create a fake auction item with a value less than $500 to avoid triggering fraud alarms. They would use other fake accounts to bid on the item, and they knew how to rig the bidding so they would always win (thus not defrauding any real bidders who might report the activity). The fake PayPal accounts would be used to clear the transaction, and they even used the fake bidder accounts to “rate the seller,” inflating the credibility of the fake accounts.

One very interesting aspect of this case is the automation of all processes related to e-mail account creation and management, online payment account creation and management, web-based transaction processing, and electronic funds transfer. Tens of thousands of stolen credit card numbers were carefully used in ways that limited the losses to less than a few hundred dollars per card. The automation allowed the group to focus on the intrusions, data exfiltration and sorting, and other aspects of their activity that brought in money. This was all done by a small group of perhaps a half-dozen individuals,2 skilled programmers who could not find jobs locally that paid anything near what their skills were worth. Ivanov was described by U.S. District Court Judge Thompson as a “manager or supervisor,” while Gorshkov claimed he was “the boss.” (Both statements could be true if there are six or more individuals involved.) They claim to have worked up to 16 hours per day over about 1 year3 and to have generated $150,000 in 6 months. This is enough to pay the salaries of 20 (unemployed) Russian rocket scientists at 2003 salary rates.4


In 2005, a couple were arrested in Britain on charges of creating a Trojan horse key logger and installing it on systems at dozens of sites by way of CD-ROMs containing what was purported to be a business proposal.5 This has been described as the largest industrial espionage case in Israeli history. The espionage activity was primarily targeted at competitors to the clients of three private investigation firms, at a cost


Philip Attfield, “United States v Gorshkov Detailed Forensics and Case Study; Expert Witness Perspective,” in Proceedings of the First International Workshop on Systematic Approaches to Digital Forensic Engineering (SADFE05), 2005, available at


Art Jahnke, “Russian Roulette,” 2005, available at


Stephanie Overby, “Big Ideas 2003: Passages Beyond India,” 2003, available at


See, for example, Avi Cohen, “Scandal Shocks Business World,” 2005, available at,7340,L-3091900,00.html. See also Bob Sullivan, “Israel Espionage Case Points to New Net Threat,” June 9, 2005, available at

The National Academies of Sciences, Engineering, and Medicine
500 Fifth St. N.W. | Washington, D.C. 20001

Copyright © National Academy of Sciences. All rights reserved.
Terms of Use and Privacy Statement