Credits: ABC News
A US judge this week sentenced website hacker Billy Anderson to three months behind bars, refusing his lawyer’s request not to put him in jail, in order to “send a message” to others.
Anderson, 42, of Torrance, California, targeted thousands of websites under the hacker name AlfabetoVirtual, and boasted about his efforts on a hacking forum. But it was when he brought down the website of New York City’s comptroller for nearly two days in 2015, leaving his pseudonym on the site, and broke into another belonging to military academy West Point the following year, that the authorities chased him down.
Anderson was ordered to pay a total of $12,804 to cover the costs of getting the two government websites patched and back online. But – noting that he had expressed remorse for his actions – Manhattan federal district judge Laura Swain gave him far less than the 12 to 18 months the government prosecutor had recommended [PDF].
The judge refused a plea [PDF] for a non-custodial sentence from his lawyer however saying that “these kinds of intrusions undermine confidence in government,” and noting that Anderson only stopped his activities after he knew prosecutors were on his tail.
Anderson apologized for his actions and claimed the trial had given him pause for thought. “I was able to see the damage that I had caused,” he told the court. “I would just like to apologize for everything that I’ve committed.”
The case was notable for the level of rancor between government prosecutors and Anderson’s lawyers. In one filing, his lawyer complained that “one of the perplexing aspects of the government’s pleading is its downright vindictive tone and tenor.”
But it’s not perplexing at all: one of the government prosecutors told the court that Anderson had offered to cooperate with the government in order to reduce his sentence by promising information on other hackers, including their real identities. But none of the information he provided led to any new cases or arrests, the prosecutor explained. If there’s one thing government prosecutors don’t like it’s being strung along.
As well as his three-month stay in prison, Anderson, who pleaded guilty in October to two counts of compute fraud, was sentenced to three years of supervised release, and ordered to carry out 200 hours of community service.
And now to Russia
Meanwhile, in Russia this week, an entirely different kind of hacking case saw a former senior counter-intelligence officer and a cybersecurity expert found guilty of treason and given 22 and 14-year prison sentences respectively. That’s years, not months.
The trial of Colonel Sergei Mikhailov, an ex-FSB officer, and Ruslan Stoyanov, the former head of investigations for Kaspersky Lab, was carried out in secret by a military court over several months, and is thought to concern the leak of information regarding Russia’s shenanigans during the 2016 US presidential campaign.
The Russian media has reported that Mikhailov – who at the time was deputy head of cyber intelligence at Russia’s security agency – contacted Stoyanov to tell him about an FSB investigation into Russian businessman Pavel Vrublevsky, who allegedly knocked a payments system offline in a distributed denial-of-service attack. Mikhailov apparently handed details of this FSB probe to the FBI, and passed a copy of the notes to Stoyanov, who is believed to have shared this info with an FBI-linked contact in the computer security industry.
The details are murky due to the classified nature of the hearings, however the upshot is, Mikhailov and Stoyanov were ultimately accused and convicted of passing state information to foreign intelligence agencies.
The possible tie-in with the US presidential election is due to the fact that were arrested in December 2016: the same timeframe that the FBI ramped up its investigation into Russian interference with the White House race in America. According to Russian reports, Mikhailov was the main point of contact between the Russian government and Western security agencies on all things cyber, so suspicion fell on him, an alleged leaker of state secrets, when the FBI become so certain of Russian meddling that it went public.
Whether he ended up sharing information on the Kremlin’s operations with the FBI is unclear. But in a very Russian turn of events, his lawyer claimed that the entire arrest and trial had nothing to do with US election interference, but was instead the result of a campaign by the Russian businessman Vrublevsky.
“The case has been concocted at Vrublevsky’s orders,” Mikhailov’s lawyer said, while also noting that she was not allowed to talk about anything that happened during the trial itself.
Vrublevsky confirmed that he had testified during the trial, but that it wasn’t the content of the information that resulted in Mikhailov being found guilty of treason but rather the fact that he had provided information about an FSB investigation to a foreign citizen.
And if all that wasn’t suspicious enough, Vrublevsky continued to complain that Mikhailov had abused his position to go after “internet entrepreneurs” – which included himself – and turn them into “cybercriminals.”
Nothing strange to see here: just a businessman waging a vendetta against a deputy head of the security services and winning in military court.