According to the Russian language interview with Alexander Katalov, president of Elcomsoft and an ex-KGB operative himself, his firm had performed work for the FBI itself.

An INQUIRER reader has translated the interview for us, the original of which can be found here.

Here is his translation in full:

The Elcomsoft president, Mr. Alexander Katalov gives details on the arrest of his company emloyee, Dmytry Sklyarov.

Alexander, how was Dmitry arrested?

On Sunday there was a DefCon conference. Dmitry had delivered there our "eBook Security: Theory and practise" presentation. On Monday morning, at around 9am, he was checking out of the hotel together with another employee. On the way out of the hotel, two individuals stopped them. They presented their FBI IDs and immediately handcuffed Dmitry. Detained, the employees were put into separate rooms. With Andrey they interviewed him for just half an hour, asking what and how, and he was allowed to leave the building right after. He had tried to get me on the phone, but could not get through. So, after he called our Moscow office at around 9:30am, Moscow had already notified me via e-mail about his arrest.

Is Dmitry Sklyarov the sole "Advanced eBook Processor" program author, the very program he got arrested because of?

Naturally, he is not the only one. Moreover, he was developing the "scientific part" of the program, its algorithms. This work is a part of his dissertation. There were at least three employees, working on the program; the program itself comes under Elkomsoft brand. However, it seems that now the Americans are trying to present the situation as a hacking, conducted by a single Russian hacker.

So, does it look like Dmitry was detained only due to his DefCon presentation?

Probably yes. Though he introduced himself as an Elcomsoft employee, the company that developed the product.

What are your lawers saying?

Our lawers were notified on arrest in the evening, when everything was closed down already. That's how it was developing: after I received the email, I called the Russian Consulate. They proposed to wait until noon at consulate, assuming that the Americans would let Dmitry board the flight en-route LAX, where Aeroflot flight would bring him back to Russia. But he did not show up at the airport, so the consulate initialized a standard offical request to American authorities. They spent around two hours on that and we all realized that Dmitry will not fly away for sure. In fact we even did not know where Dmitry was physically located. At around 2pm the request was filed but not till the end of working day, till 6pm was there any answer. So on Monday we had no info.

Tuesday morning, when our office had started its new working day in Moscow, Dmitry's wife called in. She said that she had a call from the US, and via an interpreter she was told that her husband is under arrest. She was not allowed to talk to him directly. This US call was at around 4am Moscow time, so it was still Monday, around 3pm here in US. So this meant that the authorities had not responded to the request filed by the Russian Consulate on Monday.

Are there any offical charges already?

As far as I can tell from the words of Dima's wife (and she did not understand it all clearly due to early morning situation itself, plus she also has a 2-month old baby), it looks like charges were preferred yesterday. And it was decided that Dmitry would be spending time in the jail, because there are no people ready to pay the bail bonds. Bear in mind, the US authorities had never notified either the Russian Consulate or us.

After this case and another recent arrest of Russian hackers it looks like the FBI has acquired a new way of working: to lure Russian programmers out of Russia and to arrest them in the US under local legislation. Before this time, were your employees attending similar events to DefCon? Have there been similar situations before?

Well, we did attend Black Hat conference without any problem. Moreover, in April we had sponsored the conference on informational security for the US law inforcement agencies. So the arrest we are talking about is relevant to the accusation against Dmitry. Filed by the Adobe Corporation only, it does not concern our company business practices. Dmitry's wife was told that Dmitry is to get relocated to California. And the San Diego agent arrested him, exactly where Adobe is stationed.

Don't you think that your program for breaking the copywrited Adobe files breaches the law?

I don't think so. Adobe asserts that the limitation to copy of e-book is to be defined (set) by the copywriter. However, if you compare same books saved in Microsoft and Adobe formats, you'd see that Microsoft format allows making the second copy. The Adobe format does not. Meaning that while the Microsoft format based book can be read on different computers: on the one the u ser had purchased it, and on another, like on a notebook at home. However, in Adobe format you are allowed to read the book only on the very computer you downloaded the book with. So the assertion that such a limitation is to be established by the publisher or by the author is an absolutely incorrect one.

But hacking the book once lets you replicate it for further distribution…

Our program does not "hack" the book: only the individual who officially had purchased the book can make a second copy. If the individual made a copy and proceeds with its following distribution on disks - he is the one who breeches the letter of law. Not our program. Making the copies for own needs is legal. In fact, according to Russian legislation, Adobe software is actually rather illegal, because it does not let the buyer use the purchased product where the Buyer needs it. Besides, during the on-line purchasing procedure of Adobe formated books, the buyer is not informed at all about such a limitation.

But the allegation will be an American one, - because of the hacking program distribution on US territory (Title 17, United States Code, Section 1201(b)(1)(A), or so called Digital Millennium Copyright Act).

The truth is that we did not distribute the program. There were reports that we do. But we did not sell it and did not collect orders for it. Right after first Adobe warning, we only had left the demo-version on the net, which does decript only 25% of the book, just for demonstration, that such functionality is feasible. During 4 consequetive months we were informing Adobe specialists on their defence "holes". Even wrote on the forumes, specifically created for thoses specialists. But they simply were erasing our messages. As far as I can tell, Adobe Corp is feeling uneasy about the situation with Barnes&Noble, which doubted their security efficiency incorporated in the e-book format.

So, does it mean, that Adobe Corporation got interested in you only after you pointed the issues out to them?

Well, yes! Barnes&Noble had stopped its on-line sales of e-books for 24 hours, claiming that "adobish" format does not provide copywriting security. Adobe Corporation proceeded with active measures exactly after this case.

Recently in US there was similar case with the program to hack DVD disks. And they managed to plead people, distributing DeCSS, guilty.

Yes, our story with e-book is the closest to the DeCSS story: they made a program, letting to view DVD movies on Linux based computers. However those people already on the way to win analog cases, with meeting allegations. It's because they were not allowed to publish their algorithms, while algorithm is already a scientific work, a subject that cannot be prohibited for further distribution.

It's known, that sometimes FBI does arrest hackers for the sake of making them work for FBI in return for freedom. Can it be that Dmitry will be out in the same way?

Well, such a development could have occurred to me, because I've studied in Higher KGB School. I don't think this would happen to Dmitry. May be only if they would propose him a contract…

But Elcomsoft already was cooperating with the FBI, wasn't it?

Yes, our major customers for passwords hacking program are special services. Same FBI was purchasing those programs for several times.

Can it help to free Dmitry up?

I don't know. Those are separate FBI departments. Naturally, I will try to use my contacts.

µ

See Also
Adobe gets Russian arrested

Home      Discuss on our Forum     Flame Editor