http://theinquirer.net/19070104.htm
Arrested Russian 'worked for FBI'
More to Adobe case than meets eye By
Mike Magee, 19/07/01 04:12:49 BST
AN INTERVIEW ON the Elcomsoft site in Russian
has revealed a close
relationship between the firm whose employee
was put in jail Monday and the
FBI.
According to the Russian language interview
with Alexander Katalov, president
of Elcomsoft and an ex-KGB operative himself,
his firm had performed work for
the FBI itself.
An INQUIRER reader has translated the interview
for us, the original of which
can be found here.
Here is his translation in full:
The Elcomsoft president, Mr. Alexander
Katalov gives details on the arrest of
his company emloyee, Dmytry Sklyarov.
Alexander, how was Dmitry arrested?
On Sunday there was a DefCon conference.
Dmitry had delivered there our
"eBook Security: Theory and practise"
presentation. On Monday morning, at
around 9am, he was checking out of the
hotel together with another employee.
On the way out of the hotel, two individuals
stopped them. They presented
their FBI IDs and immediately handcuffed
Dmitry. Detained, the employees were
put into separate rooms. With Andrey they
interviewed him for just half an
hour, asking what and how, and he was
allowed to leave the building right
after. He had tried to get me on the phone,
but could not get through. So,
after he called our Moscow office at around
9:30am, Moscow had already
notified me via e-mail about his arrest.
Is Dmitry Sklyarov the sole "Advanced eBook
Processor" program author, the
very program he got arrested because of?
Naturally, he is not the only one. Moreover,
he was developing the
"scientific part" of the program, its
algorithms. This work is a part of his
dissertation. There were at least three
employees, working on the program;
the program itself comes under Elkomsoft
brand. However, it seems that now
the Americans are trying to present the
situation as a hacking, conducted by
a single Russian hacker.
So, does it look like Dmitry was detained
only due to his DefCon
presentation?
Probably yes. Though he introduced himself
as an Elcomsoft employee, the
company that developed the product.
What are your lawers saying?
Our lawers were notified on arrest in the
evening, when everything was closed
down already. That's how it was developing:
after I received the email, I
called the Russian Consulate. They proposed
to wait until noon at consulate,
assuming that the Americans would let
Dmitry board the flight en-route LAX,
where Aeroflot flight would bring him
back to Russia. But he did not show up
at the airport, so the consulate initialized
a standard offical request to
American authorities. They spent around
two hours on that and we all realized
that Dmitry will not fly away for sure.
In fact we even did not know where
Dmitry was physically located. At around
2pm the request was filed but not
till the end of working day, till 6pm
was there any answer. So on Monday we
had no info. Tuesday morning, when our
office had started its new working day
in Moscow, Dmitry's wife called in. She
said that she had a call from the US,
and via an interpreter she was told that
her husband is under arrest. She was
not allowed to talk to him directly. This
US call was at around 4am Moscow
time, so it was still Monday, around 3pm
here in US. So this meant that the
authorities had not responded to the request
filed by the Russian Consulate
on Monday.
Are there any offical charges already?
As far as I can tell from the words of
Dima's wife (and she did not
understand it all clearly due to early
morning situation itself, plus she
also has a 2-month old baby), it looks
like charges were preferred yesterday.
And it was decided that Dmitry would be
spending time in the jail, because
there are no people ready to pay the bail
bonds. Bear in mind, the US
authorities had never notified either
the Russian Consulate or us.
After this case and another recent arrest
of Russian hackers it looks like
the FBI has acquired a new way of working:
to lure Russian programmers out of
Russia and to arrest them in the US under
local legislation. Before this
time, were your employees attending similar
events to DefCon? Have there been
similar situations before?
Well, we did attend Black Hat conference
without any problem. Moreover, in
April we had sponsored the conference
on informational security for the US
law inforcement agencies. So the arrest
we are talking about is relevant to
the accusation against Dmitry. Filed by
the Adobe Corporation only, it does
not concern our company business practices.
Dmitry's wife was told that
Dmitry is to get relocated to California.
And the San Diego agent arrested
him, exactly where Adobe is stationed.
Don't you think that your program for breaking
the copywrited Adobe files
breaches the law?
I don't think so. Adobe asserts that the
limitation to copy of e-book is to
be defined (set) by the copywriter. However,
if you compare same books saved
in Microsoft and Adobe formats, you'd
see that Microsoft format allows making
the second copy. The Adobe format does
not. Meaning that while the Microsoft
format based book can be read on different
computers: on the one the u ser
had purchased it, and on another, like
on a notebook at home. However, in
Adobe format you are allowed to read the
book only on the very computer you
downloaded the book with. So the assertion
that such a limitation is to be
established by the publisher or by the
author is an absolutely incorrect one.
But hacking the book once lets you replicate
it for further distribution…
Our program does not "hack" the book: only
the individual who officially had
purchased the book can make a second copy.
If the individual made a copy and
proceeds with its following distribution
on disks - he is the one who
breeches the letter of law. Not our program.
Making the copies for own needs
is legal. In fact, according to Russian
legislation, Adobe software is
actually rather illegal, because it does
not let the buyer use the purchased
product where the Buyer needs it. Besides,
during the on-line purchasing
procedure of Adobe formated books, the
buyer is not informed at all about
such a limitation.
But the allegation will be an American
one, - because of the hacking program
distribution on US territory (Title 17,
United States Code, Section
1201(b)(1)(A), or so called Digital Millennium
Copyright Act).
The truth is that we did not distribute
the program. There were reports that
we do. But we did not sell it and did
not collect orders for it. Right after
first Adobe warning, we only had left
the demo-version on the net, which does
decript only 25% of the book, just for
demonstration, that such functionality
is feasible. During 4 consequetive months
we were informing Adobe specialists
on their defence "holes". Even wrote on
the forumes, specifically created for
thoses specialists. But they simply were
erasing our messages. As far as I
can tell, Adobe Corp is feeling uneasy
about the situation with Barnes&Noble,
which doubted their security efficiency
incorporated in the e-book format.
So, does it mean, that Adobe Corporation
got interested in you only after you
pointed the issues out to them?
Well, yes! Barnes&Noble had stopped
its on-line sales of e-books for 24
hours, claiming that "adobish" format
does not provide copywriting security.
Adobe Corporation proceeded with active
measures exactly after this case.
Recently in US there was similar case with
the program to hack DVD disks. And
they managed to plead people, distributing
DeCSS, guilty.
Yes, our story with e-book is the closest
to the DeCSS story: they made a
program, letting to view DVD movies on
Linux based computers. However those
people already on the way to win analog
cases, with meeting allegations. It's
because they were not allowed to publish
their algorithms, while algorithm is
already a scientific work, a subject that
cannot be prohibited for further
distribution.
It's known, that sometimes FBI does arrest
hackers for the sake of making
them work for FBI in return for freedom.
Can it be that Dmitry will be out in
the same way?
Well, such a development could have occurred
to me, because I've studied in
Higher KGB School. I don't think this
would happen to Dmitry. May be only if
they would propose him a contract…
But Elcomsoft already was cooperating with
the FBI, wasn't it?
Yes, our major customers for passwords
hacking program are special services.
Same FBI was purchasing those programs
for several times.
Can it help to free Dmitry up?
I don't know. Those are separate FBI departments.
Naturally, I will try to
use my contacts. µ