Personal tools

Hackstory Twitter Hackstory Facebook

Dmitry Sklyarov

From Hack Story

Jump to: navigation, search
Staff Zap (Under Construction)black.jpg

Russian Hacker Charges Dropped Associated Press 1:38 p.m. Dec. 13, 2001 PST

SAN JOSE, California -- Charges will be dropped against a Russian computer programmer accused of violating copyrights on software made by Adobe Systems in exchange for his testimony in the trial of his company, a spokeswoman for the programmer said Thursday.

Dmitry Sklyarov, 27, had been charged in the first criminal prosecution under the 1998 Digital Millennium Copyright Act.

Sklyarov and his employer, ElcomSoft Co. Ltd. of Moscow, were charged with releasing a program that let readers disable restrictions on Adobe's electronic-book software. The program is legal in Russia.

Sklyarov was arrested after speaking at a hacking convention in Las Vegas on July 16. He lives with his wife and two children in an apartment in San Mateo and has been working on his doctorate in computer science.

Copyright (c) 2001 Associated Press


----------

FOR IMMEDIATE RELEASE
December 13, 2001

        The United States Attorney's Office for the Northern District of
California announced that Dmitry Sklyarov entered into an agreement
this morning with the United States and admitted his conduct in a
hearing before U.S. District Judge Whyte in San Jose Federal Court.

        Under the agreement, Mr. Sklyarov agreed to cooperate with the
United States in its ongoing prosecution of Mr. Sklyarov's former
employer, Elcomsoft Co., Ltd. Mr. Skylarov will be required to appear
at trial and testify truthfully, and he will be deposed in the matter.
For its part, the United States agreed to defer prosecution of Mr.
Sklyarov until the conclusion of the case against Elcomsoft or for one
year, whichever is longer. Mr. Sklyarov will be permitted to return to
Russia in the meantime, but will be subject to the Court's supervision,
including regularly reporting by telephone to the Pretrial Services
Department. Mr. Sklyarov will be prohibited from violating any laws
during the year, including copyright laws. The United States agreed
that, if Mr. Sklyarov successfully completes the obligations in the
agreement, it will dismiss the charges pending against him at the end of
the year or when the case against Elcomsoft is complete.

        Mr. Sklyarov, 27, of Moscow, Russia, was indicted by a federal
Grand Jury on August 28, 2001. He was charged with one count of
conspiracy in violation of Title 18, United States Code, Section 371,
and two counts of trafficking for gain in technology primarily designed
to circumvent technology that protects a right of a copyright owner in
violation of Title 17, United States Code, Section 1201(b)(1)(A), and
two counts of trafficking for gain in technology marketed for use in
circumventing technology that protects a right of a copyright owner in
violation of Title 17, United States Code, Section 1201(b)(1)(A).

        In entering into the agreement with the government, Mr. Sklyarov
was required to acknowledge his conduct in the offense. In the
agreement, Mr. Sklyarov made the following admissions, which he also
confirmed in federal court today:

"Beginning on a date prior to June 20, 2001, and continuing through July
15, 2001, I was employed by the Russian software company, Elcomsoft Co.
Ltd. (also known as Elcom Ltd.) (hereinafter "Elcomsoft") as a computer
programmer and cryptanalyst.

"Prior to June 20, 2001, I was aware Adobe Systems, Inc. ("Adobe") was a
software company in the United States. I was also aware Adobe was the
creator of the Adobe Portable Document Format ("PDF"), a computer file
format for the publication and distribution of electronic documents.
Prior to June 20, 2001, I knew Adobe distributed a program titled the
Adobe Acrobat eBook Reader that provided technology for the reading of
documents in an electronic format on personal computers. Prior to June
20, 2001, I was aware that documents distributed in the Adobe Acrobat
eBook Reader format are PDF files and that specifications of PDF allow
for limiting of certain operations, such as opening, editing, printing,
or annotating.

"Prior to June 20, 2001, as a part of my dissertation work and as part
of my employment with Elcomsoft, I wrote a part of computer program
titled the Advanced eBook Processor ("AEBPR"). I developed AEBPR as a
practical application of my research for my dissertation and in order to
demonstrate weaknesses in protection methods of PDF files. The only
use of the AEBPR is to create an unprotected copy of an electronic
document. Once a PDF file is decrypted with the AEBPR, a copy is no
longer protected by encryption. This is all the AEBPR program does.

"Prior to June 20, 2001, I believed that ElcomSoft planned to post the
AEBPR program on the Internet on the company's website
www.elcomsoft.com. I believed that the company would charge a fee for a
license for the full version of the AEBPR that would allow access to all
capabilities of the program.

"After Adobe released a new version of the Adobe Acrobat eBook Reader
that prevented the initial version of the AEBPR program from removing
the limitations or restrictions on an e-book, I wrote software revisions
for a new version of the AEBPR program. The new version again decrypted
the e-document to which it was applied. The version of this new AEBPR
program offered on the Elcomsoft website only decrypted a portion of an
e-document to which it was applied, unless the user had already
purchased a fully functional version of the earlier version and had both
versions installed on the same machine. The new version was developed
after June 29, 2001. At that time, Elcomsoft had already stopped selling
the program. The version of this new program offered on the Elcomsoft
website did not provide a user with an opportunity to purchase it or
convert it to a fully functional one, and was developed as a matter of
competition.

"On July 15, 2001, as part of my employment with Elcomsoft, I attended
the DEF CON Nine conference in Las Vegas, Nevada. At the conference I
made a presentation originally intended for the BlackHat conference that
immediately preceded the DefCon Nine in July 2001 in Las Vegas, Nevada.
The same group of people organizes both BlackHat and DefCon Nine. Since
there was no available slot for a presentation at BlackHat at the time
when the paper was sent for the committee consideration, the organizers
of both conferences suggested that the paper be presented at the DefCon
rather than at BlackHat. The paper that I read at DefCon is attached as
Exhibit A. A principal part of my presentation is comprised of my
research for the dissertation. In my presentation when I said "we", I
meant Elcomsoft."

        Mr. Sklyarov's employer, Elcomsoft, remains charged in the case,
and the Court in that matter has set hearings for various motions on
March 4, 2002, and April 1, 2002.

        The prosecution of Elcomsoft is the result of an investigation
by the Federal Bureau of Investigation. Scott Frewing and Joseph
Sullivan of the Computer Hacking and Intellectual Property ("CHIP") Unit
are the Assistant U.S. Attorneys who are prosecuting the case with the
assistance of legal technician Lauri Gomez.

        A copy of this press release and key court documents filed in
the case may also be found on the U.S. Attorney's Office's website at
www.usdoj.gov/usao/can <http://www.usaondca.com>.

        All press inquiries to the U.S. Attorney's Office should be
directed to Assistant U.S. Attorney Matthew J. Jacobs at (415)436-7181
or Assistant U.S. Attorney Ross Nadel, Chief of the CHIP Unit, in San
Jose at (408

------

On July 17th, 2001, DMITRY SKLYAROV, coder for the Russian

        software house ELCOMSOFT, was arrested while visiting the
        US. His crime: writing code that exposed flaws in Adobe's
        e-book security, in contravention of the USA's exciting new
        DMCA. In the next year, thanks to widespread protests, Adobe
        withdrew their call to prosecute the Russian hacker and
        Dmitry was freed. Elcomsoft is still in the dock for
        breaching Adobe's copy restriction routines. If the aim of
        the prosecution was to cow them into keeping quiet about
        security problems, it doesn't appear to have worked. On July
        12th, 2002, ELCOMSOFT posted to Bugtraq a flaw in Adobe's
        e-book security. Namely, that in Adobe's "lending library"
        web app for the Adobe Content Server, you can borrow a book
        for over twenty years (instead of three days) just by
        changing a hidden Web form value. The library site is just a
        demonstration app, so it's not a serious problem, but it
        does give Elcomsoft room for a catty little addendum. "Some
        time ago", they write "we have found much more serious
        problem with another Adobe software and reported it to the
        vendor; however, there was no response at all, and so we
        decided not to waste our time reporting this one (about the
        library) to Adobe". How much reaction do they want?
        Salt sown in the soil of Moscow and the Volga canal aflame?
        http://lists.insecure.org/bugtraq/2002/Jul/0133.html
                          - don't plan any trips to Disneyland, Vlad
        http://librarydemo.adobe.com/library/
                         - fixed, it looks, by stubbing out the code
        http://lists.insecure.org/bugtraq/2002/Jul/0193.html

- now, for real chutzpah, post a Symantec exploit on the newly 0wn3d BugTraq

Retrieved from "Dmitry_Sklyarov"
Hackstory.es - La historia nunca contada del underground hacker en la Península Ibérica.