SEATTLE -- Invita Security Corp. looked like a typical Internet company: It had offices, computers, employees and a secure computer system. The only thing missing was the customers.
Far from being a failed start-up, the aptly named Invita turned out to be a bogus company set up by the FBI to ensnare two young Russians accused of breaking into U.S. Internet companies' computers, stealing sensitive data and trying to extort money.
Authorities say Alexey Ivanov, 21, and Vasily Gorshkov, 25, both of Chelyabinsk, fell for the bait. They were arrested and jailed on charges including conspiracy and fraud and are set for trial May 29 in federal court in Seattle.
The FBI declined to comment. But in recently unsealed court documents that read like a spy novel, agents tell how they snagged the alleged thieves by creating the shell company and inviting Ivanov and Gorshkov to try to hack into it.
After Ivanov and Gorshkov succeeded from afar, FBI agents posing as Invita employees invited the two to Seattle to discuss a partnership and further display their hacking prowess.
As the Russians demonstrated their skills at the shell company, the FBI used a computer eavesdropping technique to reach across the Internet and break into the suspects' own computer system in Russia.
Internet security experts say the case illustrates well how the FBI's cybercrime-fighting abilities have evolved -- though the defense is questioning the legality of the agency's methods.
"What they did was phenomenal. It was exceptionally effective," says Kevin Mandia, who worked for the Air Force office of special investigations and taught FBI courses in hacker attacks before joining the Irvine, Calif., Internet security company Foundstone.
Mandia says that the FBI, after being ridiculed as ill-equipped to fight computer crime, has made remarkable progress, including adding a program that has trained more than 1,000 agents in cybercrime.
The FBI believes the Russian suspects or their associates could have been involved in hundreds of crimes against U.S. companies, including Kirkland-based Lightrealm.com, an Internet access company, and Palo Alto, Calif.-based PayPal, an online payment business.
First, the FBI alleges, the hackers broke into computer systems. Then, authorities say, they sent e-mails to company officials demanding payment in exchange for not distributing or destroying sensitive documents including financial records.
After tracking down the suspects over the Internet, the FBI invited them to Seattle in November for the Invita gambit.
Court records show that while Gorshkov was using an Invita computer, the FBI secretly used a "sniffer" program that logs every keystroke a person types.
Using passwords recorded by the "sniffer," the FBI was then able to enter the computers in Russia where Gorshkov kept his data and download immense amounts of information.
The Invita case could define how far U.S. law enforcement can go to catch non-citizens who break into American systems.
Brainerd Dispatch ©2013. All Rights Reserved.