15 August 2000
Source: Fax from the U.S. Attorney, Southern District of New York.
Press Release
United States Attorney
|
|
____________________________________________________________ |
FOR IMMEDIATE RELEASE CONTACT: U.S. ATTORNEY'S OFFICE AUGUST 14, 2000 MARVIN SMILON, HERBERT HADAD PUBLIC INFORMATION OFFICE (212) 637-2600 PAUL B. RADVANY (212) 637-2337 JOSEPH V. DE MARCO (212) 637-2203 FBI JOSEPH A. VALIQUETTE (212) 384-2715 JAMES M. MARGOLIN (212) 384-2720 PRESS RELEASE MARY JO WHITE, the United States Attorney for the Southern District of New York, and BARRY W. MAWN, the Assistant Director in Charge of the New York Office of the Federal Bureau of Investigation jointly announced that OLEG ZEZOV, a/k/a "Oleg Zezev," a/k/a "Oleg Dzezev," a/k/a "Alex," and IGOR YARIMAKA, who are citizens of Kazakhstan were arrested on August 10, 2000 in London, England for allegedly breaking into Bloomberg L.P.'s ("Bloomberg") computer system in Manhattan in an attempt to extort money from Bloomberg. ZEZOV and YARIMAKA are charged in separate three-count Complaints unsealed today. They are each charged with one count of interfering with commerce by using extortion; one count of extortion of a corporation using threatening communications; and one count of unauthorized computer intrusion. According to the complaints, ZEZOV gained unauthorized access to the internal Bloomberg Computer System from computers located in Almaty, Kazakhstan. In or about the Spring of 1999, Bloomberg provided database services, a system known as the "Open Bloomberg," to Kazkommerts Securities ("Kazkommerts") located in Almaty, Kazakhstan. ZEZOV is employed by Kazkommerts and is one of four individuals at Kazkommerts associated with Kazkommerts' contract with Bloomberg. In addition, according to the Complaints, ZEZOV sent a number of e-mails to Michael Bloomberg, the founder and owner of Bloomberg, using the name "Alex," demanding that Bloomberg pay him $200,000 in exchange for providing information to Bloomberg concerning how ZEZOV was able to infiltrate Bloomberg's computer system. As described in the Complaints, Michael Bloomberg sent an e-mail to ZEZOV suggesting that they meet. ZEZOV allegedly demanded that Michael Bloomberg deposit $200,000 into an offshore account. Bloomberg established an account at Deutsche Bank in London and deposited $200,000 into the account. According to the Complaint, Michael Bloomberg suggested that they resolve the matter in London and ZEZOV agreed. As described in the Complaint against YARIMAKA, on August 6, 2000, YARIMAKA and ZEZOV flew from Kazakhstan to London. On August 10, 2000, YARIMAKA and ZEZOV met with officials from Bloomberg, L.P., including Michael Bloomberg, and two London Metropolitan police officers, one posing as a Bloomberg, L.P. executive and the other serving as a translator. At the meeting, YARIMAKA allegedly claimed that the was a former Kazakhstan prosecutor and explained that he represented "Alex" and would handle the terms of payment. According to the Complaint, YARIMAKA and ZEZOV reiterated their demands at the meeting. Shortly after the meeting YARIMAKA and ZEZOV were arrested. On August 11, 2000, YARIMAKA and ZEZOV were presented to a British Magistrate in Magistrate's Court in London, where they were held without bail. The United States will seek their extradition. If convicted, YARIMAKA and ZEZOV each face up to 20 years in prison on the interference with commerce by using extortion charge; 2 years in prison for the extortion of a corporation using threatening communications charge; and 1 year in prison for the unauthorized computer intrusion charge. Each defendant faces a fine of the greatest of $250,000, twice the gross pecuniary gain derived from the offense, or twice the gross pecuniary loss to persons other than the defendant resulting from the offense, for each count. Ms. WHITE praised the investigative efforts of the Federal Bureau of Investigation, the Metropolitan Police of the New Scotland Yard and the Kazakhstan authorities. Ms WHITE expressed her appreciation to Michael Bloomberg and Bloomberg, L.P. for their cooperation. The investigation is continuing. Ms. WHITE stated: "The Internet is not a safe haven for criminals. As this case demonstrates, through the cooperation of foreign law enforcement officials and American businesses, hackers who use the Internet to extort American businesses, and gain access to restricted computer systems, will be apprehended and dealt with vigorously no matter where in the world they are located." Mr. MAWN stated: "This investigation and these charges should dispel the notion that using a computer to commit criminal acts literally a world away from one's victim provides a zone of safety from law enforcement scrutiny. In fact, the growth of computer related crime in recent years has resulted in a closer coordination among law enforcement agencies around the world. This investigation demonstrates the cooperation of both American business entities and our international law enforcement partners to address 21st century crime." OLEG ZEZOV, 27, and IGOR YARIMAKA, 37, live in Almaty, Kazakhstan. Assistant United States Attorneys PAUL B. RADVANY and JOSEPH V. De MARCO are in charge of the prosecution. The charges contained in the Complaints are merely accusations, and the defendants are presumed innocent unless and until proven guilty. 00-131 ###
[Oleg Zezev Complaint; 10 pages.]
Approved:
[Signature]
Paul B. Radvany
Assistant United States Attorneys
Before:
HONORABLE ANDREW J. PECK
United States Magistrate Judge
Southern District of New York
- - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - -
UNITED STATES OF AMERICA -v-
OLEG ZEZOV, . a/k/a "Oleg Zezev," a/k/a "Oleg Dzezev," a/k/a "Alex," Defendant. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
x
: : : : : x |
SEALED COMPLAINT
Violations of:
COUNTY OF OFFENSE: |
SOUTHERN DISTRICT OF NEW YORK, ss.:
BRIDGET LAWLER, being duly sworn, deposes and says that she is a Special Agent with the Federal Bureau of Investigation, and charges as follows:
COUNT ONE
(Interference With Commerce By Threats)
1. From on or about March 27, 2000, up to and including on or about the date of this Complaint, in the Southern District of New York and elsewhere, OLEG ZEZOV, a/k/a "Oleg Zezev, " a/k/a "Oleg Dzezev," a/k/a "Alex," the defendant, unlawfully, knowingly, and willfully did attempt to obstruct, delay, and affect commerce, as that term is defined in Title 18, United States Code, Section 1951(b) (3), and the movement of articles and commodities in commerce, by extortion, as that term is defined in Title 18, United States Code, Section 1951(b) (2), to wit, the defendant threatened publicly to disclose confidential information belonging to Bloomberg L.P., a multinational financial data provider doing business in interstate and foreign commerce, and Bloomberg L.P.'s clients, and to disclose information that OLEG ZEZOV, a/k/a "Oleg Zezev," "Oleg Dzezev," a/k/a "Alex" believed would cause economic harm to Bloomberg L.P.'s reputation if Bloomberg L.P. did not pay him hundreds of thousands of dollars.
(Title 18, United States Code, Section 1951.)
COUNT TWO
(Extortion)
2. From at least on or about March 27, 2000, up to and including the date of this Complaint, in the Southern District of New York and elsewhere, OLEG ZEZOV, a/k/a "Oleg Zezev," a/k/a "Oleg Dzezev," a/k/a "Alex," the defendant, unlawfully, knowingly, and willfully and with intent to extort from a firm, association, and corporation, money and other things of value, did transmit in interstate and foreign commerce communications containing threats to injure the property and reputation of the addressee, to wit, OLEG ZEZOV, a/k/a "Oleg Zezev," a/k/a "Oleg Dzezev," a/k/a "Alex," the defendant, in order to obtain hundreds of thousands of dollars from Bloomberg L.P., threatened publicly to disclose confidential information of Bloomberg L.P. and its clients, and to disclose information that OLEG ZEZOV, a/k/a "Oleg Zezev," a/k/a "Oleg Dzezev," a/k/a "Alex," the defendant, believed would cause economic harm to Bloomberg L.P.'s reputation.
(Title 18, United States Code, Section 875(d).)
COUNT THREE
(Unauthorized Computer Intrusion)
3. In or about March 2000, in the Southern District of New York and elsewhere, OLEG ZEZOV, a/k/a "Oleg Zezev," a/k/a "Oleg Dzezev," a/k/a "Alex," the defendant, unlawfully, knowingly, and intentionally, in conduct involving interstate and foreign communications, accessed a protected computer without authorization and exceeded authorized access, and thereby obtained information from such protected computer, to wit, the defendant accessed computers owned and maintained by Bloomberg L.P., and thereby obtained credit card and other personal information regarding Michael Bloomberg residing on such computers.
(Title 18, United States Code, Section 1030(a)(2)(C).)
The basis for my knowledge and for the foregoing charges are as follows:
I. Background -- the Internet
1. I have been employed as a Special Agent with the Federal Bureau of Investigation ("FBI") for approximately two years; and I am currently assigned to the Computer Crimes Squad. My duties as a member of that squad include the investigation of, among other things, extortion committed through the Internet, in violation of 18 U.S.C. §§ 875(d) and 1951, as well as unauthorized intrusions into computers, in violation of 18 U.S.C. § 1030(a)(2)(C). I am familiar with the facts and circumstances of this investigation, including the facts and,circumstances set forth below, from my personal participation in the investigation, from my review of various documents, including e-mails and faxes sent to and from Bloomberg L.P, 's ("Bloomberg") office in New York, New York, and from my conversations with other individuals, including other law enforcement officers and representatives of Bloomberg. Since this affidavit is being submitted for the limited purpose of establishing probable cause, I have not included details of every aspect of this investigation. In addition, where conversations, statements, or e-mails are related herein, they are related in substance and in part except where otherwise indicated.
2. As part of my training as an FBI Special Agent, I have become familiar with the Internet, which is a network of computers that individuals and entities can use to gain access to a wide range of information. Among the services available through the Internet is the ability to communicate with others through electronic mail, or "e-mail," and to transmit computer data and computer programs from one computer to another. An individual who wants to perform these activities must first obtain an account with a computer that is linked to the Internet for example, through an employer or a commercial service (such as an "Internet Service Provider" or "ISP", or companies which have contracted with ISPs) . The ISP assigns to each subscriber an account name or number, a mailbox and a personal password selected by the subscriber. By using a computer equipped with a modem or similar device,1 the subscriber can establish communication with an ISP over a telephone line, and access the Internet by using his or her account number and personal password. Once the individual accesses the Internet, he or she can send and receive e-mails. Based on my training and experience, I am aware that typically, in addition to the text of the communication itself, an e-mail message includes a portion, (known as a "header") which indicates various information concerning the e-mail, for example, the date and time the e-mail was sent; the e-mail address from which it was sent; and the e-mail address to which it was sent. Typically, the sender's e-mail address consists of a name combined with the name of the ISP or other entity providing the user with access to the Internet. Based on my experience investigating computer crimes, I am aware that individuals who use Internet e-mail in connection with committing crimes, rarely identify themselves by their true names. More specifically, I am aware that a number of companies which provide e-mail services permit their clients to open e-mail, accounts using names which they select. MSN Hotmail Corp. ("Hotmail"), the e-mail provider used by the defendant in this case, is one such company. As described below, in this case, the individual or individuals communicating with Bloomberg has used two names: - "bloomberg_mike@hotmail.com" and "alexalex65@hotmail.com".
____________________
1 A modem is an electronic device that allows one computer to communicate with another through a telephone line. Based on, my training and experience, I am aware that virtually all Internet communication, including the communications referenced in this Complaint at some point travel over telephone lines and cables.
3. Based on my training and experience, I am aware that when data is prepared for transmission across the Internet, the data is electronically "stamped" with a numeric identifier known as an "IP address." This IP address specifically identifies the source computer and destination computer, I am also aware that IP addresses are frequently grouped together by the registered owners in so-called "domains", and that a list of domain assignments in Europe and Asia is maintained by an entity known as the Ripe Network Coordinating Centre ("RipeNet").
II. The Computer Intrusion and Extortion
4. On or about March 27, 2000, a Special Agent of the FBI was informed by a representative of Bloomberg that, on or about March 24, 2000, an individual sent an unsolicited e-mail via the Internet from the address "bloomberg_mike@hotmail.com" to Michael Bloomberg, (who I know to be the founder and owner of Bloomberg), at Bloomberg's corporate offices in New York City.2 The e-mail contained an attachment, which consisted of a letter addressed to "Mr. Bloomberg" from a person who identified her/himself as "Alex." In this letter, "Alex" described her/himself as someone who was "not a criminal" but, rather, "intended to help you understand some drawbacks of your system. According to "Alex", these drawbacks included the fact that the Bloomberg Traveler was unprotected from the standpoint of computer security; for example, "Alex" stated that s/he had gained access to the Bloomberg system and (1) had obtained access to all Bloomberg functions, (2) had obtained user passwords of various Bloomberg senior employees, including Michael Bloomberg, and (3) was able to send and receive e-mail on behalf of, and in the name of, any Bloomberg user. In the letter, "Alex" also stated that s/he could "prove [his] words with . . . pictures of Bloomberg screens. "Alex" further stated that s/he was not a "terrorist", but "hope[d] that you'll find my information valuable and kindly propose adequate payment. I could give the professional advice to your programmers on how to protect the [Bloomberg] system." While "Alex" noted that Bloomberg "c[ould], refuse my help," s/he closed the letter by stating "[y]our security and reputation are in your hands."
____________________
2 Based on conversations a Special Agent of the FBI has had with Bloomberg representatives, I am aware that Bloomberg provides financial data and information services to various clients. Bloomberg provides these services to its clients through various channels, including through stand-alone computer terminals connected to the Internet, which Bloomberg leases to its clients. Bloomberg also provides its services to its clients through a product known as the "Bloomberg Traveler" which is a smaller, more portable version of a Bloomberg terminal, as well as through a product known as the "Open Bloomberg", which consists of proprietary Bloomberg software that enables a user to utilize their own computer to access Bloomberg's databases via the Internet.Based on conversations a Special Agent of the FBI has had with Bloomberg officials, I am aware that Bloomberg is an international company, with offices and affiliates around the world and that Bloomberg'is engaged in significant international and interstate commerce.
5. Thereafter, on or about March 27, 2000, an individual sent a multi-page fax to Bloomberg in New York City. The fax consisted of printouts of what a Special Agent of the FBI recognized to be Bloomberg screens. Among other things, these printouts included screens containing personal information concerning Michael Bloomberg, such as his employee I.D. photograph; his computer username and password at Bloomberg; and his credit card numbers. A Special Agent of the FBI was informed by Bloomberg officials that while this data is maintained on Bloomberg computers -- including at least one computer located in Manhattan, New York -- it is accessible only to certain authorized persons at Bloomberg, and is not among the data available to Bloomberg's clients.
___________________
3 Based on my experience investigating high-technology offenses, I have become familiar with various database services including Bloomberg's and am familiar with the format and layout of Bloomberg's "screens"; I am also aware that when a Bloomberg user's computer is connected to a printer, many of the screens which are viewable can be printed.
6. On or about March 27, 2000, acting at the direction of the FBI, Michael Bloomberg sent a reply e-mail via the Internet to the address "bloomberg_mike@hotmail.com". In that e-mail, Michael Bloomberg stated that he was interested in obtaining the information being offered, and inquired as to how to arrange payment for that information.
7. Thereafter, in an e-mail dated March 27, 2000, addressed from "bloomberg_mike@hotmail.com" and sent to Michael Bloomberg at Bloomberg via the Internet, Bloomberg was informed that it had already been provided with valuable services. The author of this e-mail (who was not identified other than by his Internet address) stated that if Bloomberg was ready to pay for that service, it "must estimate my service and precisely offer me the sum. If I agree with the sum -- you pay and we work further with your system. If I not agree we terminate negotiations."
8. Thereafter, in an e-mail dated April 3, 2000, addressed from "bloomberg_mike@hotmail, com", and sent to Michael Bloomberg in New York via the Internet, Bloomberg was told by the author (who here identified him/herself as "Alex") that they had "already done a great job analising [the Bloomberg] system." The author valued his services at "USD 200,000."
9. Thereafter, in an e-mail dated April 4, 2000, addressed from "bloomberg_mike@hotmail.com, and sent to Michael Bloomberg in New York via the Internet, Bloomberg was told by the author (who identified him/herself in the e-mail as "Alex") that there was a problem with the "bloomberg_mike@hotmail.com" mailbox, and that future a-mails should be sent to the address "alexalex65@hotmail.com". On or about April 6, 2000, acting at the direction of the FBI, Michael Bloomberg or one of his employees, sent an e-mail to "Alex" at the address "alexalex65@hotmail.com". In that e-mail, Michael Bloomberg suggested that he and "Alex" meet in person.
10. Thereafter, in an e-mail dated April 10, 2000, addressed from "alexalex65@hotmail.com", and sent to Michael Bloomberg in New York via the Internet, the author (identified as "Alex") stated that s/he was "ready to enter into negotiations with [Bloomberg] personally and your (computer) specialist-developers," and asked "what warranties of my security can you give from your side after you know my real name."
11. Thereafter, on or about April 17, 2000, Michael Bloomberg received an e-mail addressed from "alexalex65@hotmail.com" stating, among other things, the following:
Okay Mike, I understand that while we carry out useless correspondence, your [computer) specialists are trying to fix holes in the (Bloomberg) system. It is clear that you are extending time. But time is already lost. You have allowed serious leakage of information.I am tired of watching the actions of your programmers while I could suggest the reliable and manageable protection and control space. . . .
Did you calculate [ ] how much you already paid And, will pay to the army of programmers for the creation of a toy for hackers?4
Mike, why don't you want to pay me for done job. I am confident that should you wish it's always possible to find justification for paying me due award.
I have all evidences that BLOOMBERG system threatens business of its clients.
Using these evidences, I can inform the world on this danger giving the necessary arguments, including our correspondence . . . .
I am honest and well-intentioned person as far as you could see. But I can't give up my principles and in any case will get my money for done job."
____________________
4 Based on my experience investigating computer crimes, I am aware that persons that engage in unauthorized computer intrusions are often referred to colloquially as "hackers."
The author of the e-mail went on to direct Bloomberg (1) to open a bank account with an offshore bank; (2) to deposit $200,000 into that account; and (3) to communicate the name of the bank as well as pertinent account information so that the author could verify that the funds had been deposited. The author of the e-mail also stated that once s/he had verified the deposit, negotiations could continue. The e-mail goes on to-state:
"You will have 48 hours' after the receipt of th[is] e-mail for making the payment.I've written a report containing copies of confidential information of your firm and your clients.
I guarantee that after I get the money I will destroy all materials.
In case of non-payment I'll send the report to your clients.
They will he very surprised of the reliability of your system which you undertook to guarantee
Besides, I'll send the information to independent expert agencies dealing in testing software as well as to all popular mass media in the world.
They all will help you to resolve the problems for good."
12. On or about April 19, 2000, acting at the direction of FBI agents, Michael Bloomberg or one of his employees, sent an e-mail to "alexalex65@hotmail.com stating that an account would be opened at a branch office of Deutsche Bank in London (the "Branch") for the purpose of wire transferring the payment demanded by "Alex." Among other things, the e-mail provided the Branch address and main telephone number; the name of a Branch employee responsible for the account (the "Branch Employee"); and the Branch Employee's unique, "direct-dial" telephone number at the Branch. The e-mail also invited the recipient to call the Branch Employee and confirm the deposit of funds into the account.5
____________________
5 A Branch Employee informed the FBI that in or about early May, 2000, he received a telephone call at his direct-dial telephone number at the Branch from an unidentified female caller. In that call, the caller -- speaking English with a foreign accent -- sought verification that funds were on deposit in the Account. The Branch Employee informed the caller that funds had been deposited into the Account, but could not be withdrawn or transferred. Telephone records of cellular calls placed from a cell phone registered to Elena Gorokhova, the defendant, reflect that a call was placed from her cell phone to the Branch Employee's direct-dial telephone number at the Branch on or about May 8, 2000. Gorokhova has been charged in a sealed complaint. Pursuant to that complaint, an arrest warrant has been issued.
13. On or about April 19, 2000, Bloomberg opened an account (the "Account") at the Branch and deposited $200,000 into the Account. According to Bloomberg officials with whom a Special Agent of the FBI has spoken, the Account was established in a manner so as to permit "Alex" to confirm that funds had been deposited into it, but not to withdraw any funds.
14. Thereafter, in an e-mail dated April 20, 2000, addressed from "alexalex65@hotmail.com", and sent to Michael Bloomberg in New York via the Internet, the author (identified as "Alex") stated that he/she knew that funds had been deposited into the Account, but stated that Bloomberg was "wasting time" by opening an account "that can be closed at any moment." "Alex" requested "total control" over the Account, and further requested that Bloomberg make $7,500 in the Account available to him/her for travel expenses in connection with his/her meeting with Michael Bloomberg. Shortly thereafter, Bloomberg instructed the Branch to make $7,500 in the Account available for "Alex" to withdraw.
15. On or about May 11 and May 19, 2000, Deutsche officials informed a Special Agent of the FBI that approximately $700 and $6,700, respectively, was wire transferred from the Account to a bank account at Paritate Bank (the "Paritate Bank") in Riga, Latvia. A Special Agent of the FBI has spoken with officials of the Kazakstan National Bureau of Special Services ("KNBSS") , who are assisting with this investigation. They informed him that on May 25, 2000, at approximately 5:00 p.m., a call was placed from the home of OLEG ZEZOV, a/k/a "Oleg Zezev," a/k/a "Oleg Dzezev," a/k/a "Alex," to the Paritate Bank.
16. In the course of the FBI's investigation, a Special Agent of the FBI obtained computer logs from Hotmail which contain the IP addresses and connection dates and times relative to the e-mails sent from alexalex65@hotmail.com and bloomberg_mike@hotmail.com during various periods relevant to this investigation. These records reflect that these e-mails were sent from either of two IP addresses located in Almaty, Kazakstan. According to records maintained by RipeNet which a Special Agent of the FBI has reviewed, one of these IP addresses is assigned to a computer located at Kazcommerce-Secures-Net, located in Almaty, Kazakstan. In addition, RipeNet records which, a Special Agent of the FBI has reviewed indicate that the second of the two IP addresses is assigned to an unidentified computer connected to an ISP located in Almaty, Kazakstan.
17. In the course of the FBI's investigation, a Special Agent of the FBI learned that, in or about the Spring of 1999, Bloomberg provided access to its databases, via the open Bloomberg, to Kazkommerts Securities ("Kazkommerts") located in Almaty, Kazakstan. Bloomberg officials informed the FBI that, according to Bloomberg records, OLEG ZEZOV, a/k/a "Oleg Zezev," a/k/a "Oleg Dzezev, " a/k/a "Alex," the defendant, is employed by Kazkommerts and is one of four individuals, including Elena Gorokhova, at Kazkommerts associated with Kazkommert's contract with Bloomberg for the Open Bloomberg.
18. On or about June 29, 2000, acting at the direction' of FBI agents, Michael Bloomberg or one of his employees, sent e-mail to "alexalex65@hotmail.com suggesting that they resolve the matter in London on August 9 or 10, 2000.
19. In an e-mail dated July 25, 2000, addressed from "alexalex65@hotmail.com", and sent to Michael Bloomberg in New York via the Internet, the author (identified as "Alex") stated
Mike, I plan to arrive in London beforehand. However, in the worst case we shall arrive at night from 8-th to 9-th August. Taking into account this circumstance, I would ask you to plan time of the meeting at any convenient time after noon.P.S.: Judging from your letter, I understand that all preliminary questions have been resolved. We are looking forward to meet with you. Today is my birthday, 27 years old. And on this day I don't want you to think about me bad.
Alex
20. On or about August 6, 2000, OLEG ZEZOV, a/k/a "Oleg Zezev," a/k/a "Oleg Dzezev," a/k/a "Alex," the defendant, flew from Kazakstan to London aboard a British Airways flight. According to British Customs agents, upon arriving in London, ZEZOV completed a British landing card using the name "Oleg Zezev" and listed his date of birth as July 25, 1973.
21. Finally, in the course of the FBI's investigation, a Special Agent of the FBI spoke with a Bloomberg official familiar with Bloomberg's computers and computer systems, including Bloomberg's computers located in New York, New York. That official informed the FBI that certain information contained in the Bloomberg screens which were faxed to Bloomberg, on or about March 27, 2000 was maintained on Bloomberg's computers located in New York, New York. In addition, Bloomberg officials informed us that Bloomberg maintained logs which recorded certain connections to these computers in or about mid-March 2000, and that, among other things, these logs reflect connections at or about that time to those New York computers which originating from the IP address associated with Kazkommerts.
III. Conclusion
WHEREFORE, deponent prays that OLEG ZEZOV, a/k/a "Oleg Zezev," a/k/a "Oleg Dzezev," a/k/a "Alex," the defendant, be arrested, and that she be imprisoned or bailed, as the case may be.
[Signature]
BRIDGET LAWLER
Special Agent
Federal Bureau of investigation
Sworn to before me this
8th day of August, 2000
[Signature]
HONORABLE ANDREW J. PECK
UNITED STATES MAGISTRATE JUDGE
SOUTHERN DISTRICT OF NEW YORK
[Igor Yarimaka Compliant; 11 pages.]
Approved:
[Signature]
Paul B. Radvany
Assistant United States Attorneys
Before:
HONORABLE ANDREW J. PECK
United States Magistrate Judge
Southern District of New York
- - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - -
UNITED STATES OF AMERICA -v-
IGOR YARIMAKA, Defendant. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
x
: : : : : x |
SEALED COMPLAINT
Violations of:
COUNTY OF OFFENSE: |
SOUTHERN DISTRICT OF NEW YORK, ss.:
BRIDGET LAWLER, being duly sworn, deposes and says that she is a Special Agent with the Federal Bureau of Investigation, and charges as follows:
COUNT ONE
(Interference With Commerce By Threats)
1. From on or about March 27, 2000, up to and including on or about the date of this Complaint, in the Southern District of New York and elsewhere, IGOR YARIMAKA, the defendant, unlawfully, knowingly, and willfully did attempt to obstruct, delay, and affect commerce, as that term is defined in Title 18, United States Code, Section 1951(b) (3), and the movement of articles and commodities in commerce, by extortion, as that term is defined in Title 18, United States Code, Section 1951(b) (2), to wit, the defendant threatened publicly to disclose confidential information belonging to Bloomberg L.P., a multinational financial data provider doing business in interstate and foreign commerce, and Bloomberg L.P.'s clients, and to disclose information that IGOR YARIMAKA believed would cause economic harm to Bloomberg L.P.'s reputation if Bloomberg L.P. did not pay him hundreds of thousands of dollars.
(Title 18, United States Code, Section 1951.)
COUNT TWO
(Extortion)
2. From at least on or about March 27, 2000, up to and including the date of this Complaint, in the Southern District of New York and elsewhere, IGOR YARIMAKA, the defendant, unlawfully, knowingly, and willfully and with intent to extort from a firm, association, and corporation, money and other things of value, did transmit in interstate and foreign commerce communications containing threats to injure the property and reputation of the addressee, to wit, IGOR YARIMAKA, the defendant, in order to obtain hundreds of thousands of dollars from Bloomberg L.P., threatened publicly to disclose confidential information of Bloomberg L.P. and its clients, and to disclose information that OLEG ZEZOV, a/k/a "Oleg Zezev," a/k/a "Oleg Dzezev," a/k/a "Alex," the defendant, believed would cause economic harm to Bloomberg L.P.'s reputation.
(Title 18, United States Code, Section 875(d).)
COUNT THREE
(Unauthorized Computer Intrusion)
3. In or about March 2000, in the Southern District of New York and elsewhere, IGOR YARIMAKA, the defendant, unlawfully, knowingly, and intentionally, in conduct involving interstate and foreign communications, accessed a protected computer without authorization and exceeded authorized access, and thereby obtained information from such protected computer, to wit, the defendant accessed computers owned and maintained by Bloomberg L.P., and thereby obtained credit card and other personal information regarding Michael Bloomberg residing on such computers.
(Title 18, United States Code, Section 1030(a)(2)(C).)
The basis for my knowledge and for the foregoing charges are as follows:
I. Background -- the Internet
1. I have been employed as a Special Agent with the Federal Bureau of Investigation ("FBI") for approximately two years; and I am currently assigned to the Computer Crimes Squad. My duties as a member of that squad include the investigation of, among other things, extortion committed through the Internet, in violation of 18 U.S.C. §§ 875(d) and 1951, as well as unauthorized intrusions into computers, in violation of 18 U.S.C. § 1030(a)(2)(C). I am familiar with the facts and circumstances of this investigation, including the facts and,circumstances set forth below, from my personal participation in the investigation, from my review of various documents, including e-mails and faxes sent to and from Bloomberg L.P, 's ("Bloomberg") office in New York, New York, and from my conversations with other individuals, including other law enforcement officers and representatives of Bloomberg. Since this affidavit is being submitted for the limited purpose of establishing probable cause, I have not included details of every aspect of this investigation. In addition, where conversations, statements, or e-mails are related herein, they are related in substance and in part except where otherwise indicated.
2. As part of my training as an FBI Special Agent, I have become familiar with the Internet, which is a network of computers that individuals and entities can use to gain access to a wide range of information. Among the services available through the Internet is the ability to communicate with others through electronic mail, or "e-mail," and to transmit computer data and computer programs from one computer to another. An individual who wants to perform these activities must first obtain an account with a computer that is linked to the Internet for example, through an employer or a commercial service (such as an "Internet Service Provider" or "ISP", or companies which have contracted with ISPs) . The ISP assigns to each subscriber an account name or number, a mailbox and a personal password selected by the subscriber. By using a computer equipped with a modem or similar device,1 the subscriber can establish communication with an ISP over a telephone line, and access the Internet by using his or her account number and personal password. Once the individual accesses the Internet, he or she can send and receive e-mails. Based on my training and experience, I am aware that typically, in addition to the text of the communication itself, an e-mail message includes a portion, (known as a "header") which indicates various information concerning the e-mail, for example, the date and time the e-mail was sent; the e-mail address from which it was sent; and the e-mail address to which it was sent. Typically, the sender's e-mail address consists of a name combined with the name of the ISP or other entity providing the user with access to the Internet. Based on my expeRience investigating computer crimes, I am aware that individuals who use Internet e-mail in connection with committing crimes, rarely identify themselves by their true names. More specifically, I am aware that a number of companies which provide e-mail services permit their clients to open e-mail, accounts using names which they select. MSN Hotmail Corp. ("Hotmail"), the e-mail provider used by the defendant in this case, is one such company. As described below, in this case, the individual or individuals communicating with Bloomberg has used two names: - "bloomberg_mike@hotmail.com" and "alexalex65@hotmail.com".
____________________
1 A modem is an electronic device that allows one computer to communicate with another through a telephone line. Based on, my training and experience, I am aware that virtually all Internet communication, including the communications referenced in this Complaint at some point travel over telephone lines and cables.
3. Based on my training and experience, I am aware that when data is prepared
for transmission across the Internet, the data is electronically "stamped"
with a numeric identifier known as an "IP address." This IP address specifically
identifies the source computer and destination computer, I am also aware
that IP addresses are frequently grouped together by the registered owners
in so-called "domains", and that a list of domain assignments in Europe and
Asia is maintained by an entity known as the Ripe Network Coordinating Centre
("RipeNet").
II. The Computer Intrusion and Extortion
4. On or about March 27, 2000, a Special Agent of the FBI was informed by a representative of Bloomberg that, on or about March 24, 2000, an individual sent an unsolicited e-mail via the Internet from the address "bloomberg_mike@hotmail.com" to Michael Bloomberg, (who I know to be the founder and owner of Bloomberg), at Bloomberg's corporate offices in New York City.2 The e-mail contained an attachment, which consisted of a letter addressed to "Mr. Bloomberg" from a person who identified her/himself as "Alex." In this letter, "Alex" described her/himself as someone who was "not a criminal" but, rather, "intended to help you understand some drawbacks of your system. According to "Alex", these drawbacks included the fact that the Bloomberg Traveler was unprotected from the standpoint of computer security; for example, "Alex" stated that s/he had gained access to the Bloomberg system and (1) had obtained access to all Bloomberg functions, (2) had obtained user passwords of various Bloomberg senior employees, including Michael Bloomberg, and (3) was able to send and receive e-mail on behalf of, and in the name of, any Bloomberg user. In the letter, "Alex" also stated that s/he could "prove [his] words with . . . pictures of Bloomberg screens. "Alex" further stated that s/he was not a "terrorist", but "hope[d] that you'll find my information valuable and kindly propose adequate payment. I could give the professional advice to your programmers on how to protect the [Bloomberg] system." While "Alex" noted that Bloomberg "c[ould], refuse my help," s/he closed the letter by stating "[y]our security and reputation are in your hands."
____________________
2 Based on conversations a Special Agent of the FBI has had with Bloomberg representatives, I am aware that Bloomberg provides financial data and information services to various clients. Bloomberg provides these services to its clients through various channels, including through stand-alone computer terminals connected to the Internet, which Bloomberg leases to its clients. Bloomberg also provides its services to its clients through a product known as the "Bloomberg Traveler" which is a smaller, more portable version of a Bloomberg terminal, as well as through a product known as the "Open Bloomberg", which consists of proprietary Bloomberg software that enables a user to utilize their own computer to access Bloomberg's databases via the Internet.Based on conversations a Special Agent of the FBI has had with Bloomberg officials, I am aware that Bloomberg is an international company, with offices and affiliates around the world and that Bloomberg'is engaged in significant international and interstate commerce.
5. Thereafter, on or about March 27, 2000, an individual sent a multi-page fax to Bloomberg in New York City. The fax consisted of printouts of what a Special Agent of the FBI recognized to be Bloomberg screens. Among other things, these printouts included screens containing personal information concerning Michael Bloomberg, such as his employee I.D. photograph; his computer username and password at Bloomberg; and his credit card numbers. A Special Agent of the FBI was informed by Bloomberg officials that while this data is maintained on Bloomberg computers -- including at least one computer located in Manhattan, New York -- it is accessible only to certain authorized persons at Bloomberg, and is not among the data available to Bloomberg's clients.
___________________
3 Based on my experience investigating high-technology offenses, I have become familiar with various database services including Bloomberg's and am familiar with the format and layout of Bloomberg's "screens"; I am also aware that when a Bloomberg user's computer is connected to a printer, many of the screens which are viewable can be printed.
6. On or about March 27, 2000, acting at the direction of the FBI, Michael Bloomberg sent a reply e-mail via the Internet to the address "bloomberg_mike@hotmail.com". In that e-mail, Michael Bloomberg stated that he was interested in obtaining the information being offered, and inquired as to how to arrange payment for that information.
7. Thereafter, in an e-mail dated March 27, 2000, addressed from "bloomberg_mike@hotmail.com" and sent to Michael Bloomberg at Bloomberg via the Internet, Bloomberg was informed that it had already been provided with valuable services. The author of this e-mail (who was not identified other than by his Internet address) stated that if Bloomberg was ready to pay for that service, it "must estimate my service and precisely offer me the sum. If I agree with the sum -- you pay and we work further with your system. If I not agree we terminate negotiations."
8. Thereafter, in an e-mail dated April 3, 2000, addressed from "bloomberg_mikeohotmail, com", and sent to Michael Bloomberg in New York via the Internet, Bloomberg was told by the author (who here identified him/herself as "Alex") that they had "already done a great job analising [the Bloomberg] system." The author valued his services at "USD 200,000."
9. Thereafter, in an e-mail dated April 4, 2000, addressed from "bloomberg_mike@hotmail.com, and sent to Michael Bloomberg in New York via the Internet, Bloomberg was told by the author (who identified him/herself in the e-mail as "Alex") that there was a problem with the "bloomberg_mike@hotmail.com" mailbox, and that future a-mails should be sent to the address "alexalex65@hotmail.com". On or about April 6, 2000, acting at the direction of the FBI, Michael Bloomberg or one of his employees, sent an e-mail to "Alex" at the address "alexalex65@hotmail.com". In that e-mail, Michael Bloomberg suggested that he and "Alex" meet in person.
10. Thereafter, in an e-mail dated April 10, 2000, addressed from "alexalex65@hotmail.com", and sent to Michael Bloomberg in New York via the Internet, the author (identified as "Alex") stated that s/he was "ready to enter into negotiations with [Bloomberg] personally and your (computer) specialist-developers," and asked "what warranties of my security can you give from your side after you know my real name."
11. Thereafter, on or about April 17, 2000, Michael Bloomberg received an e-mail addressed from "alexalex65@hotmail.com" stating, among other things, the following:
Okay Mike, I understand that while we carry out useless correspondence, your [computer) specialists are trying to fix holes in the (Bloomberg) system. It is clear that you are extending time. But time is already lost. You have allowed serious leakage of information.I am tired of watching the actions of your programmers while I could suggest the reliable and manageable protection and control space. . . .
Did you calculate [ ] how much you already paid And, will pay to the army of programmers for the creation of a toy for hackers?4
Mike, why don't you want to pay me for done job. I am confident that should you wish it's always possible to find justification for paying me due award.
I have all evidences that BLOOMBERG system threatens business of its clients.
Using these evidences, I can inform the world on this danger giving the necessary arguments, including our correspondence . . . .
I am honest and well-intentioned person as far as you could see. But I can't give up my principles and in any case will get my money for done job."
____________________
4 Based on my experience investigating computer crimes, I am aware that persons that engage in unauthorized computer intrusions are often referred to colloquially as "hackers."
The author of the e-mail went on to direct Bloomberg (1) to open a bank account with an offshore bank; (2) to deposit $200,000 into that account; and (3) to communicate the name of the bank as well as pertinent account information so that the author could verify that the funds had been deposited. The author of the e-mail also stated that once s/he had verified the deposit, negotiations could continue. The e-mail goes on to-state:
"You will have 48 hours' after the receipt of th[is] e-mail for making the payment.I've written a report containing copies of confidential information of your firm and your clients.
I guarantee that after I get the money I will destroy all materials.
In case of non-payment I'll send the report to your clients.
They will he very surprised of the reliability of your system which you undertook to guarantee
Besides, I'll send the information to independent expert agencies dealing in testing software as well as to all popular mass media in the world.
They all will help you to resolve the problems for good."
12. On or about April 19, 2000, acting at the direction of FBI agents, Michael Bloomberg or one of his employees, sent an e-mail to "alexalex65@hotmail.com stating that an account would be opened at a branch office of Deutsche Bank in London (the "Branch") for the purpose of wire transferring the payment demanded by "Alex." Among other things, the e-mail provided the Branch address and main telephone number; the name of a Branch employee responsible for the account (the "Branch Employee"); and the Branch Employee's unique, "direct-dial" telephone number at the Branch. The e-mail also invited the recipient to call the Branch Employee and confirm the deposit of funds into the account.5
____________________
5 A Branch Employee informed the FBI that in or about early May, 2000, he received a telephone call at his direct-dial telephone number at the Branch from an unidentified female caller. In that call, the caller -- speaking English with a foreign accent -- sought verification that funds were on deposit in the Account. The Branch Employee informed the caller that funds had been deposited into the Account, but could not be withdrawn or transferred. Telephone records of cellular calls placed from a cell phone registered to Elena Gorokhova, the defendant, reflect that a call was placed from her cell phone to the Branch Employee's direct-dial telephone number at the Branch on or about May 8, 2000. Gorokhova has been charged in a sealed complaint. Pursuant to that complaint, an arrest warrant has been issued.
13. On or about April 19, 2000, Bloomberg opened an account (the "Account") at the Branch and deposited $200,000 into the Account. According to Bloomberg officials with whom a Special Agent of the FBI has spoken, the Account was established in a manner so as to permit "Alex" to confirm that funds had been deposited into it, but not to withdraw any funds.
14. Thereafter, in an e-mail dated April 20, 2000, addressed from "alexalex65@hotmail.com", and sent to Michael Bloomberg in New York via the Internet, the author (identified as "Alex") stated that he/she knew that funds had been deposited into the Account, but stated that Bloomberg was "wasting time" by opening an account "that can be closed at any moment." "Alex" requested "total control" over the Account, and further requested that Bloomberg make $7,500 in the Account available to him/her for travel expenses in connection with his/her meeting with Michael Bloomberg. Shortly thereafter, Bloomberg instructed the Branch to make $7,500 in the Account available for "Alex" to withdraw.
15. On or about May 11 and May 19, 2000, Deutsche officials informed a Special Agent of the FBI that approximately $700 and $6,700, respectively, was wire transferred from the Account to a bank account at Paritate Bank (the "Paritate Bank") in Riga, Latvia. A Special Agent of the FBI has spoken with officials of the Kazakstan National Bureau of Special Services ("KNBSS") , who are assisting with this investigation. They informed him that on May 25, 2000, at approximately 5:00 p.m., a call was placed from the home of Oleg Zezev to the Paritate Bank.
16. In the course of the FBI's investigation, a Special Agent of the FBI obtained computer logs from Hotmail which contain the IP addresses and connection dates and times relative to the e-mails sent from alexalex65@hotmail.com and bloomberg_mike@hotmail.com during various periods relevant to this investigation. These records reflect that these e-mails were sent from either of two IP addresses located in Almaty, Kazakstan. According to records maintained by RipeNet which a Special Agent of the FBI has reviewed, one of these IP addresses is assigned to a computer located at Kazcommerce-Secures-Net, located in Almaty, Kazakstan. In addition, RipeNet records which, a Special Agent of the FBI has reviewed indicate that the second of the two IP addresses is assigned to an unidentified computer connected to an ISP located in Almaty, Kazakstan.
17. In the course of the FBI's investigation, a Special Agent of the FBI learned that, in or about the Spring of 1999, Bloomberg provided access to its databases, via the open Bloomberg, to Kazkommerts Securities ("Kazkommerts") located in Almaty, Kazakstan. Bloomberg officials informed the FBI that, according to Bloomberg records, Oleg Zezev, is employed by Kazkommerts and is one of four individuals, including Elena Gorokhova, at Kazkommerts associated with Kazkommert's contract with Bloomberg for the Open Bloomberg.
18. On or about June 29, 2000, acting at the direction' of FBI agents, Michael Bloomberg or one of his employees, sent e-mail to "alexalex65@hotmail.com suggesting that they resolve the matter in London on August 9 or 10, 2000.
19. In an e-mail dated July 25, 2000, addressed from "alexalex65@hotmail.com", and sent to Michael Bloomberg in New York via the Internet, the author (identified as "Alex") stated
Mike, I plan to arrive in London beforehand. However, in the worst case we shall arrive at night from 8-th to 9-th August. Taking into account this circumstance, I would ask you to plan time of the meeting at any convenient time after noon.P.S.: Judging from your letter, I understand that all preliminary questions have been resolved. We are looking forward to meet with you. Today is my birthday, 27 years old. And on this day I don't want you to think about me bad.
Alex
20. On or about August 6, 2000, IGOR YARIMAKA, the defendant, flew from Kazakstan to London aboard a British Airways flight. According to British Customs agents, upon arriving in London, Oleg Zezev completed a British landing card using the name Oleg Zezev and listed his date of birth as July 25, 1973.
____________________
6 Zezev has been charged in a sealed complaint. Pursuant to that complaint, an arrest warrant has been issued.
21. According to British law enforcement officials, IGOR YARIMAKA, the defendant, accompanied Oleg Zezev off of the British Airways flight and through customs. Thereafter they shared a taxi to Hotel Edward where they both have been staying since August 6, 2000.
22. In the course of the FBI's investigation, a Special Agent of the FBI spoke with a Bloomberg official familiar with Bloomberg's computers and computer systems, including Bloomberg's computers located in New York, New York. That official informed the FBI that certain information contained in the Bloomberg screens which were faxed to Bloomberg, on or about March 27, 2000 was maintained on Bloomberg's computers located in New York, New York. In addition, Bloomberg officials informed us that Bloomberg maintained logs which recorded certain connections to these computers in or about mid-March 2000, and that, among other things, these logs reflect connections at or about that time to those New York computers which originating from the IP address associated with Kazkommerts.
23. According to a Special Agent of the FBI, on or about August 10, 2000, IGOR YARIMAKA, the defendant, and Oleg Zezev went to the Hilton Hotel in London, England and met in a private meeting room with officials from Bloomberg L.P., including Michael Bloomberg, and two London Metropolitan police officers, one posing as Bloomberg L.P, executive (the "U/C") and the other serving as a translator.
a. Oleg Zezev introduced himself as "Alex" and said that they wanted to speak about the security of Bloomberg L.P.'s computer system (the "Computer System") IGOR YARIMAKA, the defendant, stated in substance and in part that he represented "Alex" and would handle the terms of payment. He acknowledged that Zezev was "Alex" and that Zezev was the individual with technical skills who was able to access the Computer System. YARIMAKA and Zezev acknowledged that Zezev had previously connected to the Computer System and had the ability to send an e-mail to anyone on the system.b Michael Bloomberg told IGOR YARIMAKA, the, defendant, and Oleg Zezev that he had received e-mails demanding $200,000 for breaking into the Computer System. Bloomberg also said that he was concerned that Bloomberg L.P. was being extorted by them. YARIMAKA said in substance and in part that they were there to help Bloomberg L.P. with their computer security, that they were not criminals and that "Alex" had not broken any criminal laws in his country. YARIMAKA said that he was concerned that Bloomberg had used the term extortion.
c. IGOR YARIMAKA, the defendant, said, in substance and in part, that he was a former Kazakstan prosecutor and that they would not harm the Bloomberg L.P. computer system but that they wanted a contract so that "Alex" would get paid for pointing out the inept security system at Bloomberg L.P. The U/C told them that any contract they entered into would not be legal because this was not a business meeting as they were meeting in secret. YARIMAKA acknowledged that the parties would not enter into a legal contract but that he wanted a contract to make sure that a payment would be made. YARIMAKA said that he had drafted a contract but that it was in their hotel room. Therefore, he suggested that they meet later that day.
d. The U/C told IGOR YARIMAKA, the defendant, and Oleg Zezev that they had to tell them what they did with the Computer System before they got paid. Bloomberg L.P, officials asked Zezev to show them how he got into the Bloomberg L.P.'s computer system. Zezev said that he could not show them this at the moment because he wanted to sign a contract first. Zezev stated that all of the information is in his head.
24. After the meeting, Oleg Zezev was arrested pursuant to an provisional
arrest warrant which was based on a complaint filed in the United States
on August 8, 2000. IGOR YARIMAKA, the defendant, was detained by the London
Metropolitan Police on immigration charges.
III. Conclusion
WHEREFORE, deponent prays that IGOR YARIMAKA, the defendant, be arrested, and that she be imprisoned or bailed, as the case may be.
[Signature]
BRIDGET LAWLER
Special Agent
Federal Bureau of investigation
Sworn to before me this
10th day of August, 2000
[Signature]
HONORABLE ANDREW J. PECK
UNITED STATES MAGISTRATE JUDGE
SOUTHERN DISTRICT OF NEW YORK
Transcription and HTML by Cryptome.