servers.
“It was akin to hacking into the Pentagon,” Mr. Margeson says. “Grafix had state-of-the-art security. These hackers were ingenious.”
The hackers demanded a ransom in return for the key to the encryption code. Grafix paid up. Mr. Bonilla flatly refuses to discuss the amount of the ransom. In fact, he will not even confirm that one was demanded. Paying the ransom did not mark the end of the company’s problems. On Feb. 6, the hackers supplied a key to undo the encryption. It worked for the four servers supporting Internet operations, but had the opposite effect on the server containing the operational data. Grafix called CBL in Markham.
The encryption key or the way Grafix support staff used it deleted almost all the data from the database server.
“The hackers sort of said ‘too bad’ and suggested Grafix use an industrial program to restore the data,” Mr. Margeson says. “It did not work.”
By Sun., Feb. 9, the situation looked bleak. CBL used the Internet to connect remotely with Grafix servers in Costa Rica to inventory the problem, Mr. Margeson says.
“We were able to show that there would not be a quick fix. There were 11 separate problems, some caused by the hackers, some caused by Grafix’s own attempts to recover data,” he says. “We told Juan to bring the hard drives to Toronto as quickly as he could get here.”
Mr. Bonilla packed five 36-gigabyte hard drives and a 54-gigabyte database into his carry-on luggage and flew from San Juan to San Salvador to Havana to Toronto, via the only flights available. By 9:30 p.m. Sunday night, the hard drives and database were in CBL’s Markham laboratory and a round-the-clock race for a solution began.
“We had great difficulty right from the start,” Mr. Margeson says. “There were great patches of data missing and what was still on the disk was garbled. There was just too much empty space; there was nothing to piece together.”
Then, late on Tues., Feb. 11, during a conference call, one of CBL’s San Diego staff came up with the answer. Data on SQL servers are contained in 32-kilobyte pages, all of which are numbered in sequence. If CBL could just look for page numbers, it could retrieve all those tiny pages and then reassemble them in order. The fact that the data had been deleted from the drives would not be an impediment: Deleted data can be recovered as long as it has not been overwritten, Mr. Margeson explains. All that changes with deleted data is the path to that data.
The task was akin to taking all the pages from an encyclopedia, throwing them in the air, and then reassembling them and rebinding them in the proper order. CBL wrote a software program that did just that.
“On Monday, we thought we could recover some of the data. On Tuesday, we figured we would be lucky to recover any of it. By late Wednesday we knew we could recover everything,” Mr. Margeson says.
The next day, Mr. Bonilla was on his way back to San Juan, recovered data in hand. Grafix was back in business that weekend.
“I am very grateful to CBL,” Mr. Bonilla says. “They performed almost a miracle and did it for a reasonable fee.” The cost to Grafix was $35,000, charged on a no-cure-no-fee basis.
While CBL is, of course, pleased to earn the money, the real kick was the learning experience, Mr. Margeson says. “We learned new technology big time with this one. This project punched way beyond the limits for us.”
CBL Data Recovery Unravels The ‘Oceans 11 Style’ Plot
Total Recall: Meet a data recovery expert who can save your assets
Posted Dec 7, 2004 by Digital Journal Staff in Technology
Digital Journal — It wasn’t the December 31st of Y2K, but for one downtown Toronto hospital a few New Years ago, it must have seemed like it. As the clock inched closer to midnight, the hospital’s computers, one by one, blinked and then simply shut down.
The IT Department’s phones lit up immediately. From every floor, increasingly panicked calls jammed the lines: ER, the Burn Unit, Intensive Care, everyone. The hospital’s entire computing system had flat-lined. The implications for hundreds and hundreds were clear: How do you run a hospital when you can’t access the computers? Forget surgery. You can’t treat patients unless you know the medicine required or their dosages.
One of these calls reached the home of Bill Margeson, president and founder of CBL Tech Data Recovery in Markham, Ont. It might have been a hospital calling, but it was Margeson who was asking questions about vital signs. And the vitals were not good. Margeson gave his instructions, stabilizing the situation until he and his team could arrive on scene. This one was big, very big, and the clock was ticking. Lives hung in the balance and they knew it.
Margeson remembers the night well and speaks respectfully of the hospital’s IT guys as responding valiantly to a crisis far beyond their skills.
“They called in HP,” said Margeson, “as it was an HP system. But after 15 minutes, HP threw in the towel.
“They tried to rebuild the system but instead ended up activating a ‘scrubbing’ feature that actually began wiping off all the data. When they realized what was happening, they pulled the plug and called us, figuring they had wiped the drives.
“The hospital system contained 25 hard disk drives with 9GB of data each, which was a lot back then. We proceeded to find out what had gone wrong. We also had their backup tapes.
“The good news was, it takes longer than 15 minutes to wipe 230 gigs and at CBL, our glass is always half full, so we went after the data that wasn’t wiped.
“The objective was the pharmacy data, which outlined what medicine was to be issued to what patients in what doses throughout the day. Without this information, they had no idea what medication would have to be dispensed on New Year’s Day.
“The biggest challenge was, when we contacted HP people throughout North America, no one clearly understood the scrub function.
“Our next step was to investigate the backup tapes, created by a robotic Exebyte tape machine with two readers in a $50,000 box full of eight-millimetre tape. We took the box apart and discovered one of the readers was fried, so we took the working reader and went through each tape individually.
“Eventually, we got about 90 per cent of the hard disk drives and the other 10 per cent from the tape, thanks to a conscientious new employee who had backed it up.”
Back That Thang Up
“Back it up.” It’s the Margeson Mantra, the CBL Creed. It applies to the world’s biggest companies and the individual home PC user equally.
“What can go wrong will go wrong! Even backups can fail. You can treat your computer with all the love and tenderness in the world but eventually something will go wrong, whether it’s hardware failure, virus, human error or natural disaster. Be prepared. Data backup should be a habit. But even if something does go wrong, don’t panic. Usually something can be done.”
Margeson practices what he preaches. In fact, the first step of every data recovery case is backing up the damaged system so initial work is done on the copy and not the original. Once the key has been found and the trapped data unlocked, only then do they touch the original.
It’s an approach that has served him and CBL partners Zhengong Chang and Simon Lam from the beginning.
“I started the company in 1993 by purchasing an existing computer repair business that had been working out of 2,500 square feet of rented warehouse space. Our front door was the warehouse unit’s back door, beside the dumpster and the loading dock. As such, our location attracted all kinds of interesting clientele.
“Our original idea was to provide cheap, no-frills repair services to the IT community in Markham, but we quickly began to see that, as important as the hardware is, the data’s more important than the device. You can replace your computer, but you can’t replace data.”
It was a revelation that would restructure CBL’s corporate destiny. Even with statistical evidence staring them in the face, bold-type operator’s manual warnings, all the horror stories about Blue Screens of Death — people simply did not back up their data.
CBL saw that as an opportunity to run a successful business by recovering data from crashed computers. For 1994, that was a questionable business plan. But it didn’t take long for Bill to realize it would work, big time.
“Our first big customer was a large cellular provider in Toronto. As the lab opened at 8 a.m. one morning, five men were waiting anxiously outside with a disk drive that contained millions of dollars worth of customer billing information.
“By 3 p.m., Chang and I were at their offices hooking up the recovered drive. When it was clear the data was back and live, a cheer went up in the company’s control room.”
The cell company had come within a whisker of disaster. Had they learned their lesson? Nope.
“The first thing they wanted to do was use the data right away,” Margeson remembers. “We said, ‘Guys, guys. Do you want the same thing to happen again? Back it up first!’”
But it was not until the next case that Margeson realized the lucrative potential of rescuing information.
“There was a comptroller for five companies who came in looking to repair a drive that contained all of the accounting data. Toshiba had replaced the computer completely! He was horrified.
“It was a rush job and we had to buy a new Toshiba drive, which back then cost $1,300. We spent 20 minutes with it and treated it like the crown jewels.”
CBL quickly became a local legend — a data-recovery SWAT team that fielded business 911 calls, swooped in, rescued the data and ran off to the next crisis. Quite a reputation, but it wasn’t until the Internet took off in the mid-’90s that CBL’s talent and business philosophy would literally reach around the world.
“We went online during the early days of the Web and by 1996 had set up shop in England,” Margeson says. “Customer demand from Britain had come about because of our initial online presence. People would do a word search for ‘data recovery’ and there we were, cbltech.com.
“Since then, we haven’t looked back. Germany followed, then Barbados. Now we have 11 labs in 10 countries, including two in the United States. Singapore has taken off very quickly and Japan has just come online. Again, it’s because there’s a demand generated by our Web presence.”
But all sorts of companies with huge Web presence have failed. It’s one thing to have a good business concept and strong marketing. But ultimately, the process of data recovery demands keen minds able to crack codes without accepting failure. Margeson’s ability to find such sleuths reveals much about his own problem-solving skills.
“Over the years, we have found people with PhDs and other high levels of education, particularly in the Chinese community, repairing computer monitors and working in restaurants. For example, one of our key people is Yi Mei Cao, a former professor of C language in China. She has a PhD, but we ran into her in Toronto’s Chinatown assembling computers in a store. The rest are mavericks, self-taught folks who love a challenge and have unique dispositions, courage and determination.”
“In data recovery, you need a rebellious attitude and that’s what keeps us awake in the middle of the night. When Microsoft says ‘No, you can’t do that,’ we say, ‘Piss off.’ It could be a Scarborough thing too.”
The Scarborough thing. Toronto’s working-class eastern suburb. NHL tough guys Bryan Marchment and Kris Draper hail from Scarborough; so does Bill Margeson. You don’t mess with them and they don’t back down from a challenge.
“We were once presented with an optical jukebox with 250 cartridges, 2.6 gigs each side, operating in a machine bigger than a refrigerator. The client had been in the process of doing a backup and had brought in cartridges from off-site when a flood hit. The jukebox was contaminated and all of the off-site backups were damaged as well.
“That left us with hundreds of cartridges contaminated by muddy floodwater. We had to recover every cartridge individually. Three days later, we had all of the data. That was the toughest job because of the dirt and water and the inherent challenges of dealing with an optical jukebox. We had to do 251 recoveries and then everything en masse once they were functional. But we did it.”
Tackling big challenges can include taking on unusual clients. Margeson recalls the time a Costa Rican e-casino called for help after its servers had been seized, encrypted and held for ransom by a Russian hacker group. The company paid the ransom but could not decrypt one of the servers, even with the hackers’ help. CBL had to write sophisticated new software to recover the data, which included 60GB of credit card information.
As Good as it Can Get
Margeson politely declines to list his clients, known to include some of the biggest corporations and most powerful government branches in Canada and the United States.
“Many of the Fortune 500 won’t publicly announce that they have asked for our services, because usually it means they made a mistake somewhere in their continuity planning or business processes,” says Margeson.
“As for the smaller customers, we believe no one should be held hostage by technology. We have a program where students and non-profits pay for our services with a souvenir such as T-shirt from their school.”
But CBL doesn’t claim a perfect record.
“We have been stumped, but it’s usually a matter of time constraints. We are unable to puzzle out the problem within the customer’s set deadline. On average, 85 per cent of the time we recover all the data. The rest of the time we get at least partial results unless there’s no magnetic signal left or the drive has melted into puddle of goop. But you never know until you try, and we always try.”
As the motto says on the CBL home page, “When you need data recovery now, you need the best.”
Quite a claim, but something that CBL can clearly back up.
David Onley is the host of HomePage, a national technology television show airing each week on CP24 and across Canada on Canadian Learning Television. You can read his columns and features in each issue of Digital Journal magazine. Also, watch HomePage each week for your chance to win a free subscription to Digital Journal magazine!
Russian Mafia Extorts Gambling Websites
By Clarence Walker, Investigative Reporter (Houston, Texas)
? Russian Organized Crime Syndicates: Are They America’s Most Dangerous Threat
? Does Russia Breed the World’s Best Computer Criminals (Hackers)?
? A Perfect Trap: FBI Nabs Russian Hackers
? A Legal Showdown: American Law – vs – Russian Law
? No Expectation of Privacy
? Russia Vilifies Americans: FBI Agents Charged with Hacking
? Confessions of Russian Hackers
? P.S. (Editor’s Note)
The Russian Commonwealth of Independent States.
For decades, extortion (for money) has been a powerful weapon for mafia criminals to shakedown lucrative businesses and underworld operations. Extortions by Italian Mafia is legendary – their tactics ingrained into the American psyche; threats of bloodshed were real. “Pay us money … we protect you … or else.” Nowadays, there’s a new style of extortion and its not done by Italian Mafiosos wearing dark suits and glasses, nor is it done in person. This new-style gangsterism involves extortion of gambling websites carried out in cyberspace by human forces – forces who speak foreign languages – communicating demands across the globe. With devious intent, these brazen acts, carried out by dangerous criminals – whose intent to destroy American’s civilized world as we know it: the cyberspace criminals are none other than Russian mafia organized crime syndicates.
“Russian crime groups,” the FBI says, “extort gambling websites out of millions of dollars by ‘hacking’ into websites and shutting down the operation.” Such tactics prevent wagers from gambling. Once the sites become inoperable, the extortionist contacts the website owners demanding money. Afraid customers will place bets elsewhere with rival gambling sites, the owners pay the ransom. As technology enters the 21st century, Internet gambling has also emerged as a popular multi-billion dollar industry. Instead of traveling to Atlantic City, Vegas or New Jersey to wage bets – a gambler can stay home, fire up a computer, and place bets online to offshore casinos located in the Caribbean, Antigua or Spain. What online gamblers may not know is that under U.S. law (the 1961 Federal Wire Act) prohibits interstate or foreign gambling via phone or telegraph – which means U.S. citizens are breaking the law by placing bets online to offshore casinos. Yet, the lure to win a fortune overrides a gambler’s loyalty to obey the ‘law-of-the-land’. Computer fraud – criminals using inexpensive software tools to hack into the websites of online gambling, corporate businesses and financial institutions, ripping off millions of dollars is a global epidemic, law enforcement and hi-tech experts admit. In some cases, hackers steal credit card numbers, bank account numbers and passwords to rack up millions of dollars in illegal profits. Cyber-extortions, are the online equivalent of musclemen walking into a business and threatening, “this place looks like it will burn easily,” says Neil Barrett, technical director at the security firm Information Risk Management.
According to law enforcement agencies, there are numerous reports of organized crime operations from Russia and Eastern Europe carrying out denial-of-service (DOS) attacks, to blackmail online gambling sites and e-commerce websites. In late 2003 and early 2004, online casino news reported that the FBI and National Hi-Tech Crime units discovered that computer hackers employed by Russian mafia launched a DOS attack on Worldpay System affecting thousands of online casinos. Online casinos rely on Worldpay to process customer’s transactions and pay off gamblers. Worldpay.com, including six other online businesses, was targeted by mafia cyber-extortionists demanding $50,000 per hit. D.K. Matai of M126, which monitors unauthorized computer hacking says criminal syndicates hired by Russian mafia have targeted large online payment systems owned by gambling sites. Technically, DOS attacks involve flooding a website with malicious traffic, and exhausting the servers with false requests. A typical extortion to online gambling and payment companies goes like this: “You have to pay us $50,000 or we will start DOS attacks or if you don’t pay us what we want, then we’ll make sure you don’t have customers.” The FBI has conceded the extortions were, in fact, paid off. Gambling websites are targeted due to the time-specific nature of service. For example, if customers cannot buy a CD online, they’ll try another place but if gamblers cannot place bets immediately, they point their browser to another competing website. For years, computer hackers have broken into America’s most secretive computer files, those owned by the U.S. Pentagon, NATO, Microsoft, Paypal and well known banks. “Russian organized crime groups have penetrated computers in the U.S. and other Western countries to obtain illegal profits,” said John Collingwood, FBI Assistant Director of Public Affairs, during a recent press conference. “Russian hackers pose one of the biggest threats to U.S. e-commerce and the computer industry,” said Julie Fergerson, a fraud detective and co-founder of Clear Commerce, a security company for e-commerce in Austin Texas. “We are seeing more and more sophisticated attacks from Russia and Eastern Europe,” Fergerson announced during investigative conferences. Another expert, T.Y. Sagalow, chief operating officer of AIG, E-business Risk Solutions, adds, “We are seeing many clients victimized by cyber-extortion because it’s easy to launch a cyber attack.” The FBI has warned American companies and businesses about Russian mafia hackers and how they’ve penetrated U.S. e-commerce computers by exploiting vulnerable unpatched Microsoft Windows NT operating systems. Microsoft representatives have known about the holes since 1998 and posted the patches on their websites to fix them. Still, the FBI insists, some companies haven’t fixed the holes.
Though many gambling operations have suffered DOS attacks, they’re afraid to report the extortion, as stated earlier, due to fear of losing customers, but something must be done to eradicate the scams. Online sports books, BETWWTS, reportedly paid Mafia extortionists thousands of dollars. Several casinos and poker rooms, including Harrods Casinos and Cryptologic Intercasino, went down recently from a DOS attack. When the 2004 Superbowl was scheduled to play in Houston Texas, hundreds of ‘shakedowns’ hit the gambling sites. “We were first targeted in September 2003,” said Alistair Assheton, Managing Director of VIP Management Services in Curacao, “and have been under periodic attacks ever since.” Assheton told Reuters News Service that the extortionist demanded $30,000 wired by Western Union to a bank account or risk taking a hit. “They essentially said, ‘Pay up or go down for the Superbowl’.” Another e-mail demanded a $15,000 payment for six months protection. “In many cases, the DOS attacks destroyed well-configured firewalls,” said Ian Morris, founder of Equip, who restores affected sites. “Most people believe since they’ve got firewalls, they are protected. These attacks have shown that this is not the case.” National Hi-Tech Crime units have warned businesses not to comply with extortionists and contact the police immediately if demands are made. “Making a payment is no guarantee the attacks will stop,” a unit spokesman stated.
In February 2003, Russian organized crime scored another target by taking control of Grafix Softech, the largest Internet gaming enterprise that operates 120 gambling websites. The shutdown was devastating. According to Juan Bonilla, executive vice president of Grafix Softech, located in San Juan, Costa Rica, “The payoff to restore service was insignificant compared to loss of data containing names of customers and other operational records destroyed once the DOS attacks were unleashed.” In a miraculous feat, Bill Margeson, president of CBL Data Recovery Technologies, and staff technicians recovered the valuable data. They discovered the Russian criminals had bypassed firewalls and other security systems and inserted a virus into the five servers that Grafix used for online operations. “It was akin to hacking into the Pentagon,” Margeson told investigators.
Russian Organized Crime Syndicates: Are They America’s Most Dangerous Threat?
The FBI’s most wanted criminals of the 21st century are not only al-Qaida terrorists but the Russian Mafia and their organized crime groups of hard-core criminals, technology scamsters and professional killers. Russian organized crime (ROC) refers to criminal groups, the so-called Russian mafia, who are notorious villains from the fifteen republics which includes the former Soviet Union. ROC activities have existed for over twenty years in the U.S. but during the last ten years, exposure of the ROC (M.O.) has surfaced coast to coast.
FBI Director Louis Freeh, testifying before the Senate said, “Russian organized crime presents the biggest long-term threat to U.S. security.” CIA Director, James Woolsey once said, “Russian organized crime was so rampant it creates a formidable threat to international peace and stability.”
Former Soviet Union criminals have forged networks in major U.S. cities, including smaller cities. According to reliable sources, the FBI and Foreign Intelligence:
There are approximately 30 Russian organized crime syndicates in the U.S.
Over 12,000 groups in Russia – a triple increase from 1992
ROC has powerful ties with organized crime in Russia and Ukraine. Russia is the home base for ROC global enterprise.
In the U.S., the ROC syndicates are prominent in cities like Los Angeles, San Francisco, and Seattle and states like New York, Florida, and New Jersey and recently, Houston, Texas. ROC crimes are murder, money laundering, extortion, loan sharking, auto theft, weapons and sex-slave trafficking, counterfeit currency and complex fraud schemes. The ROC is a pervasive, dominating force on American soil.
Dr. James Finckenauer, a mafia expert and professor at Rutgers University in New York, is an expert on Russian organized crime. Finckenauer explains there’s a difference between some ROC groups and the legit Russian mafia. Russian crime gangs operating in western countries, according to Finckenauer, are incorrectly labeled as the Russian mafia. The crime gangs are organized criminal enterprises whose members are from the former Soviet Union and Eastern Bloc countries, though they’re not Russian mafia. Finckenauer says, “The term Russian mafia has become a popular characterization for all forms of organized crime involving people with Russian or Eastern European backgrounds. Organized gangs, made up of Russian and former Eastern Bloc immigrants, typically commit scams involving financial transactions, bank and credit card fraud, postal theft and forgery.” Although evidence proves Russian mafia recruits organize gang members to commit specific crimes for the mafia organization, the gangs are not inducted members of the Russian mafia. The gangs have none of the traditions historically associated with the mafia, the hierarchical structure, codes of behavior and community respect. Still though, experts agree, Russian mafia and Russian organized crime groups blend together to accomplish exact goals: to make tons of illegal profits. Russian criminal groups in the U.S. have made millions of dollars committing the following crimes:
Health care fraud
Credit card scams
Visa and immigration fraud
Securities fraud and contract fraud
In 1991, Russian brothers, David and Michael Smushkevich, committed the largest Medicaid heist in U.S. history, stealing more than $1 billion in a false medical billing scam. Ringleader Michael Smushkevich was sentenced to 21 years in prison for numerous fraud convictions. His brother, David, testified for prosecutors and received probation.
Another example of the Russians criminal enterprises involves the largest money laundering operation in the U.S. Billions of dollars were laundered into the Bank of New York. Following a federal investigation, the bank suspended two Russian female employees, Natasha Gurfinkel Kagalovsky and Lucy Edwards, whose names surfaced during the investigation. Both employees were senior officers in the European division of the bank. Both were married to Russian businessmen. One of these men controlled the accounts. As one government official stated, “It is the most frightening evidence of how far Russian organized crime has manipulated and infiltrated financial markets.” Cyber-extortion, experts agree, “derives its scheme from old-fashioned extortion with a modern twist.” In most cases, the extortion of website casinos is carefully planned to demand less money than what it may actually cost owners to repair a site broken into. Many firms are satisfied to pay ‘blood’ money rather than risk having a DOS attack and risk losing all customers and profits in one massive attack. Steve Donoughue, managing director of Gambling Consultancy in London says, “Despite the hush-hush attitude of casino and gambling website operators, extortion attacks happen often.”
USA Today once reported an odd stroke-of-luck article exposing how computer hackers rigged casino games for losers to win ‘big’ money. The article said Cryptologic, a Canadian software firm that develops online casino games, became a target when a hacker rigged the craps and video slots so players would never lose. Within hours, the casinos lost over $2 million. Security investigation showed the hacker altered the winning percentage to 100 percent, with each roll of the dice producing doubles. Every spin of the slots produced straight matches. “It’s likely the intruder was somebody with inside information of our system,” said Cryptologic spokeswoman, Nancy Chan-Palmateer. Over the past few years, the U.S. Justice Department, FBI, Secret Service and other national and international government agencies increased efforts to neutralize cyber-crime. Attorney General John D. Ashcroft announced that one joint operation resulted in the arrest of more than 130 people suspected of using the internet to defraud 89,000 consumers and businesses of $176 million. Businesses are expected to spend billions of dollars within five years to stave off online thieves, hackers and other tech-scams, according to market researcher IDC Corp. IDC also indicated that 65 percent of online attacks originate overseas. “The Internet makes moving money across continents faster, with less hassles, and easier to hide,” said Louise Shelley, director of Transnational Crime and Corruption Center at American University. Internet fraud also presents an enormous legal dilemma. International law, experts admit, is often ill-suited to deal with the problem. Among those are: conflicting views on what constitutes cyber-crime, how – or if – perpetrators should be punished and how national borders should apply to crimes without borders. A computer hacker once boasted, “They (the FBI) can’t get us in Russia.” Russian law mandates a 10-year prison sentence for computer hacking. Complicating apprehensions is the fact the high-tech unit officers in Russia are either understaffed, inadequately trained and service pay is small. Some officers are in cahoots with organized crime, which creates an influx of computer criminals to work undetected for years.
Does Russia Breed the World’s Best Computer Criminals (Hackers)?
A worldwide poll conducted on a hacker-oriented website showed that 82 percent of respondents said Russia had the world’s best computer hackers. Only five percent said Americans were better.
“Russia and Eastern Europe’s computer criminals are the most skillful in the world,” says Joe Rosetti, senior vice president of IPSA International, a New York Security company.
“The Russian hack scene is incredibly sophisticated,” senior analyst at Security Focus, Ken Dunham, told U.S. and foreign investigators. “They are excellent programmers and understand networks – how to get in and out without a trace.”
“Russian hackers do amazing things with limited computer power. They are smart and cover their tracks well,” said Frank Voden, a consultant with U.K. firm Techsolutions.
“We call Russia the ‘hackzone’ because there’re so many of us here. We are so good at what we do,” a self-described hacker from Moscow, identified as Igor Kovalyez confessed to reporters. “Hacking is one of the few good jobs left here.”
As mentioned throughout this story, computer hacking is so notorious and profitable there is also a website in Russia called vsyaki kryaki – which means “various cracks.” This site provides 150 ways to break into websites and technology systems.
Hackers, on this cool site, have their own rules and jokes. Visitors can talk or ask questions and even inquire how to break into networks. Readers beware, “This site is monitored. Do not use this information to commit a crime.”
Some Russian experts seek publicity. Pavel Semjanov is a lawyer who will arrange contact with Russian hackers only if an interview is used for research or educational studies. Semjanov’s website is www.stu.neva.ru/psw.
“Cyber-crimes are bloodless. Some people delude themselves it’s not a serious crime but these guys are a menace to society,” said Col. Anatoly Platonov, the deputy head of Russia’s Interior Ministry high-tech crime unit. Security experts confirm the fact that the Russian mafia hack rings are, in fact, operated by former KGB agents (Russian organized crime syndicates), who recruit young, college-educated, computer wizards to execute the ‘dirty’ work. In Russia, there are specialized training schools for crooks to learn hacking skills. On a daily basis, the crew works from Internet Cafz near the Russian capital, answering Internet advertisements for programmers, ads that are intentionally planted by Russian mafia groups in Moscow, St. Petersburg and Murmansk. Around northeastern Moscow, authorities discovered an underground place called Club Shaitan – a place where young men and teenagers frequent. “The only problem,” Platonov says, “is the computer games they play come from pirated CDs and the e-mail they send goes through a rigged-system allowing the sender to avoid paying for online access.” Most hackers will visit Moscow’s Gorbushka Market to purchase pirated software and CDs containing updated information about hacking instructions and tools selection. Hackers prefer these most wanted information products and CDs: (1) Hacker’s Toolkit, (2) All You Need to Start Hacking, (3) Hack the World, (4) Superhacker ’99 – a popular program that sells for $3. This program assists hackers to create their own viruses or generate credit card numbers. “Places like Club Shaitan, Internet Cafz and Gorbushka Market, is where tomorrows hackers start out,” Platnov concludes. To reminisce history, Russian organized crime hackers first captured world’s attention during 1990s when a young mathematician, Vladimir Levin, hacked into Citibank computers transferring $12 million to different accounts worldwide. Though Levin was arrested, his clever scheme inspired other hackers. Example, Ilya Hoffman, a talented viola student at the Moscow conservatory was detained in 1998 on charges of stealing $97,000.00 over the Internet. Another Russian group stole more than $630,000 hacking into Internet retailers and stole credit card numbers. The world’s largest Internet companies, Compuserve and AOL, were forced to abandon Russia in 1997 due to Russian criminals ripping off the company’s computer passwords. Utilizing unlimited resources from Russia, Russian criminal networks collaborate with their worldwide associates to control America’s profitable businesses, penetrating the most sensitive areas of major U.S. companies and corporations, stealing trade secrets to sell foreign competitors and using stolen data to enhance illegal activities.
Russian organized crime groups, foreign intelligence and U.S. authorities say, are responsible for hacking into America’s most highly-sensitive computer systems:
Theft of secret Microsoft source codes
NATO Military websites
A Perfect Trap: FBI Nabs Russian Hackers
It was a sting, according to the FBI, worthy of an Oscar award. In November, 2000, FBI agents in Seattle, Washington arrested two professional Russian hackers after luring the men, Alexey Ivanov and Vasiliy Gorshkov, from Russia into the United States on pretext of hiring them to work as programmers for an FBI fictitious company called Invita Technology. Both were arrested within three weeks after the FBI documented illegal activities using a computer spy program.
What led the FBI to nail the Russians?
A selfish need called greed.
Alexey Ivanov contacted John Morgenstern, president of E-Money, Inc., a Washington-based tech company that provides electronic payments for online businesses. Morgenstern told the FBI he’d received a call from a young man identifying himself as Alex from Russia. He proudly claimed membership into an organization called ‘Expert Group Protection Against Hackers.’ This particular group was already responsible for hacking into websites of banks and financial businesses and stole funds and credit card information. Their game plan never deviated. First, they’d break into a system and offer to fix the breach from other intruders only if the companies paid a fee or hired them as security consultants. Such tactics netted the criminals large sums of money. Anyone rebuffed the groups ‘hire or pay’ services, the company’s computer system would shut down due to virus attacks until money was paid to restore operation. Those who paid were great customers.
Ironically, CTS Network Services in Seattle hired Ivanov as a consultant even after they discovered he’d broken into the network tech system. Speaking clearly, Ivanov told Morgenstern, the E-Money president, “Someone broke into your database. We have access to credit card information. Next came the extortion: “If you pay $500,000, I’ll make sure no more intrusions occur! When Morgenstern rejected Ivanov’s ransom the company’s network was bombed with viruses. Morgenstern called the FBI. Surprisingly, the FBI was already investigating organized computer hackers in Russia. Information referring to Expert Protection Group kept coming up, the same group who targeted Morgenstern.
“The number of victims, financial losses and property destruction made us take notice,” Charlie Mandingo, an FBI agent assigned to supervise the investigation recalled. Under FBI instructions, Morgenstern recontacted Ivanov to revive communication, make him think he’d eventually hire or pay the ransom. FBI had solid evidence to prove that Ivanov in cahoots with Expert Protection Group had broken into Paypal, stole thousands of credit card numbers and even hacked the system of Central National Bank in Waco, Texas.
Evidence notwithstanding, the crooks were elusive, miles across the globe, hid behind the Iron Curtain. Alexey Ivanov was so bold, he’d sent a resume and his photo to companies he extorted to hire him as a consultant. The FBI was desperate. U.S. Justice Department sent letters to Russian authorities to have Ivanova detained but no response. Since Russia had no extradition treaty with the U.S., authorities were prohibited to travel to Russia to arrest him, “so they connived a way to get him over here,” U.S. Attorney Steve Schroeder remembers. The FBI hatched a scheme more seductive and fascinating than a Sherlock Holmes plot. It went down this way: owners of Invita Technologies (bogus company) posted a message to Ivanov seeking partnership with a security firm owner to provide consulting services to U.S. companies. The carefully phrased message further stated the candidate must relocate to Seattle for an interview. During online communications with agents offering the job, Ivanov boasted in halting English, “when (we) hackers come across a vulnerable network, we can fix it or break it.” Example, Ivanova convinced agents by hacking into the Invita computer system.
Agents hired the computer whiz and sent him a plane ticket. For Ivanov, the offer was godsend: someone finally recognized his superior talents, agreeing to pay a grand salary and bring him to America! Crime partner, Vasiliy Gorshkov tagged along. Arriving in the U.S. at Seattle’s Airport agents greeted the pair and drove them back to Invita Company for more computer testing. As snippets of pop music played in the background and video cameras recording the action, Ivanov tapped into an IBM Thinkpad provided by the FBI.
FBI video captured the Russians clever techniques to break into web sites through a well known vulnerability that Microsoft NT Server used. To execute the break in, they typed in the default user name and default password created by the manufacturer – and instantly the Russians were inside the networks. An expert said later, the technique was the same as, “storming a bank with a machine gun.”
Unknown was the fact as the men used the computers to send stolen data and financial information taken from U.S. businesses and transmitted to their own computers in Chelyabinsk, Russia, agents were running a ‘sniffer’ program that recorded every keystroke they made. The sniffer stole the passwords and codes to Ivanova and Gorshkov’s Internet server and computers in Russia. An exchange of incriminating information from Gorshkov to an agent took place”
Gorshkov: “We are experienced hackers.”
Agent: “So how often you’d hacked into computer systems? Did you take credit card numbers?”
Gorshkov: “These things are better talked about in Russia.”
When Gorshkov recalled how they (Ivanova) extorted money from a U.S. Internet service provider, he said, “The FBI can’t get us in Russia … your guys don’t work in Russia.”
Responding curtly, the agent said, “That’s right.”
Like most gullible criminals, the Russians felled for the bait, hook, line and sinker. The FBI arrested the duo after driving them back to an apartment where they stayed. News of Ivanov and Gorshkov’s arrest sent shockwaves across the nation that the FBI nailed two foreigners, described as computer crime kingpins, had used tech systems to commit theft crimes against some of America’s most prominent financial businesses. Agents Mike Schuler and Marty Prewett earned the FBI’s excellence (Investigation) Award for successfully executing the covert operation to nab the Russians. While Americans applauded the capture, the Russian government and citizens were outraged that the FBI, in their view, also broke the law by illegally obtaining information without a warrant, information stored on the men’s computer in Russia. Charged in Federal Court with numerous computer-related fraud, theft and extortion, the men were held without bail. What sophisticated technique did the FBI use to record encrypted passwords and codes? Knowledgeable informants said the FBI used a $100 software invented by tech-expert Richard Eaton of Washington.
Known as the ‘win-what-where program’ this unique key-logging system has revolutionized computer spying software. Its operation works superbly: attached to a computer the software secretly records everything a user types, coded or not, and sends a report to a third party who is spying on the user. “The Russians just sat down and entered their passwords. Nothing was better than that,” said Eaton. “What they (the FBI) did was phenomenal, exceptionally effective,” says Kevin Mandia, who taught computer hacking courses at FBI academy.
A Legal Showdown: American Law – vs – Russian Law
Gorshkov was represented by attorneys John Lundin and Ken Kanev. During pre-trial motions Kanev challenged the evidence against Gorshkov. He said the FBI’s use of passwords recorded by the key-logging system to access Gorshkov’s personal files in Russia was like, “picking up a key to a locked container.” Kanev further argued that the FBI should have had a search warrant before downloading Gorshkov and Ivanova files.
Legal scholars said the FBI violated the men’s privacy rights against unreasonable search-seizure by first accessing information from their computers and then later obtained a search warrant to justify their actions. “What the FBI did should make Americans afraid,” Lundin told reporters. “They consciously bypassed legal requirements and used an intercepted password to unlock a safe to access private documents,” Lundin explained, comparing the defendants Internet server in Russia to a locked safe.
Prosecutors and the FBI defended the tactics against the Russians indicating they needed to secure the incriminating information before possible conspirators destroyed the data.
No Expectation of Privacy
U.S. District Judge John C. Coughenour of Seattle issued a scathing ruling in favor of prosecutors and FBI agents. Coughenour ruled the Russians waived expectation of privacy by using public computers. “When (the) defendants sat down at the computer, they knew the system administrator would possibly monitor activities,” Coughenour wrote. “Indeed, undercover agents told Gorshkov and Ivanova they wanted to watch to see what they were capable of doing. He also ruled the fourth Amendment did not apply to computers, “because they are the property of a non-resident and located outside the United States.” The data taken from the computer in Russia, apparently was not protected under fourth Amendment until transmitted into the United States. Prior to viewing the retrieved data, court records showed, agents secured a search warrant. Rejecting defense arguments the warrant should’ve been obtained before the data was retrieved, Coughenour said, “The agents had good reasons to fear if they did not copy the data, (the) defendant’s co-conspirators would destroy the evidence.” Coughenour further rejected defense arguments that the FBI’s actions were “unreasonable and illegal because they failed to comply with Russian law.” The judge concluded sternly, “Russian law does not apply to the agents actions.”
Russia Vilifies Americans: FBI Agents Charged with Hacking
The Russian government was furious over the American judge’s decision that FBI agents broke no laws (national or international) by coaxing their fellow countrymen into the U.S. to arrest them. Far more insulting to Russians was Coughenon’s harsh statement, “Russian law did not apply to the FBI.” Even the Russian Federal Security Service (FSB) filed unauthorized use and retrieval of computer information against FBI agents, Mike Schuler and Marty Prewett. FSB investigator, Igor Ikach, forwarded the criminal charges to the U.S. Justice Department. U.S. officials declined comment. Interfax News Service reported FSB investigators filed charges against the FBI to restore traditional law enforcement borders. Sources further stated, “If the Russians are sent to prison on information obtained illegally by the Americans, this will surely allow U.S. enforcement to use illegal methods to collect information in Russia and other countries.” A Moscow news service distributed a litany of comments by the enraged Russians:
“Obviously, the American government worried so much about computer hacking, they classified the crime as a terrorist offence (a penalty of life in prison) but the U.S. doesn’t blink when they break into someone else’s computer.”
“If the American government isn’t bombing or invading another country, they steal computer documents. So if you hack U.S. computers, it’s terrorism but if they hack someone else’s computer they’re allowed to do so under protection of U.S. law.
“The court’s interpretation of U.S. law actually means that Russians must accept the Americans has the ‘right’ to steal passwords – or information from Internet service providers we use, or any communication, again, under protection of U.S. law.”
Convicted of twenty counts of conspiracy, fraud, computer intrusions and numerous thefts obtained by unauthorized access to financial databases owned by companies, Vasily Gorshkov, was sentenced to 4 years in federal prison on October 4, 2002. In a Washington Post interview, Gorshkov said upon release he will return to Russia but does not know how he will make money to support his family. “I don’t know … if I still have employment waiting on me … but I will be all right.” Gorshkov was released earlier from prison on July 15, 2003.
On July 24, 2003, Alexei Ivanov, alleged mastermind, was sentenced to four years in federal prison with three years of supervised release. Ivanov pled guilty to similar charges that convicted Gorshkov. Crimes they committed, authorities estimated, totaled $25 million in theft of money and destruction of computer networks. Anonymous sources connected with the investigation said Ivanov was also released early from prison after cooperating with federal authorities, providing information and names of other Russian criminals involved in computer crimes. Proof that Ivanov cooperated with the FBI – an agent contacted a hacker named Michael asking what he knew about Ivanov and Gorshkov’s criminal activities. In an angry e-mail response, filled with profanities, Michael decried: “By tricking the Russians to Seattle to arrest them, the FBI had started a war. We’ll keep stealing just like we did in the past. Better leave us alone.” In a display of humility, an imprisoned Ivanov wrote apology letters to victims. A letter to Mike Apgar, chief executive of Speakeasy, Inc., a company he stole from the letter read, “I promise that upon my release I will work hard to compensate for damages caused by my criminal behavior.”
AmericanMafia readers, this is not the end of this feature story, but since we’re half way, here’s a chance to voice your comments, opinion or just want to sound off about law and order:
Since the U.S. does not have an extradition treaty with Russia, was it unethical or wrong for the FBI agents to ‘trick’ the Russian hackers into America to arrest them for crimes committed against American businesses, and later retrieve evidence without a warrant from their computers? Or was it fair play to nab the Russians by ‘any means necessary’?
Knowing that the FBI now uses a variety of spy tools (claiming justification under terrorism law) to monitor what Americans view on computers, should this be allowed without a warrant? Should privacy protection laws be updated?
Should U.S. government provide financial aid to countries, like Russia, who do not have an extradition treaty with the U.S.? And should it be illegal under international law for countries receiving U.S. aid not to extradite dangerous criminals that committed crimes against America?
(the story continues)
Confessions of Russian Hackers
“Confession is good for the soul.”
Vasyl Kondrashov, Alexei Badken, and Ilya Vasilyez are the real deal. They’re the most, highly-skilled, notorious hackers in the Soviet Union, perhaps the best. They earn a living by teaching fellow Russians how to operate computers, or better yet, they teach aspiring students to become professional hackers that are wrecking havoc on the planet, breaking into secretive and lucrative computer databases for huge profits, profits that enrich themselves and support organize crime.
Let’s start with Ilya Vasilyez. As the handsome Vasilyez chats with a foreign reporter a burgeoning crowd of young, astute-looking men and teenage boys applaud Moscow’s first superstar hacker. Basking in the limelight, Vasilyez wears a purple t-shirt, words emblazoned across the front that say, “All information should be free,” also an advertisement of Vasilyez’s civil school for Russian hackers. If someone interested for Vasilyez to teach them about computing hacking or as a good Samaritan, donate money to his school, can email Vasilyez at [email protected] The website address is www.hscool.net. “People thought it was impossible to teach hackers, that a true hacker is one by birth. But I disagree,” Ilya told reporters. “I can show you how to develop hacking skills.” Many of Moscow’s potential hackers visit Ilya’s apartment to learn a technique called ‘advanced technology skills’. When questioned about teaching others a skill that’s utilized to commit crimes, Vasilyez insists that despite himself being a computer hacker who pirated software, he does not encourage anyone to apply their skills toward computer crimes.
“During my childhood,” Vasilyez explains, “we cracked programs and distributed them free.” He adds, “It was like our donation to society. If we took programs from a capitalist society, programs protected by computer defenses, we thought it’s good to crack this program, to bring the program to people.” He further insists that he’s doing society a favor by training young, potential hackers. Cyber-crime in Russia, many will say, will continue to go practically unpunished and will, in fact, flourish.
Alexei Badken of Moscow describes himself as a “secret security guy” told reporters during interviews that computer hacking is an important part of the underground culture in Russia. Badken confessed that American websites are favorite targets not only for profits but also political purposes when the U.S. Government staked interest into the disputes between Serbia and Kosovo. “Many of us (Russians) felt what the U.S. done towards the Serbs was wrong, so we retaliated by attacking government websites and large companies. We know the White House was attacked many times and so were the defense computers. Did anyone read what we did to the U.S. Pentagon?”
Like Vasilyez and Badken, Vasyl Kondrashov is also FBI’s most wanted computer criminal, a menace to society. Kondrashov, of Moscow, makes a wealthy living teaching fellow Russians how to ‘hack’ into computers. During online interviews with international wire reporters, Kondrashov, says computer hacking is not a crime. “Hacking isn’t necessarily a crime, just like a knife isn’t necessarily dangerous. It depends on the person behind it,” said Kondrashov, who operates a civilian hacker’s school in Odessa, Ukraine. “I see myself giving knowledge for good,” he told Cox News Service reporters. After graduating from Odessa State University, Kondrashov learned computer skills while employed as a network administrator for a Ukrainian University and later worked as a network security expert for the Ukrainian Armed Forces. Poverty in Russia, Kondrashov admits, motivates him and others to hustle questionable money. He berates the money earned working a legit job and complaining further, his wife earns only $250 per year, while his parents, both retired receive $10 per month government pensions. Certainly, the hacking skills Kondrashov offers in Ukraine’s shattered economy is valuable for poverty-stricken Russians. As his reputation grew, the master hacker began receiving e-mails from more advanced students seeking specialized knowledge. During these sessions, Kondrashov taught students how to open and close files of private companies. Voicing opposition toward Russia, he spoke straightforwardly, “Nothing works in my country. The government is corrupt. Morally, I do not support my government, I support my family. How am I supposed to support them, if not with my skills?” Kondrashov asked incredulously. When asked by reporters about Russian mafia and affiliated organized crime involvement with computer hacking, Kondrashov said, “To live with wolves is to howl like a wolf.”
Journalist and documentary story producer, Clarence Walker is from Houston, Texas. As a member of Investigative Reporter’s Committee and member of the Society of Professional Journalists, he works closely with U.S. and international media, non-government and government agencies including F.B.I press officials and Department of Justice News Media division to provide public awareness about today’s organized crime in America. For three years, this dedicated journalist has researched and documented highly important (classified and unclassified) information from numerous sources involving the crimes of the Russian mafia and Russian organized crime syndicates.
To learn more or report information about computer fraud, hacking, and other internet crimes, contact: www.fbi.gov or www.nitc.gov or the Center for Internet Security.
P.S. (Editor’s Note)
Some material used in this story is copyrighted by national and international news media organizations. Important warning: In accordance with Federal Law, Title 17 U.S.C., Section 107, reprint or distribution of the material herein without consent from author or publishers of AmericanMafia.com and it’s partnership with news media organizations are prohibited.
AmericanMafia.com hopes this published documentary on Russian organized crime will increase awareness of a growing threat to U.S. Public safety. To inform and educate readership, AmericanMafia.com will report updates and utilize law enforcement and anonymous sources to expose investigations of organized crime in America, as well across the glob. This year, AmericanMafia.com will publish the following stories involving Russian mafia and Russian organized crime:
Their connections to al-Qaida and Osama bin Laden
Sales of mass destructive weapons to terrorist groups
Global drug and sex-slave trafficking
Rip-off of diamond mines in Leone Sierra
Their secret casino partnership with John Gott, Jr.
Spy ring operations
How Russian criminals spy on Americans
Multi-billion dollar fraud operations
Contract murders of prominent American and foreign businessmen including a special investigative report exposing how Russian mafia sold mass weapons to America’s #1 enemy, Saddam Hussein.
October 2003 ? Vol.14 Issue 10
Page(s) 94-96 in print issue
Fire, Flood & The Delete Key Won’t Stop These Data Rescuers
Blake Winton, a programmer in Toronto, knew he was in big trouble when his computer started rebooting over and over again. Hearing a low-pitched whine from one of his hard drives, he realized that his wife’s personal journal and their Web site of baby pictures had probably gone to that sunless land from which data never returns. Needless to say, he hadn’t backed up his system.
“If my marriage falls apart, then I’d be a good cautionary tale,” Winton said as he tried to figure out what to do next.
If, like Winton, you think hard drive crashes couldn’t possibly happen to you, you’re too lazy to back up your files, or you just have too heavy a hand on the delete key, there’s still hope for you and your data. Data recovery experts have rescued data from fires, floods, mudslides, and Russian hacker attacks. Their services command top dollar, often $500 to $1,000 to rescue a single drive. If your problem is just a trigger-happy Recycle Bin, you can often save your files yourself with commercial software available for less than $100.
Crashed, Smashed & Trashed
As delicate as hard drives are, it’s amazing they don’t crash more often. Inside your drive a set of tiny, magnetized discs are spinning at thousands of revolutions per minute, with read/write heads positioned less than the width of a human hair over each platter, picking up magnetic variations to read data. A circuit board on top of the drive assembly controls the works.
Natural disasters can do pretty obvious damage to a drive. But smoke, dust, and ordinary wear and tear can take their toll, as well. Circuit boards fail, and motors tire out. If dust particles get into a drive, they can interfere with the works or cause a head crash, which is the worst possible disaster. During a head crash, a read/write head actually touches a magnetized platter, literally gouging data out of the surface.
Hard drives aren’t the only storage devices rescuers work with. Most firms can work with flash media, floppies, or Zip disks, as well, using techniques similar to the ones they use with hard drives. Optical media, such as CD-ROMs, are trickier. If their reflective layers are scratched or damaged, some labs, such as the one at data recovery firm DriveSavers (http://www.drivesavers.com), can recoat the disc and use special hardware to try to read the surviving data.
When your drive won’t start, when it’s trashed in a disaster, or when it’s making a grinding or clicking sound, it’s time to send it to the experts. The data-recovery field has boomed in the past decade, with firms of various levels of skill and reliability joining the fray. They all have one thing in common: high prices. At $500 and more to save a drive, these services are only for the most important files.
“Our average price is $1,000,” says John Christopher of DriveSavers. “That data needs to be critical, and people need to be willing to spend that money to get that information back.”
Recover The Jewels
At CBL Data Recovery Technologies (http://www.cbltech.com) in Armonk, NY, president Bill Margeson supervises a company that runs about 7,000 data recovery projects a year. As with most reputable labs, he has a mad-scientist-like array of thousands of drive parts on hand, plus a “clean room” that’s free of dust and contaminants where the most hard-core drive surgery is performed.
First, Margeson’s staff checks and replaces the drive’s logic board, the circuitry on top of the head assembly. On about half of the drives CBL sees, that’ll bring the system back to life enough to rescue the data from the drive.
Replacing circuit boards can be tricky, because you have to match not only the brand but also the manufacturing plant and sometimes even the lot number of the original drive.
“If a board is bad, it has to be an exact match,” says Dan Strizich, owner of data recovery firm Independent Technology Service (http://www.datarecoveryspecialist.com). “If you have a 20GB Maxtor made in Malaysia, and you get a board made in Singapore, that board won’t work on that drive.”
More complex are servo problems, which involve circuits that control the drive’s motors, both on the logic board and within the drive itself, and the data that in turn regulates those circuits. Those can be finessed with proprietary hardware and software rescue systems at top labs.
If heads go bad, it’s time to enter the clean room. CBL replaces about 12 head-stack assemblies a day to fix wobbly heads and miserable motors. The technicians are not trying to fix drives permanently, just get them running long enough to rescue the data.
A more dire situation results from actual damage to the magnetic platter, which happens, for instance, if a head hits the platter’s surface. Gouges can be read around, and platters can even be transplanted onto other drive assemblies, but that’s a last-resort operation.
“The challenge is to not disturb the physical relationship platters have to each other,” Margeson says. “Things are measured in microns, on all three axes. The transplant is very arduous.”
Competitor DriveSavers adds one step at the beginning of the recovery process. The company has a trained counselor who’s done time on suicide prevention hotlines to help customers with the one peripheral they can’t fix: their broken hearts. “It’s difficult sometimes to bring them down, but we try and bring them back,” Christopher says, for once speaking of customers rather than drives.
Fires, Floods & Russian Hackers
The list of disasters that send people running to data recovery firms is a long one. Leading recovery firm Ontrack (http://www.ontrack.com) says the vast majority of crashes, some 78%, are because of “hardware or system malfunction,” such as failed power supplies, tired motors, and frazzled circuit boards.
According to Ontrack, 11% of its business results from human error—anything from mistakenly formatting a drive to mistakenly dropping one. CBL’s Margeson says he can chalk up as much as 35% of his business to human mistakes.
Program malfunctions (7%), viruses (2%), and natural disasters (1%) make up a tiny part of Ontrack’s statistics but many of the industry’s most dazzling stories. DriveSavers’ Christopher says that less than 10% of its drives arrive crushed, soaked, or charbroiled.
When a cruise ship sunk to the bottom of the Amazon River in 1993, a juggler and scuba diver aboard the ship saw her memoirs go down with the boat, DriveSavers’ Christopher says. But the traumatized troubadour wouldn’t let it all go. “After three days of waiting for the salvage operation to begin,” he says, “she decided she was going to go get her Powerbook. She got some gear, dove down, went and found her cabin, and was able to retrieve it.”
Shipped to DriveSavers, the notebook was ushered into a clean room and disassembled. Technicians then scrubbed the drive’s platters ultrasonically so they could rebuild the drive. In the end, DriveSavers lived up to its name.
CBL’s Margeson may be going for the James Bond award after having saved an online casino site from Russian hackers. “They seized five servers, encrypted them all, and held them all for ransom,” Margeson says. “[The casino operators] decided to pay the hackers, but when the hackers unlocked the five servers, the primary server, the 60GB database of VISA cards, was gone.” The problem was a software glitch unknown even to the hackers; CBL had the data back in four days.
How often do data-recovery services succeed? Margeson claims an 83% success rate. Strizich says most firms are lucky to retrieve 50% of all data. One thing is obvious: Data recovery firms are a last-resort choice.
Undo, Undo, Undo
Data recovery services are top-dollar products for critical information. But there’s a cheaper way to get your data back, as well. If your drive isn’t toasted, you accidentally deleted a file, or you had a mishap installing Windows XP, for instance, commercial data recovery software can often rescue your files for less than $100.
The secret is that nothing is ever really deleted on a PC, says Paul del Piero, vice president of business development at Winternals, authors of FileRestore ($39; http://www.winternals.com). When you empty the Recycle Bin, Windows flags your deleted files as ready to overwrite but doesn’t actually remove anything from the drive. That means if a deleted file hasn’t been overwritten, a savvy undelete program can look in the master file table (the OS’s [operating system’s] main directory of files) for the old pointer to the now-deleted file and bring it back to life.
It’s tough to predict when files will be overwritten, but on NTFS (NT file system; the system used by most WinXP machines), Windows starts by overwriting the most recently deleted file. So if you delete a bunch of files at one time and then work for a while, you’ll probably be able to recover most of the files. If you like to empty your Recycle Bin when there’s only one file in there, it’ll be tough to bring that data back.
“If you delete 10 files and then create a file, it will overwrite the 10th file,” says Bryce Cogswell, co-founder of Winternals.
Even if a drive is formatted or the master file table is hosed, savvy software, such as Ontrack’s Easy-Recovery Lite ($94.95 boxed, $89 downloaded; http://www.ontrack.com) or O&O Software’s UnErase ($45; http://www.oo-software.com), can trawl through your hard drive looking for signature headers that are usually attached to common types of files.
This is where defragmenting your hard drive before things go wrong becomes extra-useful. (For more on defragmenting, see “The Usual Suspect” in the November 2002 issue of Smart Computing.) Windows tends to break files up into little pieces, scattering them all over your drive. An emergency recovery program may only be able to find the first of those pieces. But if your drive is defragmented, and your files were in one piece before things went wrong, the software may be able to rescue whole files. On the other hand, never defragment your drive after you lose a file because the defragmentation process may scramble the parts of the lost file beyond repair.
The power of undelete software can be a cautionary tale, as well as a hopeful one. If you’re getting rid of a hard drive, make sure you use a low-level format utility or a secure erase program, such as Heidi Computers’ free Eraser (http://www.heidi.ie/eraser), not the standard Windows format commands, to wipe your data.
“Two students from MIT went out and bought a bunch of drives off of eBay,” Christopher says. The drives had been formatted, but using common commercial software tools, “they got credit card numbers, addresses, phone numbers, and all kinds of information. Many users don’t realize that even though you’re formatting the drive you’re not getting rid of the data.”
Don’t Become A Customer
Data recovery firms understand they are services of last resort. To prevent you from having to shell out hundreds of dollars to rescue a dead drive, they have some tips for keeping your system healthy.
? Back up, back up, back up. Did we say back up? Also, be sure to test your backups before you have to use them. If your backup script isn’t creating a good backup, it’s worthless. (For more info on backing up data, see “Play It Safe” in this issue.)
? Keep your computer in a safe environment: Keep it cool; dry; away from dust, hair, and food; and free from bumping or jostling.
? Periodically run a defragmentation utility. If your drive fails, fragmented files are harder to recover. Defragging also stretches the life of your drive by making it not have to jump around platters to find data.
? Protect your power supply with either a UPS (uninterruptible power supply) or a surge protector—not just a power strip. Power surges can damage hard drives.
? If you hear strange noises coming from your computer, turn it off and call an expert. Using your computer if you’re hearing a grinding or clicking sound from the hard drive can damage it beyond repair.
A Happy Ending & A Lesson
As for Blake Winton, after he rebooted his system from an emergency CD-ROM, he found that his critical data was actually on one of his hard drives that survived, not on the dead drive as he’d thought. After 18 years of computing on the edge, he’s now converting to a safer lifestyle.
“This time I’m going to back stuff up. No, really,” says Winton.
by Sascha Segan
Hackers Heaven: Online Gambling
LONDON, Sept. 10, 2001
Call it the gambling industry’s dirty little secret. Hackers are sabotaging online casinos with greater regularity, security and gambling experts say, in some cases scamming large sums of money from the gaming firms.
Last week, CryptoLogic Inc., a Canadian software company that develops online casino games, said a hacker had cracked one of the firm’s gaming servers, corrupting the play of craps and video slots so that players could not lose.
The company said that for a few hours during the disruption in late August, 140 gamblers racked up winnings of $1.9 million. The games were altered so that every roll of the dice in craps turned up doubles, and every spin on the slots generated a perfect match, the company said.
“In the case (of slots), it was coming out cherries across the board,” CryptoLogic spokeswoman Nancy Chan-Palmateer told Reuters Monday. She added the security breach affected two of Cryptologic’s 19 casino operating licensees; she would not disclose the two site operators.
The winners were permitted to keep the money as it is believed they had no hand in the hack attack. She said: “It is likely the intruder was somebody with inside information of our system.” CryptoLogic is cooperating with investigators.
CryptoLogic is liable to absorb $600,000 of the misappropriated winnings, as a $1.3 million insurance claim will cover the remainder.
CryptoLogic may have been lucky. It was able to detect the security breach early on, minimizing the losses. In other cases, coordinated hack attacks have knocked out sites for longer, security experts say.
In some of those instances, the intruders have gone back to the victims, demanding extravagant sums in exchange for guarantees the attack will not recur, experts say.
“No one is going to say it’s happened, because that’s bad for business. But there is anecdotal evidence,” said Steve Donoughue, managing director of The Gambling Consultancy in London.
Neil Barrett, technical director for London-based Information Risk Management, concurred, saying that over the past year his e-security consulting firm has been contracted to shore up a half-dozen casino operators that had fallen victim to such hack attacks. “It’s become one of the most common fraud scams,” Barrett said.
Barrett and Donoughue say some recent blackmail attempts have been traced to groups from eastern Europe that they say could have ties to organized crime.
“I’ve seen well-engineered hack attacks coordinated with very well engineered extortion attacks coming from Leningrad,” Barrett said.
The hack attacks come in a variety of forms. Some hackers unleash crude “denial of service” barrages, which disable the targeted site with a flood of information requests.
If timed right – such as just before a big sporting event when the wagering activity is at its highest – a denial of service attack could rob a big betting site of millions of dollars worth of bets.
In other examples providd by security experts, the culprit breaks into a casino’s computer server and alters the computer programming code to generate more winning payouts, as was the case with CryptoLogic.
There have been also been incidents in which shell gambling sites are created. Customers of such sites register with their credit card details and the operators plunder the credit card account, Donoughue said.
The incidence of Internet fraud has hit every sector of online commerce from banking to shopping sites. But casino attacks are considered a ripe target for hackers who are enticed by the large number of casinos still operated in poorly policed jurisdictions such as the Caribbean, and by the large number of wagers they handle.
A number of industry groups say online gaming is currently a $1.5 billion industry expected to grow to as much as $6 billion in the next 18 months.
“There are a number of groups trying to make money by hacking,” said Donoughue. “Where would you go? I’d go to dodgy online casinos. Their customers aren’t going to complain.”