Saturday, July 10, 2010

Problems of Software Market in Ukraine

Last years, Ukrainian state services followed recommendations of several foreign mega corporations that stand up only for their commercial interests. As a result of two years of fighting “counterfeit production” we have homeland field of compact disks destroyed (2 of 8 plants are working now at 7% of their project capacity) and now we observe systematic elimination of enterprises and scientific institutions specializing in high technologies field. Tax administration and legal representatives of foreign corporations, close homeland enterprises and seize their computers because they use unlicensed software. Thus observing one law they violate number of other [1].

Arisen situation is moreover a result of long term policy and perspective plans of foreign companies. Unlicensed software for computers IBM-Intel (Microsoft-Intel, “WIntel” and Windows-Intel) was widely distributed from midst of 80 years on the territory of Third World countries. Unlicensed software was spread only for this only platform and it was the only industrial platform for which it was possible to buy hardware without any software. The last circumstance is significant because this was the way most common and less well-provided customer acted.

It is also important in the view of strategy. For example it was almost impossible (it is still impossible now) to buy Apple Macintosh, Sun or SGI computers (platforms competitors of WIntel) without pre-installed software, as it has never been sold without software. In a result, cases of pirated software usage on these platforms were single. But naturally, these computers didn’t get such spread.

Intel-Microsoft union for 15 years almost hadn’t been prohibiting from application of unlicensed software and won a world prevalence in this field as the most used platform.

Situation in Third World countries developed as such: in case of tough software policy there was no PC market at all because the cost of commercial software, as a rule, was in several times higher of PC cost and government did not pay any attention to development of own software field for a long time. Having followed consequently the policy of hardware wide sales that was entailed by stolen software, WIntel managed to build complete hardware markets that depend now on software application policy. Essentially, two corporations became what they are today due to this policy. Intel directly and indirectly (license of production) had received already and is receiving its money for processors and other hardware. Having developed a market, Microsoft not only increased software sales (especially corporate editions), but also there is a long term trend of dependence on one software developer.

Toughening of license policy started exactly in the end of last century: tens of countries, tens of thousands of firms and hundreds of thousands (if not millions) individuals suddenly found themselves in lists of “criminals” and “debtors”.

Internal situation in Ukraine is also important. In spite of absence on the market of Ukrainian pirate production, there are many shops on the streets of cities that sell unlicensed production (mainly produced in Russia). It is typical that all they have patent for sale and pay taxes – i.e. they exist legally, at least at level of local authorities and relationship with exchequer.

The most important for the majority of Ukrainian users – from individuals to enterprises and organizations – is price. The cost of single-user operating system of Microsoft in box-version is 140-400 USD (cost of OEM version, which is installed only with new computers is starting from 75 USD, like Windows XP Home Edition). The cost of server operating systems of the most used environment – from 869 to 1430 USD, set of office software – from 440 to 600 USD. And here we can make some conclusions:

1. The cost of Intel or AMD computer of the most common configuration today is about 450-550 USD. Thus we see that price of minimum software set is 1,5 -2 times higher than PC cost and it makes computerization impossible for average Ukrainian (as well as for government institutions).

If software cost is 19 times higher than average wage all over the country and data are stored in restricted commercial standards, we can’t speak about “free access of citizens” to technological achievement and important social information, and observance of corresponding constitution norms.

2. Are today’s requirements of foreign software corporations lawful? In any case they do not correspond either real opportunities of average Ukrainian users or general standard of living in Ukraine.

3. Actually today’s unprecedented discounts on Microsoft products in Ukraine won’t affect anything. Further degradation of domestic software field will make Ukraine, first to pay for users training and structure of government information exchange, and then spend every one-two years more and more money on software upgrades from developer. Thus dependence from commercial software of foreign manufacturer will grow along with funds needed for legalization.

4. Microsoft software is referred to category of “corporate software” with commercial (closed) source. User gets a program “compiled” (ready to use) and he cannot get program source and see how everything is realized there [2]. In view of tough measures on national security adopted in USA after September 11, and scandals arisen earlier because of detection of “loopholes” in commercial software, open for secret services of the country-manufacturer (also scandals occurred about different concealed from user programs that identified computer owner, his localization and list of software installed in the given computer). There is no confidence that it is secure to use such software in government or business.

At present there are some phenomena in legal market of intellectual products like: monopolization, obtrusion of product or service, misinformation on real features of the product, active retention of consumer’s dependence, scandal and dishonest advertisement, mass sales of defective products, dishonest competition, violation of different rights of consumers, obtrusion of own state, field, national standards, principles, traditions and restriction of natural freedoms of person, full absence of assurance and balance of obligatory rights for counterparties usual in civilized market.

5. Orientation only to software of foreign commercial manufacturer lead to such consequences:

a) outflow of significant funds abroad;
b) elimination of home high tech fields, corresponding professions and training schools as such.

Thus such field will be excluded from national economy. It is possible to counteract this process by developing for state sector (for all fields) of information systems based on open solutions (described, and without any restrictions on use), protocols and data formats, and hence also by way of organization of government contractual work for this important field.

As experience shows, software developed in Ukraine (standard reports exchange, bank data transmission, accounting programs) is not so complicated at present. At the same time there are some developments in Ukraine (and Russia) that are quite competitive with foreign (in field of developing Internet applications, data bases support, fonts recognition and etc.). However, foreign software put more and more growing pressure upon these products and, in the end, it replaces them from local market because of better support and advertisement. Accordingly, structure of productive potential of the country is changing: less and less experts are engaged in scientific technical sector, and most of them get to distribution departments of foreign companies-monopolists and do not take up own developments. Hence, own schools of technologies are interchanged by certified courses of foreign companies.

Domestic high tech field needs national development programs and balance of world integration processes and objective national interests, balance between interests of foreign and local business. Level of technological, humanitarian development is decreasing fast without this balance. Number of countries solved or are solving similar problems.

Solution’s main point is that there is full functional software in the market, similar (in some cases more profound) to software of Microsoft (and many other developers of commercial soft with severe restrictions on use and modification). Such software is distributed according to so called GPL – General Public License (or other similar types of licenses like BSD or Public Domain), including freeware (cost of the carrier or “compilation”, i.e. remuneration of adaptation efforts and set of tools for this or that class of users). The most spread name of such soft is “Open Software” or “Open Source” (open or with open source).

One of the most important advantages of open software is low price of new programs development – due to opportunity of unlimited repeated use of the source developed for other products.

Main principles of such licenses are: opportunity to apply such software on any purposes, free access to source, opportunity to research into mechanisms of program functioning, research into principles applied, using any parts of source in other programs and purposes, modifications for solving problems of the concrete user, opportunity to copy (replication) and public distribution of copies, opportunity of modification and distribution of copies, opportunity of modification and free distribution as well as original software, and modified under the same conditions (obligatory for GPL, but not for BSD, Public Domain and other types of Open Source licenses).

Thousands of programmers and small companies develop Open Software all over the world, their products are available for any modification and further sale or non-commercial distribution.

Thus Open Software (Open Source, open, free software) is high-quality and public alternative to closed commercial soft. It is necessary to give such alternatives to Ukrainians before introducing severe sanctions on unlicensed commercial software use.

International precedents are important in case of Open Source distribution. India and China, in order to save money and time, began to use open source soft for developing homeland products. Freeware is accessibility of the source and shifting expenses to support services, customers pay not for licenses but for support. China, being in such situation, more than one year ago declared transition to software on freeware Linux operating system in all state authorities. France, Germany and Russia follow such measures too. Actions of these countries are absolutely clear in all respects – starting from national security, ending with free and public access to information by all groups and categories of citizens.

Dependence from foreign software manufacturers, according to experts, is extremely economically unprofitable, it will never allow to organize sound information security system. The only way to integrate in world information space and not to become dependent on foreign software giants is to start introducing homeland software solutions.

[1] Y. Radchenko, War with own shadow: how Ukrainian government “fights” “intellectual pirates” - http://www.zerkalo-nedeli.com/nn/show/405/35706
[2] V. Kalyatin, Intellectual property (Exclusive rights), Moscow: “Norma”, 2000, p.187.
As Internet access spreads in the former Soviet Union, so does malicious code.
For all its disadvantages, the former Soviet Union had one hugely overlooked advantage: it kept hackers, crackers, and virus writers confined inside the country by restricting their access to the Internet.

A decade later, Internet penetration is booming in the region, particularly in Russia, and viruses are epidemic. In fact, Russians are linked to some of the nastiest viruses the technology world has ever experienced: Bagel, Mydoom, and Netsky, to name just a few.

Security experts warn that the situation is likely to worsen as hacking, cracking, and virus writing shift from being a mischievous hobby of young kids to a lucrative occupation of skilled professionals working hand-in-hand with hardened criminals.

"The influence of organized crime in this area is steadily growing," says Alexander Gostev, a security expert with Kaspersky Labs in Moscow. "We are now seeing more malicious programs written by professionals, and not by script kiddies as we experienced two to three years ago."

DK Matai, chairman of Mi2g, a London-based security service provider, agrees. "The Mafia, which has been using the Internet as a communication vehicle for some time, is using it increasingly as a resource for carrying out mass identity theft and financial fraud," he says.

Easy Money

The motive is obvious: money--in some cases, big money, which fuels other traditional Mafia activities, such as drug smuggling and prostitution.

"There is more of a financial incentive now for hackers and crackers as well as for virus writers to write for money and not just for glory or some political motive," says one former hacker, known as 3APA3A, who is currently employed as a security expert.

That view contrasts sharply with the situation several years ago when hacking had another status in Russia. In a message published on GlobalSecurity.org, one former hacker-turned-teacher wrote that during his childhood, he and a couple of friends hacked programs and distributed them for free. "It was like our donation to society," he wrote. "It was a form of honor; [we were] like Robin Hood bringing programs to people."

Today, hundreds or even possibly thousands of skilled Russians desperate for cash are scouring the Internet looking for security vulnerabilities in the computer networks of companies, particularly in the U.S. and Europe. They are creating worms and Trojans for stealing credit card and other financial information, or turning inflected computers into zombie hosts to establish illegal spam farms, or extorting money by threatening companies with a distributed denial-of-service attack if they don't pay. And more.

Indeed, if there were a happy haven for hackers these days, it would be Russia, according to Ken Dunham, director of malicious code at iDefense in Reston, Virgina. "In Russia, perhaps more than in most other countries right now, hacking magazines and software are sold on the streets of Moscow," he says. "It's not a secret as you'd expect, but right out there in the open."

Moscow even has a hacking school: Civil Hackers' School.

Perfect Breeding

The combination of over-educated and under-employed specialists has made Russia an ideal breeding ground for hackers. The hacker community was infused with professionals following a financial crash in 1998 that left many computer programmers and business people financially destroyed and out of work. Even today, the country continues to churn out plenty of students who excel at mathematics and physics, but who struggle to find work.

"Russian criminals offer students money to spend time with them to carry out illegitimate activities in return for cash," Matai says. "They're active not only in schools and universities, but also through their own recruitment centers where they siphon off talent for organized criminal purposes, which include selling services to groups in other countries, such as Islamic hackers."

Another factor making Russia an even more fertile nest for hackers is the growing number of residents now able to access the Internet. The Ministry for Communications projects their numbers to grow from 6 percent of the population (around 148 million) in 2003 to 15 percent by 2005. Eleven million people currently use the Internet, while around 9 million own a computer.

Cybercrime doubled in 2003 to 11,000 reported cases, according to the Ministry of Internal Affairs. The most frequent crimes were illegal access to computer information, distribution of pirated software, and cyberattacks on financial institutions.

Next Page: Home to Some of History's Most Notorious Hacks

Home to Some of History's Most Notorious Hacks

Russian hackers have been behind some of the most audacious cybercrimes ever reported. Mathematician and computer specialist Vladimir Levin from St. Petersburg was nabbed in 1995 and sentenced to three years in a Florida prison in 1997 for hacking into Citibank's computers and electronically transferring around $10 million out of the bank's accounts. To this day, no one knows exactly how he broke into the bank's system.

In 1999, Russian hackers were credited with disrupting NATO and U.S. government Web sites.

In 2000, Vasiliy Gorshkov and Alexey Ivanov were lured to the U.S. by Federal Bureau of Investigation agents and later arrested. Gorshkov was sentenced to three years in prison and given a $700,000 fine after he was convicted on 20 counts of conspiracy, fraud, and other related computer crimes. The pair admitted hacking into the computers of U.S. companies to steal credit card information and other personal financial data and then extort money from the victims by threatening to expose that information to the public on the Internet or to damage the companies' computers.

A gang of computer hackers, headed by a 63-year-old pensioner, was arrested by Russian police in 2001. The former computer programmer for a Moscow institute was apparently bitter over receiving no royalties from his work. So he teamed up with a former policeman and three others to steal the details of credit cards from individuals in the U.S. and Europe and use them to make online purchases. The gang then channeled their income back to Moscow through a bogus Internet site they had created, which sold useless information about timber in Russia.

Uneven Enforcement

Hacking is illegal in Russia, just as it is in the U.S. Enforcement, however, is where the two countries differ. In Russia, hacking is sometimes more akin to a getting a parking ticket than a serious felony--something that on paper is wrong but not morally reprehensible, according to Timofey Saitarly, project administrator at the Ukrainian Computer Crime Research Center.

"Young people often hack expensive foreign software because they can't afford it," he says. "Some of the software costs as much as they make in an entire month or even more."

Sergey Bratus, a research associate at the Institute for Security Technologies Studies at Dartmouth College in Hanover, New Hampshire, has a similar opinion. "A huge problem in Russia, particularly Moscow, is violent crime," she says. "Compared to this, small-time computer crime doesn't seem to be a big issue to society. Hackers aren't making the streets unsafe."

Local investigations also are hampered because authorities cite other, higher priorities. That means many hackers are able to operate in what are essentially safe havens. And in an interconnected world like the Internet, a few safe havens are all that is needed to wreak havoc on every country.

"I know of no hackers being imprisoned in Russia," says Kaspersky's Gostev. "Law enforcement officials don't seem to be taking any real major action maybe because none of this hacking has been directed at Russian companies or organizations. They seem to be more interested in protecting national security."

The Russian government has several groups hunting cybercriminals. The Ministry of Internal Affairs, for instant, has a special task force dubbed "the spider group." And there is a unit within the Federal Security Services, the successor to the Soviet Union's KGB. How effective they are, particularly when a crime extends beyond their borders, is unclear.

"It is one thing to criminalize the creation of viruses," says Gus Hosein, senior fellow at The London School of Economics and Political Science. "It is another to investigate the means through which viruses are propagated in the hope to trace it back to its origin."

Joint Investigations

Such investigations, according to Hosein, would require access to traffic data at ISPs throughout the world. So what about a virus that emerges in the U.S., but is traced back to Russia? Who would do the tracing?

If Russia, for example, were to take the lead, how would U.S. ISPs or those in other countries know that a Russian request for traffic data is "for the investigation of a
request for traffic data is "for the investigation of a virus trail or to track the dissemination of information regarding Chechnya?" Hosein says. "The point is that policies will be developed to enhance the investigation of viruses in order to trace virus makers and other perpetrators of cybercrimes, only to see those same powers used for different purposes, such as pursuing copyright crime and 'indecent' communications."

Add to that the global approach virus writers are now taking to make their assaults even more difficult to track. "We are monitoring virus incidents whereby writers operating in country A launch a virus in country B to infect computers in country C," says Mikko Hyppünen, director of antivirus research at F-Secure in Helsinki. "It's hard to prosecute offenders especially when laws are nonexistent in many of the countries that these guys are using to launch their virus attacks."

International law is often ill-suited to deal with the problem, with conflicting views on what constitutes cybercrime, how--or if--perpetrators should be punished and how national borders should be applied to a medium that is essentially borderless.

"What is needed is the ability to extradite," says Mi2g's Matai. "But this is not easy because of the anonymous nature of organized crime--it's very difficult to pin down who actually committed a crime--and because individuals who are caught committing a crime in one country may not have any laws against that crime in their own country."

Going Global

Efforts to establish global cybercrime laws exist. London School's Hosein points to the Council of Europe convention on cybercrime, a treaty signed in November 2001 that calls on countries to harmonize their laws on and investigative powers of all illegal behavior, including hacking and child pornography, and to ensure international cooperation in investigations. But Hosein warns that as countries adopt the convention into national law, many tend to go further than necessary in order to expand their powers.

Some experts are in favor of establishing a special global cybercrime task force, similar to the Interpol international police network. "We just need to copy the Interpol structure for traditional crime, make some slight changes and establish cooperative programs," Gostev says.

In the absence of a global Net cop, Microsoft has been offering Wild West-like bounties to catch cybercriminals. But one former virus writer in the Czech Republic dismisses the bounty as a marketing tactic, saying it will have no deterrent effect. "For Microsoft, it's just another excuse for their buggy software," Benny says in an e-mail. "It's only about marketing."

Security experts believe the best way to curb cybercrime is for each and every user to make sure his o front door is securely locked.

"A due diligence approach is required to help fight off this new wave of cybercrime," says iDefense's Dunham. "Everyone must take responsibility for helping to harden computers against attack, from the end user to the CEO of a large corporation."

Psychological warfare management

This article dwells on two basic author’s concepts of state information policy implementation in condition of psychological warfare – counteraction to psychological warfare and psychological warfare management. Concept of psychological warfare management is an activity aiming at changing system features of warfare in the selected direction with use of tools of external political influence. Thus, it is based on the principle that if nothing can be changed, it can be organized and leaded. Implementation of this concept in praxis lets state policy to achieve goals, which are unattainable for counteraction concept. So, the common ideas of features and level of danger of modern information-psychological warfare are changing. To our point of view, within the system of state information policy management of information-psychological warfare will be considered in current future as an important category of the activities in peculiar conditions. It is noteworthy that this article introduces the category of information-psychological warfare management for the first time into the definition apparatus of scientific research on information-psychological security, psychological warfare and state information policy.

Examination of information-psychological warfare as a social notion points out two basic social functions of information-psychological warfare: destruction and regulation ones.
Destruction function of information-psychological warfare results in permanent changes in the system of social-political relations in society, transformation of its structure, direct and indirect connection taking into account new practically non-regulated by law norms forms of political extremism; escalation of political struggle and implementation of praxis of direct violence forms in reaching political goals. Application of modern information-psychological warfare technologies results in affection of individual’s central nervous system, leading to destruction of individual’s mentality, damage to psychical state, change or destruction of values system, change or partial loss of an ability to think abstract logically. Thus, the national gene fund worsens. Negative influence on individual’s mentality and psychic does not stop even after eliminating of an aggression source.
Regulation function is to solve contradictions on power and political leadership implementation in information-psychological area by using methods, which exclude necessity of direct military aggression. In modern society information-psychological warfare replaces this form of conflict relations in political struggle. In international relations there is a tendency in using dangerous potential of modern information-psychological warfare aiming at curbing direct military aggression, so called information-psychological curbing (it is an analogue of military curbing). So, it implies management of crisis situations using preventive actions of information-psychological influence on nation and governments in the potential area of conflicts.
Regulation of the social danger level of information-psychological warfare as a means of tough political compulsion and a form of uncontrolled violence could not come to the introduction of prohibition and limit system. Information-psychological warfare is based on using the same basic elements and means of social communication in its technologies of latent influence like other social processes. Thus, it cannot be eliminated as a social notion and a type of social conflict, but can be at the definite controlled by society level of social danger.
State information policy is important for regulating social danger of information-psychological warfare. However, modern state information policy of Russia is unable to protect Russian society from destroying influence of information-psychological warfare in connection with low readiness of Russian society to oppose actively to any attempts of manipulating social mentality. Whereas citizens are trying to understand the threat, which introduce information-psychological warfare, information-psychological warfare technologies influence not only on mentality, but on subconsciousness.
The scientific hypothesis of our research is that in conditions of information-psychological warfare it is essential to amend the concept of modern state information policy aiming at its adaptation to new conditions. We assume that it is impossible to eliminate information-psychological warfare as a permanent social notion at this evolution stage of society, but state regulation can provide the definite, controlled by society, level of social danger.
The inefficiency of modern state information policy in conditions of information-psychological warfare:
- requires amendment of the whole concept of modern information policy aiming at its adaptation to modern conditions, in which information society is building;
- points out peculiar conditions of its implementation and necessity of working out special methods and mechanisms of political influence, which are adequate to those revolutionary changes that take place within the system of social-political relations in modern society.
In conditions of information-psychological warfare the objective for forming of state information policy should be the search of patterns, principles, forms, and methods of political regulation. They help:
- to prepare society to counteract actively to information-psychological warfare;
- to counteract to information-psychological warfare at the state level with the assistance of institutes of civil society;
- to carry out setting goals, form an organizational structure, employ methods and resources for implementation of state management system in accordance with criteria on priority development in comparison with a system of information-psychological aggression (warfare) implementation; adequate counteraction to information-psychological warfare as a permanent social notion (conflict).

In conditions of psychological warfare the main function of state information policy is social protection from negative information-psychological influence and includes two main elements:
- counteraction to information-psychological warfare;
- information-psychological warfare management.

Concept of counteraction assumes that
- first, information-psychological warfare is an external factor in regard to the protected system. We are unable to influence on reasons of appearing of this notion, while it happens somewhere outside the protected system;
- second, by counteracting to warfare we interfere with patterns of forming and evolution of this particular information-political conflict, destroy normal temps of its evolution change conditions of its transformation from one stage of conflict evolution to another one. In principle, such interference may destroy psychological warfare evolution as political conflict and result in its political disorganization.
- third, any new information-political conflict is a new threat for the protected system. The more conflicts appear the more threats.
The basic lack of counteraction concept is that the target of counteraction is elimination or localization of information-political conflict in that place where it appeared. It is impossible under conditions of a variety of information-political conflicts; we struggle with some features of a new social notion – psychological warfare, but not with the notion itself.
Concept of psychological warfare management in information policy is based upon the principle that if something cannot be defeated, it should be organized and leaded. Concept of psychological warfare management is an activity aiming at changing system features of warfare in the selected direction with use of tools of external political influence. To our point of view, within the system of state information policy management of information-psychological warfare will be considered in current future as an important category of the activities in peculiar conditions.
Concept of psychological warfare management is aimed at reaching goals, which are unattainable for counteraction concept: if warfare can be managed, therefore it is not so important for social stability whether there are a lot of such conflicts or not in the political area of society. Thus, as soon as the similar conflict appears, it becomes a subject of political regulation, and therefore performs a definite social function in society. Despite the fact that modern information-psychological warfare is aggressive, it possesses some social functions. First, they are the following: ousting of traditional forms of military struggle from the area of international relations, so called information curbing. Use of these psychological warfare functions in the system of international relations (including restraining its destructive elements) suggests that psychological warfare is a tool of information policy. Moreover, information-political conflict management cannot be effective if there are a few conflicts. In case there is a single conflict, it behaves individually and it goes beyond the framework of basic statistical tendency and patterns, which information management takes into consideration. Thus, a variety of conflicts in the concept of psychological warfare management is not a hindrance, but the main condition for efficiency of this concept implementation.
New tendencies and patterns of state information policy implementation appear in conditions of information-psychological warfare:
1.1. Social adaptation of information-psychological warfare: information-psychological warfare evolution in the direction of strengthening its social function is capable to transform information-psychological warfare into one of the institutes of warfare into one of the institutes of information-political relations regulation.
In future state information policy will be based on strengthening of a regulative social function of information-psychological warfare and weakening of its destructive function aiming at transformation of an aggressive form of information-political relations (warfare) into one of the institutes of social relations regulation.
1.2. Social reduction of conflict potential of information-psychological warfare: creating institutes of information society, which provide a leading evolution of information-political relations system of civil society in regard to modern forms and methods of information-psychological warfare, results in reduction of its conflict potential.
State information policy would reject in future praxis of searching and rejecting of objective contradictions, which lead to information-political conflicts, and would concentrate its attention on creating institutes of information society.
1.3. Object-subjective dualism of political conflicts in the information policy system: in information policy system political conflicts are regarded both as an object of information leadership and as the main tool of other political conflicts and processes management.
In future information policy would employ information-political conflicts as the tool of other political conflicts and processes management. It is within the framework of this concept a variety of institutional political conflicts, which are the tools of information management, define flexibility, multi choice, and efficiency of information policy.
1.4. Institualization of external information-psychological aggression: information-psychological warfare recognized by the system of information-psychological relations of an aggression object at the early stage becomes an institutional conflict, but recognized later becomes an object of information policy management.
Further state information policy would assist in intensive development and in working out measures of information-psychological warfare at the early stages (influencing on sources of aggression), their management at future stages.
New features of state information policy appear in conditions of information-psychological warfare:
- at this stage of social evolution it is impossible to eliminate information-psychological warfare as a permanent social notion, but it could be curbed at the definite controlled by society level of danger. In open civil society the single possibility of state control over this notion is information-psychological warfare management as an object of management aiming at reduction of its system features and its status to the level of institutional conflict;
- information-psychological warfare employs objective contradictions of social political system as an object of management. State information policy assists in creating information society, thus, provides leading evolution of information-political relations system of civil society in regard to current forms and methods of information-psychological warfare, eliminates or transforms latent contradictions, on which management warfare is based;
- information policy reveals truthful latent contradictions in social evolution, which form social relations, and it regards disturbance of political area (classic political conflicts) as indirect, that is an indicator of contradictions existence.
If one examines concept of psychological warfare management within the framework of sociological , statistical , conflict , and system-functional hypotheses, we will have the following picture.
One can divide different levels of information-psychological warfare management in the system of state information policy:
1. Psychological warfare management as a social notion:
- regulation of social danger of psychological warfare;
- strengthening of constructive social function of psychological warfare and reduction of its destructive social function (social adaptation);
2. Management of information-psychological warfare area as an area of political conflicts (statistic system):
- management of conflict potential;
- management of vector potential of psychological aggression;
- management of vector potential of psychological aggression (change of vector direction of psychological aggression or its compensation);
3. Psychological warfare management as a type of political conflict:
- perception management (at the individual’s level);
- communication management (at the level of separate individuals, groups, stratus);
- group management (at the level of groups);
- management of conflict dynamic;
- status reduction and system features of information-psychological warfare to the level of institutional conflict;
- disorganization of political conflict;
- institualization of psychological aggression.
4. Information-psychological warfare management as internal element of information policy system, use of psychological warfare as a tool of external and internal political regulation.

Literature:
1. Manoilo A. V. State Information Policy under Peculiar Conditions: monograph. – Moscow, MIPR, 2003, 388 pages.
2. Manoilo A. V., Petrenko A. I., Frolov D. B. State Information Policy under Information-Psychological Warfare Conditions: monograph. – Moscow: Goryachaya Linia-Telecom, 2003, 541 pages.
3. Veprintsev V.B., Manoilo A. V., Petrenko A. I., Frolov D. B. Information-Psychological Operations. Means, methods, technologies: Short encyclopedia – itenary. - Moscow: Goryachaya Linia-Telecom, 2004, 495 pages.
4. Site INFOPOLOTICA: www.infopolitica.w6.ru
5. Veprintsev V.B., Manoilo A. V. Evolution of Forms and Methods of Geopolitical Competition in Information Space., Moscow: Russia and Europe: information collaboration in conditions of globalization. Analytical journal of Federal Council of Federal Council of the Russian Federation, 2004, ¹ 11 (231), a special edition, p. 62-72.

Kids get lesson on Internet predators

To the casual eye, they looked like nothing more than eager sixth-graders tackling a computer course.

Officer Tim Dickerson of the Camas Police Department knows better. "We know for a fact that you are prime targets for this kind of activity," he told the young students. That is, ready prey: for kidnapping, sex abuse, child pornography, or worse.

It got very quiet inside the old Camas High School library room about then. These were harsh words for 11- and 12-year-old ears. But the reality is equally grim, prompting Camas police and school leaders to launch an aggressive program, the first of its kind in Clark County, to educate parents and children on the growing menace of sexual predators on the Internet and how to defeat them.

Starting this month, every sixth-grade class in the Camas district is getting a one-day, six-hour session with Dickerson or his colleague, Kit Kanekoa. Their teaching tool is an interactive CD game requiring students to crack a child-abduction case. School officials have chosen to shelve sixth-grade D.A.R.E. substance-abuse training this year, in favor of the innovative Internet predator program. By next spring, all seventh- and eighth-graders at Skyridge Mid School will receive the same training. It also will become part of the standard Camas sixth-grade curriculum.

As part of the course, students return a signed, individual Internet Safety Plan crafted with parents that prescribes what happens at home should they be targeted with personal and sexual queries or sexual images, which are typical in the grooming process used by predators. Opening parents' eyes is every bit as crucial as raising children's awareness, Dickerson said.

"Parents think none of this can happen to their kids. It does," he said.

Police were weighing the program even before a Clark County 14-year-old was taken captive north of Camas last August by a man she had met on the Internet. She was found, beaten and abused, two weeks later in a house near Tacoma. The incident made the case for more training an easy one. After a meeting that drew about 40 parents, the school board gave its blessing to add the course.

"Tim told us now is the time for this to come up," said board President Marcia Johnson.

And sixth grade is the right time to reach students, most agree. They are diving into the Internet, text messaging and checking out chat rooms. While skeptical on many counts, they often remain naive and gullible in the area of new "friendships" with strangers they only think they know.

That's the core of the flashy "Missing" computer game devised by a Vancouver, B.C., company in 2000, now distributed by the Santa Ana, Calif.-based Web Wise Kids.

At least 340,000 students in 47 states have tried the game, offered at no cost to police and schools, thanks to federal grants and private dollars, a company spokeswoman said.

In the game, a character named Zack, who is unhappy at home, finds kinship with a 40-year-old passing himself off as Fantasma, a hip California kid. Fantasma has his own splashy Web site with photos of happy teenagers and pre-teens lounging at the beach.

A swap of personal data between the two leads to serious trouble. Soon Zack is living, then held captive, in San Diego with other abused and battered children exploited on a secret Web site aimed at pedophiles.

"Missing" players must crack word and number codes, use visual clues, and tap their computer and sleuthing smarts to help Zack's desperate father and detectives track down his abductor.

Visually lively and smart, the game engages problem-solving skills and appeals to girls and boys alike.

"Do we think these kids are there willingly?" Dickerson asked Nick Jaech and Evan Huegli, students at James D. Zellerbach Elementary School. He pointed out welts and bruises in the Web site photos indicating assault and abuse.

Nick and Evan were among the first to track down the suspect. But Nick later wondered aloud if anyone his age would really pose for a racy photo as one "victim" had.

"I would like to agree with you," Dickerson told the class during one of many discussion breaks built into the game. But sex slavery rings, drug deaths, even murders are outcomes police have come to expect.

"You need to understand, boys and girls, these kids never go home," he said.

Sherry Keene, Zellerbach school counselor, believes the training is right on.

"This is such a serious thing. I have kids coming and talking to me, having a computer in their room, unsupervised, getting into chat rooms," she said.

At the sixth-grade level, the lure of gossip and personal feedback is overwhelming, she noted.

The training is one part of the solution. Building trust between children and parents, however, is critical to prevention.

Studies show a majority of children exposed to threats never tell parents, for fear of losing their Internet privileges. Establishing trust and setting clear rules, in part so parents don't overreact, are top goals of the training, Dickerson said.

Home approval is needed for all Camas students taking the training. Counselor Keene said very few parents had opted out.

Another community briefing is planned before training for Skyridge students begins.

The Zellerbach pupils stayed attentive through the training.

"It was educational and fun, which is very rare these days," 11-year-old Alec Maier said matter-of-factly. "It was the best interactive thing I've done."

Kyle Erwin, 12, said, "Think twice when you're on the Internet." Chimed in Naseem Zarafshan, age 10, "You gotta be careful what you do."

HOWARD BUCK writes about schools and education. Reach him at 360-759-8015, or e-mail howard.buck@columbian.com.

Tips for keeping children safe from Internet predators

Parents: Monitor children's Internet use. Do not allow unsupervised chat room access or Web cam use. Better yet, deny all access in bedrooms. Draft an Internet safety plan that includes rules for handling sexually explicit or other suspicious contacts, and stick to it.

Children: Sign and follow the safety plan. When suspicious contacts are received, take the following steps: Turn off the computer and notify a parent or an adult. If appropriate, notify police, who might be able to trace the offender through computer files.

All users: Never submit private information, such as full name, address, name or address of school, birth date or Social Security data, without being certain of the recipient's identity. Save suspicious e-mails for police, when appropriate.

Fighting child porn online

In time of intensive global computerization humanity faced plenty of challenges, which have quickly turned into real threats to economic and social well-being.

Cybercrime and cyberterrorism can be included in list of threats. A phenomenon of cybercrime is so young as it is not well studied. Being a crime which has transnational nature, cybercrime requires special approaches.

Among of such widespread cybercrimes as infringement of the work of computers and computer networks, data theft, Internet fraud, blackmail and extortion, distortion of computer information, it is necessary to emphasize and mark out crimes related to manufacture and distribution of child pornography in the Internet.

Current statistics shows a popularity of such crimes. According to different sources child pornography is a 2-3 billion dollar a year industry.

We define the following Types of INCIDENTS related to child sexual exploitation.

- child pornography
- luring
- child-sex tourism
- child prostitution

Child pornography can consist of a child or children engaged in sexual behaviour alone or with one or more adults, or it could involve two or more children performing sexual acts, with or without adults being involved or being visible. Such imagery can range from sexualized photographs of a single child or children, or sexualized images of their genitals, though the most abject pictures of brutal anal or vaginal rape, bondage, oral sex, bestiality or other forms of degradation, sometimes involve too young children or babies.

According to current statistics 80% of those child pornography purchasers are active child molesters. Child pornographers usually range in age within 10-65.

Network monitoring carried out by law enforcement agencies shows that 1 in 5 children are contacted for sex while being online.
70% of convicted sex offenders use the Internet.

Over 90% of the child sexual abuse incidents are committed by someone known and trusted by the child or his/her family.

Web cameras
Paedophiles often use modern technical devices in their criminal activity. Web cameras are one of the new and admired electronic toys used by paedophiles and child molesters to gain immediate sexual gratification and exploit a young person. Most of the commonly used instant message programs have the capability of connecting a Web camera to the Internet for live videoconferences. Many of the programs have an icon letting other users know if there is a Web camera attached to another user’s computer.

The sexual abuser sits in the chat rooms and game areas where children are known to visit. They contact those children with a Web camera and coerce them into masturbating and posing in sexually lewd positions in front of their cameras. The sex offender may be viewing one child or may be viewing several at the same time. There can also be more than one offender viewing the same child.

Many of these offenders have hardware attached to their computers that enable them to capture the live broadcast and save it to his computer, a CD, or a videocassette.

Once the video is saved, the offender can view it again in the future, trade with others sharing the same interests, offer the video for sale or add it to a collection online and freely distribute it. Specialized movie editing software can be used to edit the video, make custom movies or combine other clips and make a longer movie.

Generally, children are remunerated between $10-$50 for one posing in front of web-camera.

There are known cases when teens made between $300-$500 per day displaying themselves in any position imaginable in front of those who are child pornographers wishing to capture new and fresh material for their own collections to trade with the thousands of others who share an interest in exploiting youth.

The Teen Model Web Sites
The use of the Internet for spreading child pornography is obvious. Webmasters are now involved in recruiting large numbers of young people as "teen models.” The Webmaster creates a membership Web site where he or she charges a set fee to those wishing to join. The fee is usually between $9.95-$19.95 per month. After the potential member pays his or her membership dues, he or she is then given access to the photos of the young teen or pre-teen models. The membership fee allows the member to view the images of children sitting in their underwear, posing in provocative positions and if they are wearing any clothes, they are very revealing clothes that most parents would not approve of their child wearing.

These Web sites display girls as young as seven years old posing provocatively in their underwear or swimwear. Some even go a step further and show the girls nude with their hands covering their private parts.

They enlist the help of the parents of these young people and obtain their permission to photograph or videotape children for their Web sites. Parents and young people are paid from $150 to $500 for allowing the photographer to take pictures or record videos of the children.

Most law enforcement agencies across the United States and other parts of the world consider the content of these sites to be art. The images seen on the public or non-member areas of these sites do not meet the federal guidelines for child pornography.

According to the owners of the Web sites, these are just young innocent girls, who would like to become professional models one day. With their images and portfolios online, talent scouts are more likely to discover them and the girls could actually become professional models one day and in the meanwhile, they can make some money too.

The site owners also claim that there is no connection between these innocent teen models and the adult pornography industry. They say that if anyone other than professional model seekers and talent scouts are looking at these girls with other thoughts in mind, it is their problem.

Hundreds of young people are become victims of sexual exploitation and prostitution with the use of the use of digital cameras and Web cameras.

Web Cams and Wish Lists
There are thousands of places on the Internet where a young person can set up a free Web page where they can post information about themselves, their interests, favourite music, teen idols and whatever else they would like to add. Once the Web page is created, links to other sites can be added. That's where the wish list comes in.

Just about every online retail store has created a feature where kids can select items that they would like to receive as gifts. These items are then added to a page where the items can be purchased by shoppers visiting the child's site and shipped directly to the young person or picked up at a local mall. The young person's address is usually shielded from view even though the shopper can see the city and state where the child resides. The primary purpose that the retail stores had in mind was to provide a way for the young person's friends or family to purchase the items that the kid wants most and increase sales from the Internet. One retail site that offered wish lists estimated that 10,000 teens have signed up since in just a few weeks generating over $100,000 in sales of products from the wish lists.

All of this is a great idea for teens with family out of town and it all looks very innocent on the surface. The problem begins when the Web cam is combined with the wish list. The paedophile or child molester contacts the teen and convinces him to perform a wide variety of sexually explicit acts on his or her Web cam, in exchange he purchases something on the young person's wish list. These live broadcasts almost always consist of at least nudity but more often the child is coached on how to masturbate and is told exactly what to do during a live broadcast.

The young person probably isn't able to comprehend the seriousness consequences of this activity until it is too late. He or she has no idea that these live shows are frequently recorded on the child pornographer's computer and later traded or sold to thousands of other child pornographers. Once the child has exploited himself or herself, the damage has already started and won't go away for a long time if it ever goes away.

The parents or other adults in the lives of these kids may not know anything about the wish list or the fact that their young person is sexually exploiting themselves publicly on the Internet. They only become aware of this activity when strange packages start arriving or the child is missing as a result of going to meet one of these predators in person.

Child Sex-Tourism
Sex tourism or, more specifically, travelling to a foreign country to engage in sexual activity with a child, has become a well-developed component of the commercial-sexual exploitation of children. It is an offence under the Criminal Code for a Canadian to engage in this activity. Glossy brochures, as well as web sites on the Internet, advertise packages for travellers complete with airfare, hotel, and directions to local brothels.

Child Prostitution
The Criminal Code contains several offences in relation to child prostitution:
1. Soliciting: Purchasing or offering to purchase sexual services from a person under 18 years. The purchase need not be for cash - the sexual services may be purchased with anything the sexual services may be purchased with anything (e.g. drugs, food, the promise of a ride home, etc.)
2. Procuring: Encouraging or forcing a person under 18 years of age to become a prostitute.
3. Living off Avails (Pimping): Obtaining income by requiring a person under 18 years of age to surrender all or part of the earnings made through prostitution.

Child Pornography has different legal definitions in different countries. The minimum defines child pornography as a picture that shows a person who is a child and who is engaged in or is depicted as being engaged in explicit sexual activity.

A major concern is, therefore, the ease with which pornographic material can be accessed, stored and disseminated on the Internet.

Images in a range of file formats can be stored on and transmitted between computers using the Internet. Such images can be created through scanning of photographs/slides or digital-capture on video at relatively low cost, converted into a standard image file format and displayed or transmitted to other like-minded individuals.

The Possession, Manufacture, and Distribution of Child Pornography
Under the Criminal Code of Canada, any of the following amount to child pornography:
1. A visual representation of a person under the age of 18 engaged in explicit sexual activity; or
2. A visual representation, the dominant characteristic of which is the depiction of a sexual organ or the anal region of a person under 18 years of age for a sexual purpose; or
3. Any written material or visual representation that advocates a sexual offence involving a person under 18 years of age.

However, the court is required to find the person not guilty if the representation or written material has artistic merit or an educational, scientific, or medical purpose.

Sex Offender Statistics
• There are approximately 400, 000 registered sex offenders in the US alone.
• Convicted rapists report that two-thirds of their victims were under 18 and 58% of those said their victims were age 12 or under.
• In 1994 only one third of the victims said that they reported being raped to a law enforcement agency.
• In 90% of the rapes of children under 12 years old, the offender knew the victim.
• 8 out of 10 rapists are released prior to trial.
• 61% of violent sex offenders have a prior record.
• 8 out of 10 sex assaulters reported that their victim was under 18. The median age of victims of imprisoned sex offenders was 13 years old.
• 24% of those serving time for rape and 19% of the ones serving time for sex assault were on probation at the time of arrest for rape or sexual assault.
• 28% of released rapists were rearrested within 3 years and charged for a new violent crime.
• 8 % of those are charged with another rape.
• Released rapists were found to be 10.5 times as likely as non-rapists to be rearrested for rape and those who served time are found to be 7.5 times as likely as those convicted of other crimes to be rearrested for a new sexual assault.

The governments of developed countries have already realized the urgency of problem of child pornography. According to researches it is possible to state that there is a relation of child and adult pornography to other grave organized crimes, such as international terrorism. Child pornography industry can be a financial support for terrorist groupings and committing terrorist acts. The transnational nature of this crime is obvious.

In this connection it is very important to develop an effective system of cooperation between various law enforcement agencies in child pornography on line investigation.

Nowadays, only the Criminal Search Department (Ministry of Internal Affairs) is engaged in fighting child pornography in Ukraine. However, there is a necessity to create special divisions on detecting and fixing offenders in the Internet, on collecting information on these crimes, criminal intelligence units, and analytical departments.

Thus, criminal intelligence units would collect the information on preparing crimes and committed crimes. There would be plenty of sources of the information on these crimes:

- on-line chats;
- web-sites;
- other open and secret sources.

The special department on verifying information would check it and continue collect evidences on this crime and would search the offenders.

The special technical support units would examine porno photos, video and other materials involving children for the authenticity. Hence, it is necessary to create special units possessing information on details represented in photos and video (furniture, clothes, accessories, surroundings) and capable to detect the place of shooting (region, country, etc.), and suppose a circle of suspected in producing and distributing child pornography, and paedophiles as well.

The critical issue is a definition of child pornography in the current criminal law. Unfortunately, Ukrainian Penal Code doesn’t define a responsibility and prosecution for such crimes as intention to involve children in sexual relations, storage of child pornography materials, viewing child pornography, etc.

Current penal legislation of Ukraine has a very narrow definition of actions related to child sexual abuse. In spite of the fact that there are several articles dedicated to child abuse in Criminal Code of Ukraine it is still hard to prosecute offenders in this state.

Criminal Code of Ukraine has the following articles providing responsibility for sexual crimes against children.

Article 301 «Import, producing, sale and distribution of the pornography». The third part of this article provides responsibility for compulsion minors to participate in porno scenes (video, photos, and computer programs). These actions are punished with 3-7 years imprisonment.

It seems the most felicitous article of Ukraine’s Criminal Code from the point of criminalization of criminal activity on creating porno materials involving minors. Unfortunately, it doesn’t cover all ways of this crime committing.

Article 152 «Rape», i.e. copulation using violence, threatening to use violence or using helpless position of a victim.

The third part of the article provides responsibility for minors’ rape, and the fourth part – for child rape. However, a qualificatory sign of this crime is using force. Frequently, child pornography is produced in consent with children, because they don’t realize what they do in full measure.

The same situation is in use of Article 153 of Criminal Code of Ukraine. «Violent obtaining of sexual satisfaction in unnatural ways». The second and the third parts of this article provide responsibility for such actions towards children and minors, if they caused grave consequences. Besides, frequently, there is no assault, as well as grave consequences.

Article 155 «Sexual intercourse with the person under the age of puberty». This action is punished with 3 years of imprisonment, if it caused sterility or other grave consequences.

Article 156 «Deprave of minors», i.e. depraving persons under sixteen years old. These actions are punished with confinement of freedom for 3-5 years, that is not enough for such crimes.

Thus, one of the main qualificatory signs of crimes against children is using violence or threatening to use violence, and causing the grave hurt to health. However, the majority of pornographic photos and videos involving children show the free-will and desire of children to enter in sexual intercourse. But these photos and videos are evidence of criminal activity and it is hard to accuse offender of crime against children in full measure, seeing victims not suffering from these actions.

Moreover, Criminal Code of Ukraine doesn’t provide the responsibility for forcing minors to have sexual intercourse with each other.

It is necessary to note that the main aspect in fighting child pornography and paedophilia is to provide responsibility for possession of child pornography. It is known that “supply is resulted by demand”.

Resources
[1] Criminal Code of Ukraine
[2] http://www.pedowatch.org/
[3] Criminal Code of Canada
[4] National Hi-Tech Crime Unit (United Kingdom)
[5] National Criminal Intelligence Service (United Kingdom)
[6] Ministry of Internal Affairs of Ukraine

A hacker story

Hacker Alexey Ivanov was lured to the United States and snared in a high-stakes cyber-sting. The FBI says he got what he deserved. But Ivanov says his gamble paid off. In the end, he got what he wanted all along

ALEXEY IVANOV'S job interview didn't go as well as he'd hoped.

Ivanov, then a 20-year-old computer programmer from Chelyabinsk, Russia, had flown to Seattle in November 2000 to apply for a job with a company called Invita Security. To the young Russian, Invita promised the dream job. The company was clearly entrepreneurial—entrepreneurial enough to seek out the services of this skilled hacker who worked in an abandoned factory halfway around the world. They even promised to pay his airfare and to pick him up at the Seattle airport. At Ivanov's suggestion, the company encouraged him to bring along a fellow programmer, Vasiliy Gorshkov. When the two Russians arrived, their Invita hosts explained what they were looking for: a few good hackers who could break into the networks of potential customers as part of an effort to persuade those companies to hire Invita to keep hackers out. Ivanov was familiar with the tactic.

As Ivanov, Gorshkov and two American business types sat at a table in a Seattle office, Gorshkov regaled the interviewers with tales of his hacking exploits, and Ivanov allowed himself to dream of a better life. He was exhausted: The trip from Chelyabinsk had taken nearly 48 hours, and he had not waited to arrive to start celebrating his good fortune. The interviewers asked their guests to demonstrate some of their skills, and the two Russians took turns logging in to their own network back in Chelyabinsk. Ivanov knew that he and Gorshkov were good, so when his hosts appeared to be impressed, Ivanov was not surprised.

The big surprise would come later, when the two Russians were being driven to their lodgings. The car stopped suddenly; the doors flew open, and Ivanov heard someone say: "FBI. Get out of the car with your hands behind your back."

It was then that he remembered something he had heard about America: It was the kind of place where anything could happen.

Ivanov and Gorshkov were charged with conspiracy, computer fraud, hacking and extortion. Gorshkov was jailed in Seattle, where his incriminating boasting took place. Ivanov was flown east, to Connecticut, to be tried in the home state of the Online Information Bureau—one of several companies whose servers he had breached.

The federal agents who arrested the Russians brandished a short catalogue of cybercrime allegations. They claimed that the Russians had tried to extort money from scores of U.S. companies, including Central National Bank of Waco, Texas; Nara Bank N.A. of Los Angeles; and a Seattle-based ISP called Speakeasy. As it turned out, most of the allegations were right on the money. Ivanov and Gorshkov had, among other things, tapped a database of an estimated 50,000 credit cards, and they were making good use of some of them. Gorshkov would be found guilty of all four crimes, sentenced to three years in jail and ordered to pay US$692,000 in restitution. He has since returned to Russia. Ivanov would eventually admit to hacking into 16 companies. He served three years and eight months in jail and owes more than US$800,000 in restitution.

THE DRAMA OF the Seattle sting is the stuff of suspense novels, but the courtroom machinations will more likely appear in law school lectures on international search and seizure. Today, with the smoke cleared, the most significant gain from the Ivanov case may be the legal milestones marked when courts upheld the right of federal agents to seize evidence remotely, and to charge foreign cybercriminals in U.S. courts. But despite those rulings, the case also leaves important cyberlaw questions unanswered—particularly in the area of uniform international rules for Internet search and seizure.

The United States of America v. Alexey V. Ivanov was touted as a major success story in the battle to protect American corporations from the menace of foreign hackers. For their work on the case, FBI agents Marty Prewett and Michael Schuler were awarded the Director's Annual Award for Outstanding Criminal Investigations. Still, most computer security experts understand that busting two reckless Russian hackers won't dent the many billions of dollars lost to cyberbandits operating overseas each year. Technology analyst firm IDC estimates that 65 percent of cyberattacks originate overseas; IDC also estimates that in 2003 U.S. corporations spent more than US$25 billion to keep hackers out of their databases.

For Alexey Ivanov, the story of his hacking, his crimes, his arrest and his release from prison ends in a place that he finds perfectly satisfactory. His goal, he says, had long been to come to the United States. And now he is here, living and working in New England. Ivanov says he started his U.S. job search in April 1999. He did it the way any sensible hacker living on the other side of the world would do it. "I went to Dice.com and downloaded a database from a job-seeking server," he says. "It was easy. I wrote some scripts, and in a few hours I was sending my résumé to 5,000 jobs."

Several prospective employers responded to his inquiries, he says, but none was willing to sponsor an unknown job candidate from Russia. "After that I decided to go a little bit the other way," he says. "I thought, Why don't I convince people about my skills, and in order for me to convince them, I have to demonstrate them. This is how I came up with the idea of hacking into companies."

Ivanov had good reason to think that such a tactic would pay off. Two years earlier, in December of 1997, he and a friend had hacked into the servers of a local Internet service provider and downloaded a database of user names and passwords. "When I notified the company," says Ivanov, "they offered me a job."

But that job, he says, paid poorly—only about US$75 a month—and he eventually joined a group of hackers who shared an appreciation for more entrepreneurial challenges. There, at a company called tech.net.ru, Ivanov learned the practice of "carding"—buying goods online with stolen credit cards.

At first, he says, it was books and CDs, ordered online from Amazon.com or Barnesandnoble.com. To avoid suspicion, the group would have the goods mailed to cities in neighboring Kazakhstan, where they would hire young women to receive the packages. Ivanov and others would travel to the distant cities, pick up the goods, and take them to Chelyabinsk. There, much of the merchandise found its way to legitimate shops, where the CDs were prized. The quality of the recordings was far superior to the shops' other CDs, which had been pirated in Bulgaria.

"At first, all of the activities at tech.net.ru were illegal," he says. "Then we came up with the idea that we would look less suspicious if we established some legal business, so we started designing webpages."

They also started hacking into any sites that looked vulnerable. For the Russians, each hack presented a new challenge and, in most cases, a new victory. Some of those victories paid off in cash, and all of them offered the satisfaction of winning. They were beating a system, and they were outsmarting the smartest security guys in the country that considered itself technologically superior to all others. For a hacker, there was nothing better.

PayPal provided the Russians with one of their more satisfying conquests, if not one of the more lucrative. Ivanov claims to have masterminded the PayPal scam. The first step, he says, involved placing scripts on eBay that collected the e-mail addresses of PayPal customers. Then, using the domain name "PayPaI," with an uppercase "I" instead of a lowercase "L," Ivanov set up a mirror site that was a replica of PayPal. Ivanov and his cohorts then sent e-mails to PayPal customers, offering them a gift of US$50, for which they had only to enter their passwords on the bogus site. The scammers simply sat back and collected the password harvest.

"We weren't really malicious," he says. "We could have sent it to thousands of people, but we only sent it to 150. We got about 120 passwords. We did that mainly for fun."

Despite its limited application, the PayPal scam provided proof of concept and emboldened Ivanov and his group to set their sights on a higher prize.

After shopping on eBay for more than a year, the hackers were convinced that the sellers of more expensive items would not deal with unknown buyers living on the other side of the world. And they wanted to buy more expensive items. "We were buying things for a shallow five hundred bucks," says Ivanov. "We wanted to get up to like five thousand bucks."

It so happened that eBay had a function that would help them do that. The site's "rate the buyer" feature could reassure sellers that the Russians were trustworthy. All they had to do was get inside and manipulate the numbers. (Hani Durzy, an eBay spokesman, says that while it may now be possible for hackers to manipulate such interactive features, that won't be the case for long. Durzy says the company is developing technology that will identify the kind of malicious code used in such hacks.)

For Ivanov and his fellow hackers, the summer and fall of 2000 was a time of plenty. A promising revenue stream had begun to flow from their freelance security services. The business model was simple and hardly unique. Ivanov and his cohorts would hack into supposedly secure networks in the United States, inform the network administrators of the hack, and offer to fix the networks' vulnerabilities for a
. hack, and offer to fix the networks' vulnerabilities for a price. Ivanov says he persuaded three companies that he could help them patch vulnerabilities in their networks. He did this, he says, and they paid him cash, from US$80 to US$4,000. One of those companies, the Seattle-based CTS, also gave Ivanov storage space on its servers. Ivanov says a fourth company promised to pay but did not. That company, he says, later suffered from the destruction of data.

Ivanov was also working on a way to transfer money from one bank to another and had recently cracked the security of an online casino. The hackers were working hard, up to 16 hours a day, he says. But it was paying off. In a six-month period, says Ivanov, they scammed US$150,000. It was a very exciting time, he says. The Internet had delivered to him, in a polluted factory city in the Ural Mountains, the promise of both untold riches and untold challenges. Ivanov wasn't sure which he liked best.

At the same time, he was wrestling with a major personal decision. In June of 2000, he had received an e-mail from a company in Seattle. The company had challenged him to hack into its site. When Ivanov did that, the strangers asked if he would consider relocating to Seattle. The company said it was in the market for "security talent," a deliberately vague phrase that could easily be read to mean "hacker." Ivanov appeared to have the kind of talent they were after.

He knew that in the long run, the Seattle job could be even more rewarding than his eBay "rate the buyer" scam. So in November, with the eBay function not quite ready to go, he said good-bye to his family and boarded a plane for Seattle. Once he was in his seat, he says, he started ordering drinks. He was pleased to be bound for a new life in a new country with a new job for a company with the curious name of Invita Security.

WHEN FBI AGENTS, posing as Invita employees, watched Ivanov and Gorshkov demonstrate their skills, they were learning more than the two Russians knew. The agents had placed a "sniffer" on the computer keyboard, and as the Russians typed the user names and passwords needed to get into the network of tech.net.ru, the device recorded the keystrokes. With that knowledge, the FBI was able to download some 2,700MB of data to be used as evidence.

The agents had a very good idea of what they were looking for. The FBI had been contacted by several companies that believed they had been targeted by something called the Expert Group of Protection Against Hackers. The organization, made up of dozens of hackers in several Russian cities, operated the same way Ivanov did, exploiting a vulnerability in Microsoft NT server software to break into the networks of U.S. corporations. At first, the feds believed that Ivanov and Gorshkov were part of the group, and that they might be working with the Russian mob; the government has since backed off those allegations.

The FBI's download, the cornerstone of the government's case against the hackers, did not go unchallenged into the federal courts, or, for that matter, into the annals of U.S.-Russian relations. When the FBI broke into the Russian computers, they did so without two important sanctions: One was the permission or cooperation of Russian authorities; the other was a search warrant, which was not acquired until three weeks after the download. Whether the Justice Department attempted to coordinate the investigation with Russian authorities remains a subject of dispute. Federal agents have testified that they attempted to work with Russian authorities, but that their communications went unanswered. The Russians say there was no such effort and claim the download violated a 1997 agreement among G-8 nations that mandates "investigation and prosecution of international high-tech crimes must be coordinated among all concerned states, regardless of where harm has occurred." Russian authorities have reportedly issued arrest warrants for the agents involved.

Once it entered the federal court system, the case against Vasiliy Gorshkov moved quickly to conclusion. Gorshkov was tried in Washington state, where U.S. District Judge John C. Coughenour was unreceptive to arguments that the FBI overstepped its search and seizure authority. In Coughenour's opinion, the data on computer drives in Chelyabinsk was not protected by the Fourth Amendment. The decision meant that federal agents had the right to break into computers in other national jurisdictions, as long as it was for purposes of law enforcement. It also meant that Gorshkov had little hope of beating the rap. And he didn't.

Ivanov's legal journey would follow a different path. Because one of the companies he offered to "help" was based in Connecticut, his case was moved to Hartford. A veteran defense attorney named C. Thomas Furniss was appointed to represent Ivanov. Furniss brought on board a young lawyer and former technology worker named Morgan Rueckert. Rueckert was intrigued by the case, which he suspected would test some of the nascent limits of cyberlaw.

"This was the first case in which the government used methods like these," explains Rueckert. "They set up a fake company and then solicited a job application. They used that method to bypass what you could call a deficiency in extradition agreements."

Rueckert believes that the warrantless search of Ivanov's computer in Russia was also a first. In defending that search, prosecutors claimed that if they had not acted swiftly—more swiftly than the time it would take to get a warrant—the incriminating data would have been destroyed. While that may be true, says Rueckert, the government also failed to get a warrant when it asked CTS to hand over the data that Ivanov had stored on its servers.

"In that instance," says Rueckert, "the government may have violated the Electronic Communications Privacy Act."

While Rueckert examined the privacy issues, defense lawyer Furniss fixed on a larger target. His first motion was to dismiss on the grounds that the government lacked jurisdiction. The question is, says Furniss, "Does Congress intend the criminal statute...to be applied extraterritorially? It's an interesting question and some of the law in this area goes back to the 1700s, when pirates were attacking U.S. ships. In fact, as I read them, the Computer Crime statutes before 1996 really could not be said to reflect that intent, but there have been some amendments."

Curtis Karnow, a partner at the law firm of Sonnenschein Nath &Rosenthal and an expert on extraterritorial jurisdiction, says Furniss's motion was a good one, a sensible tactic that is often tried but never works. As it turned out, it didn't work with U.S. District Judge Alvin Thompson either. And it didn't much matter, once the prosecution pointed out that Ivanov had, for some of his exploits, used at least one proxy server located in the United States. It was all Judge Thompson needed to hear. For this case at least, the defendant had effectively perpetrated criminal acts within the United States. That ruling, along with several other issues (such as the prospect of four more trials in other jurisdictions), persuaded Ivanov and his legal team that a guilty plea would be the best way out.

Rueckert agrees that a plea was a good choice for his client, even if it did leave unresolved some important issues of privacy, cyberlaw and the modus operandi of law enforcement. "Number one," he says, "is about the way the government got data from CTS. The issue there is the individual's expectation of privacy concerning data that is stored remotely. What process should the government have to obtain access to this kind of data? Secondly, should the government be required to obtain a search warrant, and should the defendant be given legal protections? What kind of notice should the government give? There is also the issue of the method the government used to [ensnare Ivanov]. I think that the method they used offended a lot of people outside the United States. All of these issues are important."

As significant as those legal issues are, Rueckert admits that for him, the most captivating aspects of cybercrime are psychological. "The thing that fascinated me here," he says, "was that in Internet crimes you can have a kid, basically, sitting in his basement halfway around the world, and with the click of a mouse, he can cause incredible concern, fear and economic damage all across the country. And the person who is doing it doesn't really see the results. It can be very easy for someone like that to view what they're doing as a game."

Alexey Ivanov doesn't disagree. Hacking was a challenge, and challenges are always fun. It was also, in a strange and roundabout way, a means to what Ivanov says is a happy ending.

Cyber-safety or cyber-snooping?
Software shows parents what kids are doing online

Wendy Miller tracks her daughter's every cyberspace move.

She knows when the 13-year-old logs on to one of her favorite sites: www.mtv.com or www.neopets.com, and how long she dallies there. And she knows when her eighth-grader scours the Web for lyrics to the latest Avril Lavigne song or fan sites devoted to heartthrob Hayden Christensen, who played Anakin Skywalker in Episode II, Attack of the Clones.

Miller, 39, a single parent in Fort Lauderdale, is not clairvoyant. She's part of a generation of plugged-in parents who increasingly rely on high-tech software to monitor what their children are doing online -- and with whom.

''I just need to know she's not doing inappropriate things or using inappropriate language,'' Miller said. ``The main thing is that she doesn't wind up being a statistic.''

Parents have long tried to keep tabs on their children's activities, from eavesdropping on phone calls and snooping in diaries to chaperoning school dances. But worried mothers and fathers are now importing computerized surveillance tools from the workplace into their own homes -- deploying child-protection software on their offspring (or occasionally on a cheating spouse).

''It's designed to do what parents do already in the real world,'' said Bob DeMarco CEO of I.P. Group, the maker of software called Watch Right, which monitors and records for review an AOL user's e-mail, chat, instant messages and websites visited.

Widely available for purchase on the Web, child-protection software ranges in simplicity from parental controls that filter objectionable language and content to products that forward exact copies of both sides of a child's e-mails, instant messages, chats and keystrokes moments after they are executed. With names such as Watch Right, Cyber Sentinel and eBlaster, the programs tout peace of mind in a downloadable file. Programs can cost up to $99.95, but some dial-up services include protection in their monthly fee.

In the era of Amber alerts, channeling parental anxiety helps the corporate bottom line. Although software makers declined to release specific sales figures, Security Software Sytems has sold almost two million units of Cyber Sentinel -- a $39.95 site- and service-blocking software -- in the past four years, according to company president Dan Jude.

Software makers credit increasing parental knowledge and acceptance of their products.

''I think parents are becoming more and more aware,'' DeMarco said. ``We've tried to design a software to give them eyes and ears so they can see what [their children] are doing.''

NO REPLACEMENT

Still, law-enforcement officials -- and family counselors -- say high-tech eavesdropping should supplement traditional parenting, not replace it.

''Our suggestion is the parent is the best monitor,'' said detective Robert Williams, a spokesman for the Miami-Dade Police Department. ``When your child is on the Internet, you should be there to monitor what's being disseminated.''

Parents also should keep the computer in a common room, not the child's bedroom, and ask their children who they are chatting with online, according to James Doyle, president of Internet Crimes and a former sergeant with the New York Police Department's computer-crimes unit.

''Really, the answer is education, awareness, and then technology,'' Doyle said. ``Because unfortunately, the computer becomes a new baby sitter.''

Children left alone at home after school may be vulnerable to advances from sexual predators, law-enforcement officials say.

''People that prey on kids are looking for latchkey kids, single-parent kids, kids who indicate online they feel misunderstood or unloved,'' said Florida Department of Law Enforcement Special Agent Don Condon. ``Kids are just extremely vulnerable when they're talking online.''

SETTING LIMITS

Busy parents such as Miller -- and even stay-at-home moms and dads -- say even if they wanted to, they do not have the luxury of looking over their children's shoulders every time they surf the Web or enter a chat room.

Miller, for example, has set limits.

She prohibits her daughter from entering chat rooms and using instant-messaging. Also, concerned by the amount of time her daughter spent online, she limits her usage to one hour per day during the week (down from two).

Still, when Miller is at work or traveling for business, she cannot keep tabs.

Just over a year ago, she turned to eBlaster, which generates a report every half-hour on her daughter's e-mails and Web surfing -- without blocking access to sites containing words such as ''sex'' that she might need for homework.

''Because of her age and maturity, I didn't want to lock down her computer,'' Miller said. ``I thought it was a little too invasive.''

Miller reviews the reports, which she receives by e-mail, at the office or on the road. So far, they have not triggered any alarm bells.

''She doesn't go to any strange sites,'' Miller said. ``She does normal kid stuff.''

PRICE TO PAY

Still, Miller's peace of mind may come at a price: she has not told her daughter about the extent of her cyber-snooping, Miller said. Her daughter knows only that Miller's employer, which pays for their Internet access, monitors their usage for inappropriate language and content.

One psychologist suggests that parents disclose their snooping up front, reminding their children they care about them and want to protect them.

''That way there's no breach of trust,'' said Margaret Crosbie-Burnett, a professor of counseling psychology at The University of Miami. ``That's the big issue.''

Miller, who knows she has fudged the truth, says she can live with the consequences if her daughter finds out.

''I'm probably going to get totally busted for this,'' Miller said. ``But that's OK, because she gets an A-plus for her usage.''