Example .
A. | INVITA EVIDENCE AND SUMMARY EXHIBITS |
1. | Video tape of Invita meeting, November 10, 2000, with superimposed transcript |
1B. | Audio recording of Invita meeting, November 10, 2000 (7 tapes) |
2. | E-mail from Michael Patterson <[email protected]> to <[email protected]> dated June 21, 2000 |
2A. | E-mail from Alexey Ivanov <[email protected]> to [email protected] dated July 1, 2000 |
2B. | E-mail from Alexey Ivanov <[email protected]> to [email protected] dated July 1, 2000 |
2C. | E-mail from Michael Patterson <[email protected]> to Alexey Ivanov <[email protected]> dated July 7, 2000 |
2D. | E-mail from Michael Patterson <[email protected]> to <[email protected]> Cc: <[email protected]> dated July 7, 2000 |
2E. | E-mails from Alexey Ivanov <[email protected]> to [email protected], two dated July 9, 2000, and one dated July 11, 2000 |
2F. | E-mail from Michael Patterson <[email protected]> to Alexey Ivanov <[email protected]> dated July 27, 2000 |
2G. | E-mail from Alexey Ivanov <[email protected]> to [email protected] dated July 28, 2000 |
2H. | E-mail from Michael Patterson <[email protected]> to Alexey Ivanov <[email protected]> dated August 8, 2000 |
2I. | E-mail from Alexey Ivanov <[email protected]> to [email protected] dated August 15, 2000 |
2J. | E-mail from Alexey Ivanov <[email protected]> to [email protected] dated August 17, 2000 |
2K. | E-mail from Michael Patterson <[email protected]> to Alexey Ivanov <[email protected]> dated August 17, 2000 |
2L. | E-mail from Michael Patterson <[email protected]> to Alexey Ivanov <[email protected]> dated August 17, 2000 |
2M. | E-mail from Alexey Ivanov <[email protected]> to [email protected] dated August 18, 2000 |
2N. | E-mail from Michael Patterson <[email protected]> to Alexey Ivanov <[email protected]> dated August 30, 2000 |
2O. | E-mail from Michael Patterson <[email protected]> to Alexey Ivanov <[email protected]> dated September 6, 2000 |
2P. | E-mail from Alexey Ivanov <[email protected]> to [email protected] dated September 14, 2000 |
2Q. | E-mail from Michael Patterson <[email protected]> to Alexey Ivanov <[email protected]> dated September 18, 2000 |
2R. | E-mail from Alexey Ivanov <[email protected]> to [email protected] dated September 29, 2000 |
2S. | E-mail from Michael Patterson <[email protected]> to Alexey Ivanov <[email protected]> dated October 6, 2000 |
2T. | E-mail from Alexey Ivanov <[email protected]> to [email protected] dated October 12, 2000 |
2U. | E-mail from Michael Patterson <[email protected]> to Alexey Ivanov <[email protected]> dated October 20, 2000 |
2V. | E-mail from Alexey Ivanov <[email protected]> to [email protected] dated October 24, 2000 |
2W. | E-mail from Alexey Ivanov <[email protected]> to [email protected] dated October 27, 2000 |
2X. | E-mail from Alexey Ivanov <[email protected]> to [email protected] dated October 30, 2000 |
2Y. | E-mail from Michael Patterson <[email protected]> to Alexey Ivanov <[email protected]> dated November 1, 2000 |
2Z. | E-mail from Alexey Ivanov <[email protected]> to [email protected] dated November 2, 2000 |
2AA. | E-mail from Michael Patterson <[email protected]> to Alexey Ivanov <[email protected]> dated November 3, 2000 |
2BB. | E-mail from Alexey Ivanov <[email protected]> to [email protected] dated November 4, 2000 |
2CC. | E-mail from Michael Patterson <[email protected]> to Alexey Ivanov <[email protected]> dated November 7, 2000 |
3. | Audio tape recording, July 14, 2000, Invita telephone call |
4. | Audio tape recording, August 25, 2000, Invita telephone call |
5. | Invita letter of invitation for U.S. Visa |
10. | VASSILI GORCHKOV Passport and U.S. Visa |
11. | VASILY GORSHKOV’s HP Jornada 690 |
12. | Winwhatwhere log for Invita IBM laptop computer, November 10, 2000 (ibm_log.csv) |
13. | Winwhatwhere log for Invita Dell laptop computer, November 10, 2000 (investigator.csv) |
14A. | alexey2.log |
14B. | bsdpasswd.log |
14C. | kvakin.log |
14D. | lastlog.log |
14E. | user.log |
14F. | var.log |
14G. | duoutput.log |
14H. | du2.log |
14I. | alexey.log |
15. | IP and Domain Name Directory |
16. | Sytex Invitasecurity.com Intrusion Report |
17. | Curtis Rose’s PowerPoint summary of same |
20. | Summary Exhibit freebsd wtmp.all.filtered.xls, sorted by user |
24. | |
25. | |
26. | |
27. | ALEXEY IVANOV passport and U.S. visa |
29. | ALEXEY IVANOV’s Toshiba laptop computer |
38. | Screen banner on /substa on tech.net.ru on November 21, 2000, with Cryllic script |
B. | FILES, SCRIPTS AND PROGRAMS FROM ALEXEY IVANOV’S TOSHIBA LAPTOP COMPUTER |
50. | Chart of directories, subdirectories, and files from c: drive of Alexey Ivanov’s Toshiba laptop computer |
51. | SPEAK.TXT (c:worksoftSCANNERSPEAK.TXT) |
52. | SPEAK1.TXT (c:worksoftSCANNERSPEAK1.TXT) |
53. | |
54. | SPEAK2.TXT (c:worksoftSCANNERSPEAK2.TXT) |
55. | memphis.k12.mi.us (c:worksoftucfjohnjohn-15 unmemphis.k12.mi.us) |
56. | memphis.k12.mi.us-dec (c:worksoftucfjohnjohn-15 unmemphis.k12.mi.us-dec) |
57. | eagles.port-huron.k12.mi.us (c:worksoftucfjohnjohn-15 uneagles.port-huron.k12.mi.us) |
58. | yale.k12.mi.us (c:worksoftucfjohnjohn-15 unyale.k12.mi.us) |
60. | narabankna (c:worksoftL0PHT arabankna) |
61. | pwdump (c:worksoftL0PHTpwdump) |
62. | pwdump.log.lc (c:worksoftL0PHTpwdump.log.lc) |
C. | SYSTEMS FILES, SCRIPTS AND PROGRAMS FROM TECH.NET.RU AND FREEBSD.TECH.NET.RU COMPUTERS |
100. | Data downloaded from tech.net.ru and freebsd.tech.net.ru (first CD) |
100A. | Data downloaded from tech.net.ru and freebsd.tech.net.ru (second CD) |
100B. | Data downloaded from tech.net.ru and freebsd.tech.net.ru (third CD) |
100C. | Data downloaded from tech.net.ru and freebsd.tech.net.ru (fourth CD) |
FILES FROM TECH.NET.RU COMPUTER | |
101. | Chart of directories and subdirectories in tech.net.ru computer |
102. | passwd (tech.net.ru: /etc/passwd) |
103. | dmesg (tech.net.ru: /var/log/dmesg) |
104. | output of last command executed during download (from alexey.log) |
105. | wtmp (tech.net.ru: /var/log/wtmp) |
106. | wtmp.report (tech.net.ru: /var/log/wtmp.report |
107. | kvakin (tech.net.ru: /var/spool/mail/kvakin) |
110. | Chart of subdirectories and files in /home/kvakin directory of tech.net.ru |
111. | .bash_history (tech.net.ru: /home/kvakin/.bash_history) |
112. | .mysql_history (tech.net.ru: /home/kvakin/.mysql_history) |
113. | mbox (tech.net.ru: /home/kvakin/mbox) |
114. | add_proxy (tech.net.ru: /home/kvakin/add_proxy) |
115. | lomscan.exe (tech.net.ru: /home/kvakin/lomscan.exe) (output from strings command) |
116. | List of files in /home/kvakin/ebay directory |
117. | func.pl (tech.net.ru: /home/kvakin/ebay/func.pl) |
118. | randinfo.pl (tech.net.ru: /home/kvakin/ebay/randinfo.pl) |
119. | solded (tech.net.ru: /home/kvakin/ebay/solded) |
120. | List of files in /home/kvakin/mails directory |
121. | gethttps (tech.net.ru: /home/kvakin/mails/gethttps) |
122. | getownemail (tech.net.ru: /home/kvakin/mails/getownemail) |
123. | hardcopy.9 (tech.net.ru: /home/kvakin/mails/hardcopy.9) |
124. | main_accounts (tech.net.ru: /home/kvakin/mails/main_accounts) |
125. | open_emails (tech.net.ru: /home/kvakin/mails/open_emails) |
126. | register.htm (tech.net.ru: /home/kvakin/mails/register.htm) |
127. | response.html (tech.net.ru: /home/kvakin/mails/response.html) |
128. | sign_in (tech.net.ru: /home/kvakin/mails/sign_in) |
129. | temp.html (tech.net.ru: /home/kvakin/mails/temp.html) |
130. | temp1.html (tech.net.ru: /home/kvakin/mails/temp1.html) |
131. | temp4.html (tech.net.ru: /home/kvakin/mails/temp4.html) |
132. | List of files in /home/kvakin/http directory (CD reference: 1b7/kvakinhome/http) |
133. | auto_web-agent.pl (tech.net.ru: /home/kvakin/http/auto_web-agent.pl) |
134. | Electronics.txt (tech.net.ru: /home/kvakin/http/Electronics.txt) |
135. | fuckIIS (tech.net.ru: /home/kvakin/http/fuckIIS) |
136. | http (tech.net.ru: /home/kvakin/http/http) |
137. | iis_hosts.txt (tech.net.ru: /home/kvakin/http/iis_hosts.txt) |
138. | net_ssl_test (tech.net.ru: /home/kvakin/http/net_ssl_test) |
139. | sslproxy (tech.net.ru: /home/kvakin/http/sslproxy) |
140. | sslproxy_socket (tech.net.ru: /home/kvakin/http/sslproxy_socket) |
141. | text (tech.net.ru: /home/kvakin/http/text) |
142. | List of files in /home/kvakin/msadc directory |
143. | msadc.pl (tech.net.ru: /home/kvakin/msadc/msadc.pl) |
144. | msadc.sh (tech.net.ru: /home/kvakin/msadc/msadc.sh) |
145. | msadc.sh~ (tech.net.ru: /home/kvakin/msadc/msadc.sh~) |
150. | known_hosts (tech.net.ru: /home/kvakin/.ssh/known_hosts) |
154. | samba directory listing |
155. | lmhosts (tech.net.ru: /home/subbsta/enc/disk1/subbsta/FreeBSD/configs/usr_local_etc/samba/lmhosts) |
156. | smb.conf (tech.net.ru: /home/subbsta/enc/disk1/subbsta/FreeBSD/configs/usr_local_etc/smb.conf/smb.conf) |
157. | squid.conf (tech.net.ru: /home/subbsta/enc/disk1/subbsta/FreeBSD/configs/usr_local_etc/squid_new/squid.conf) |
160. | List of files in /usr/local/apache/logs directory |
161. | CD containing log files in /usr/local/apache/logs directory |
162. | Excerpts of log files in /usr/local/apache/logs directory |
FILES FROM FREEBSD.TECH.NET.RU COMPUTER | |
200. | Chart of directories, subdirectories, and files from freebsd.tech.net.ru computer |
201. | passwd (freebsd.tech.net.ru: /etc/passwd) |
202. | dmesg.today (freebsd.tech.net.ru: /var/log/dmesg.today) |
203. | dmesg.yesterday (freebsd.tech.net.ru: /var/log/dmesg.yesterday) |
204. | lastlog.out (freebsd.tech.net.ru: /var/log/lastlog) |
205. | wtmp (freebsd.tech.net.ru: /var/log/wtmp) |
206. | wtmp.0 (freebsd.tech.net.ru: /var/log/wtmp.0) |
207. | wtmp.1 (freebsd.tech.net.ru: /var/log/wtmp.1) |
208. | wtmp.2 (freebsd.tech.net.ru: /var/log/wtmp.2) |
209. | messages (freebsd.tech.net.ru: /var/log/messages) |
210. | messages.0 (freebsd.tech.net.ru: /var/log/messages.0.gz) |
211. | messages.1 (freebsd.tech.net.ru: /var/log/messages.1.gz) |
212. | mount.today (freebsd.tech.net.ru: /var/log/mount.today) |
213. | inetd.conf (freebsd.tech.net.ru: /etc/inetd.conf) |
215. | Chart of subdirectories and files in /home/kvakin directory of freebsd.tech.net.ru |
216. | List of files in /home/kvakin/ebay directory |
217. | func.pl (freebsd.tech.net.ru: /home/kvakin/ebay/func.pl) |
218. | randinfo.pl (freebsd.tech.net.ru: /home/kvakin/ebay/randinfo.pl) |
219. | solded (freebsd.tech.net.ru: /home/kvakin/ebay/solded) |
220. | sqltovar (freebsd.tech.net.ru: /home/kvakin/ebay/sqltovar) |
221. | tovarsql (freebsd.tech.net.ru: /home/kvakin/ebay/tovarsql) |
222. | feedbacks (freebsd.tech.net.ru: /home/kvakin/ebay/feedbacks) |
223. | mail_countries.txt (freebsd.tech.net.ru: /home/kvakin/ebay/mail_countries.txt) |
224. | mail_domains.txt (freebsd.tech.net.ru: /home/kvakin/ebay/mail_domains.txt) |
225. | mail_states.txt (freebsd.tech.net.ru: /home/kvakin/ebay/mail_states.txt) |
226. | response.htm (freebsd.tech.net.ru: /home/kvakin/ebay/response.htm) |
227. | response1.htm (freebsd.tech.net.ru: /home/kvakin/ebay/response1.htm) |
228. | response2.htm (freebsd.tech.net.ru: /home/kvakin/ebay/response2.htm) |
229. | temp.html (freebsd.tech.net.ru: /home/kvakin/ebay/temp.html) |
230. | temp2.html (freebsd.tech.net.ru: /home/kvakin/ebay/temp2.html) |
231. | temp3.html (freebsd.tech.net.ru: /home/kvakin/ebay/temp3.html) |
235. | List of files in /home/kvakin/kvakin_nt directory |
236. | ELOGLIST.EXE (freebsd.tech.net.ru: /home/kvakin/kvakin_nt/ELOGLIST.EXE) (output from strings command) |
237. | SCANNER.EXE (freebsd.tech.net.ru: /home/kvakin/kvakin_nt/SCANNER.EXE) (output from strings command) |
238. | ports.lst (freebsd.tech.net.ru: /home/kvakin/kvakin_nt/ports.lst) |
239. | scanner.ini (freebsd.tech.net.ru: /home/kvakin/kvakin_nt/scanner.ini) |
240. | TDIMON.CNT (freebsd.tech.net.ru: /home/kvakin/kvakin_nt/TDIMON.CNT) |
241. | TDIMON.EXE (freebsd.tech.net.ru: /home/kvakin/kvakin_nt/TDIMON.EXE) (output from strings command) |
242. | TDIMON.HLP (freebsd.tech.net.ru: /home/kvakin/kvakin_nt/TDIMON.HLP) |
243. | WFILE.TXT (freebsd.tech.net.ru: /home/kvakin/kvakin_nt/WFILE.TXT) |
244. | ipeye.exe (freebsd.tech.net.ru: /home/kvakin/kvakin_nt/ipeye.exe) (output from strings command) |
245. | lomscan.exe (freebsd.tech.net.ru: /home/kvakin/kvakin_nt/lomscan.exe) (output from strings command) |
246. | proxy.exe (freebsd.tech.net.ru: /home/kvakin/kvakin_nt/proxy.exe) (output from strings command) |
247. | proxy.sql (freebsd.tech.net.ru: /home/kvakin/kvakin_nt/proxy.sql) |
248. | pwdump.exe (freebsd.tech.net.ru: /home/kvakin/kvakin_nt/pwdump.exe) (output from strings command) |
249. | redirect.sql (freebsd.tech.net.ru: /home/kvakin/kvakin_nt/redirect.sql) |
250. | serv.exe (freebsd.tech.net.ru: /home/kvakin/kvakin_nt/serv.exe) (output from strings command) |
251. | sql.txt (freebsd.tech.net.ru: /home/kvakin/kvakin_nt/sql.txt) |
252. | winfo.exe (freebsd.tech.net.ru: /home/kvakin/kvakin_nt/winfo.exe) (output from strings command) |
253. | adver.txt (freebsd.tech.net.ru: /home/kvakin/kvakin_nt/adver.txt) |
254. | banks.lst (freebsd.tech.net.ru: /home/kvakin/kvakin_nt/banks.lst) |
255. | casinos.lst (freebsd.tech.net.ru: /home/kvakin/kvakin_nt/casinos.lst) |
256. | Electronics.txt (freebsd.tech.net.ru: /home/kvakin/kvakin_nt/Electronics.txt) |
257. | ok.lst (freebsd.tech.net.ru: /home/kvakin/kvakin_nt/ok.lst) |
258. | response.html (freebsd.tech.net.ru: /home/kvakin/kvakin_nt/response.html) |
259. | emails.my (freebsd.tech.net.ru: /home/kvakin/kvakin_nt/emails.my) |
260. | 111.dbf (freebsd.tech.net.ru: /home/kvakin/kvakin_nt/111.dbf) (blank columns omitted) |
261. | 111.dbt (freebsd.tech.net.ru: /home/kvakin/kvakin_nt/111.dbt) |
262. | ~.tmp.lc (freebsd.tech.net.ru: /home/kvakin/kvakin_nt/~.tmp.lc) |
263. | 206.128.213.1-206.128.213.255 log (freebsd.tech.net.ru: /home/kvakin/kvakin_nt/206.128.213.1-206.128.213.255) |
264. | 207.37.248.77-207.37.248.77 log (freebsd.tech.net.ru: /home/kvakin/kvakin_nt/207.37.248.77-207.37.248.77) |
265. | 216.234.235.45-216.234.235.54 log (freebsd.tech.net.ru: /home/kvakin/kvakin_nt/216.234.235.45-216.234.235.54) |
266. | List of /home/kvakin/kvakin_nt/backdoored files |
267. | 206.128.213.10.txt (freebsd.tech.net.ru: /home/kvakin/kvakin_nt/backdoored/206.128.213.10.txt) |
267A. | 206.128.213.10.txt.lc (freebsd.tech.net.ru: /home/kvakin/kvakin_nt/backdoored/206.128.213.10.txt.lc) |
268. | 207.37.248.77.txt (freebsd.tech.net.ru: /home/kvakin/kvakin_nt/backdoored/207.37.248.77.txt) |
268A. | 207.37.248.77.txt.lc (freebsd.tech.net.ru: /home/kvakin/kvakin_nt/backdoored/207.37.248.77.txt.lc) |
269. | 216.234.235.52.txt (freebsd.tech.net.ru: /home/kvakin/kvakin_nt/backdoored/216.234.235.52.txt) |
270. | 207.8.216.13.txt (freebsd.tech.net.ru: /home/kvakin/kvakin_nt/backdoored/207.8.216.13.txt) |
271. | 192.168.1.1-192.168.1.255 (freebsd.tech.net.ru: /home/kvakin/kvakin_nt/backdoored/207.8.216.13/192.168.1.1-192.168.1.255) |
272. | List of files in /home/kvakin/kvakin_nt/l0pht directory |
272A. | README.TXT (freebsd.tech.net.ru: /home/kvakin/kvakin_nt/l0pht/README.TXT) |
273. | 1.txt (freebsd.tech.net.ru: /home/kvakin/kvakin_nt/l0pht/1.txt) |
274. | 1.txt.lc (freebsd.tech.net.ru: /home/kvakin/kvakin_nt/l0pht/1.txt.lc) |
275. | List of files in /home/kvakin/kvakin_nt/redirect directory |
276. | proxy.exe (freebsd.tech.net.ru: /home/kvakin/kvakin_nt/redirect/proxy.exe) (output from strings command) |
277. | redirect.exe (freebsd.tech.net.ru: /home/kvakin/kvakin_nt/redirect/redirect.exe) (output from strings command) |
278. | serv.exe (freebsd.tech.net.ru: /home/kvakin/kvakin_nt/redirect/serv.exe) (output from strings command) |
279. | expertcentral.com (freebsd.tech.net.ru: /home/kvakin/kvakin_nt/keen/expertcentral.com) |
280. | List of files in /home/kvakin/kvakin_nt/ebay directory |
281. | 1.690 (freebsd.tech.net.ru: /home/kvakin/kvakin_nt/ebay/1.690) |
282. | sqltovar (freebsd.tech.net.ru: /home/kvakin/kvakin_nt/ebay/sqltovar) |
283. | List of files in /home/kvakin/kvakin_nt/logs directory |
284. | CD containing log files in /home/kvakin/kvakin_nt/logs directory |
290. | List of files in /home/kvakin/kvakin_nt/visa directory |
295. | websites.zip (freebsd.tech.net.ru: /home/kvakin/kvakin_nt/englishharbour/websites.zip) |
D. | SPEAKEASY |
EVIDENCE FROM SPEAKEASY | |
300. | Diagram of Speakeasy computer network |
301. | 3photo(4).jpg (Photos of IVANOV and friends) |
302. | AVI_Resume.txt (IVANOV Resume´) |
303. | alexey.txt (IRC log dated November 29) |
325. | Printout of www.cyberpolice.ru web page containing credit card information from Speakeasy Network, dated March 20, 2000 |
SPEAKEASY EVIDENCE FROM TECH.NET.RU COMPUTER | |
351. | orders-1 (tech.net.ru: /home/subbsta/enc/disk1.tar > disk1/subbsta/s.tgz > /Stuff/Stuff/Carding/CreditCards/orders-1.gz > orders-1) |
352. | orders-2 (tech.net.ru: /home/subbsta/enc/disk1.tar > disk1/subbsta/s.tgz > /Stuff/Stuff/Carding/CreditCards/orders-2.gz > orders-2) |
353. | orders-3 (tech.net.ru: /home/subbsta/enc/disk1.tar > disk1/subbsta/s.tgz > /Stuff/Stuff/Carding/CreditCards/orders-3.gz > orders-3) |
354. | orders-4 (tech.net.ru: /home/subbsta/enc/disk1.tar > disk1/subbsta/s.tgz > /Stuff/Stuff/Carding/CreditCards/orders-4.gz > orders-4) |
355. | orders-5 (tech.net.ru: /home/subbsta/enc/disk1.tar > disk1/subbsta/s.tgz > /Stuff/Stuff/Carding/CreditCards/orders-5.gz > orders-5) |
356. | orders-6 (tech.net.ru: /home/subbsta/enc/disk1.tar > disk1/subbsta/s.tgz > /Stuff/Stuff/Carding/CreditCards/orders-6.gz > orders-6) |
357. | orders-7 (tech.net.ru: /home/subbsta/enc/disk1.tar > disk1/subbsta/s.tgz > /Stuff/Stuff/Carding/CreditCards/orders-7.gz > orders-7) |
358. | orders-8 (tech.net.ru: /home/subbsta/enc/disk1.tar > disk1/subbsta/s.tgz > /Stuff/Stuff/Carding/CreditCards/orders-8.gz > orders-8) |
359. | orders-9 (tech.net.ru: /home/subbsta/enc/disk1.tar > disk1/subbsta/s.tgz > /Stuff/Stuff/Carding/CreditCards/orders-9.gz > orders-9) |
360. | orders-10 (tech.net.ru: /home/subbsta/enc/disk1.tar > disk1/subbsta/s.tgz > /Stuff/Stuff/Carding/CreditCards/orders-10.gz > orders-10) |
361. | orders-11 (tech.net.ru: /home/subbsta/enc/disk1.tar > disk1/subbsta/s.tgz > /Stuff/Stuff/Carding/CreditCards/orders-11.gz > orders-11) |
362. | orders-12 (tech.net.ru: /home/subbsta/enc/disk1.tar > disk1/subbsta/s.tgz > /Stuff/Stuff/Carding/CreditCards/orders-12.gz > orders-12) |
363. | speak (tech.net.ru: /home/subbsta/enc/disk1.tar > disk1/subbsta/s.tgz > /Stuff/UnSorted/speak) |
364. | speak1 (tech.net.ru: /home/subbsta/enc/disk1.tar > disk1/subbsta/s.tgz > /Stuff/UnSorted/speak1) |
365. | grace.speakeasy.org (tech.net.ru: /home/subbsta/enc/disk1.tar > disk1/subbsta/s.tgz > /Stuff/Stuff/Hack/Domains/org/speakeasy/grace.speakeasy.org) |
366. | 216.231.32.0-216.231.32.255.log (tech.net.ru: /home/subbsta/enc/disk1.tar > disk1/subbsta/s.tgz > /Stuff/Stuff/Hack/Windows/ScanLogs/216.231.32.0-216.231.32.255.log) |
367. | 216.231.33.0-216.231.33.255.log (tech.net.ru: /home/subbsta/enc/disk1.tar > disk1/subbsta/s.tgz > /Stuff/Stuff/Hack/Windows/ScanLogs/216.231.33.0-216.231.33.255.log) |
368. | 216.231.52.0-216.231.52.255.log (tech.net.ru: /home/subbsta/enc/disk1.tar > disk1/subbsta/s.tgz > /Stuff/Stuff/Hack/Windows/ScanLogs/216.231.52.0-216.231.52.255.log) |
370. | a (tech.net.ru: /home/subbsta/enc/disk1.tar > disk1/subbsta/s.tgz > /Stuff/Stuff/Users/subbsta/a) |
371. | group, passwd, and shadow files from computers of bpradio (tech.net.ru: /home/subbsta/enc/disk1.tar > disk1/subbsta/s.tgz > /Stuff/Unsorted/var_ftp/s/mail.bpradio.com.group, mail.bpradio.com.passwd.old, mailbpradio.com.shadow.old, mail.bpradio.com.passwd, mail.bpradio.com.shadow) |
372. | test.pl (tech.net.ru: /home/subbsta/enc/disk1.tar > disk1/subbsta/s.tgz > /Stuff/Stuff/Users/subbsta/ftp/icv.tgz > icv/perl/NetVerify/blib/test.pl) |
E. | NARA BANK |
NARA BANK EVIDENCE RECOVERED FROM TECH.NET.RU COMPUTER | |
401. | dirlist_c (tech.net.ru: /home/subbsta/enc/disk1.tar > disk1/subbsta/hack/sites/narabankna.com/dirlist_c) |
402. | dirlist_d (first 11 and last pages) (tech.net.ru: /home/subbsta/enc/disk1.tar > disk1/subbsta/hack/sites/narabankna.com/dirlist_d) |
403. | accounts.txt (tech.net.ru: /home/subbsta/1/!/narabankna/accounts.txt) |
404. | Account table from nara.mdb (first 25 pages and last page) (tech.net.ru: /home/subbsta/1/!/narabankna/nara.mdb) |
405. | Trancode table from nara.mdb (tech.net.ru: /home/subbsta/1/!/narabankna/nara.mdb) |
406. | Transaction table from nara.mdb (first 25 pages and last page) (tech.net.ru: /home/subbsta/1/!/narabankna/nara.mdb) |
407. | Invalid table from nara1.mdb (first 25 pages and last page) (tech.net.ru: /home/subbsta/1/!/narabankna/nara1.mdb) |
408. | Valid table from nara1.mdb (tech.net.ru: /home/subbsta/1/!/narabankna/nara1.mdb) |
409. | WhoCantGetIn Query from nara1.mdb (tech.net.ru: /home/subbsta/1/!/narabankna/nara1.mdb) |
410. | WhoISUsingIt Query from nara1.mdb (tech.net.ru: /home/subbsta/1/!/narabankna/nara1.mdb) |
411. | pwd file table from password.mdb (tech.net.ru: /home/subbsta/1/!/narabankna/password.mdb) |
412. | Count Query from password.mdb (tech.net.ru: /home/subbsta/1/!/narabankna/password.mdb) |
413. | dirlist_f (tech.net.ru: /home/subbsta/enc/disk1.tar > disk1/subbsta/hack/sites/narabankna.com/dirlist_f) |
414. | email (tech.net.ru: /home/subbsta/enc/disk1.tar > disk1/subbsta/hack/sites/narabankna.com/email) |
415. | ipconfig.log (tech.net.ru: /home/subbsta/enc/disk1.tar > disk1/subbsta/hack/sites/narabankna.com/ipconfig.log) |
416. | mount.log (tech.net.ru: /home/subbsta/enc/disk1.tar > disk1/subbsta/hack/sites/narabankna.com/mount.log) |
417. | pslist.log (tech.net.ru: /home/subbsta/enc/disk1.tar > disk1/subbsta/hack/sites/narabankna.com/pslist.log) |
418. | pwdump.log (tech.net.ru: /home/subbsta/enc/disk1.tar > disk1/subbsta/hack/sites/narabankna.com/pwdump.log) |
419. | serv.log (tech.net.ru: /home/subbsta/enc/disk1.tar > disk1/subbsta/hack/sites/narabankna.com/serv.log) |
420. | tcplog (tech.net.ru: /home/subbsta/enc/disk1.tar > disk1/subbsta/hack/sites/narabankna.com/tcplog) |
421. | netstat.log (tech.net.ru: /home/subbsta/enc/disk1.tar > disk1/subbsta/hack/sites/narabankna.com/netstat.log) |
422. | 70913SU.TXT (router configuration file) (tech.net.ru: /home/subbsta/enc/disk1.tar > disk1/subbsta/hack/sites/narabankna.com/cisco.zip > /cisco/70913SU.TXT) |
423. | aifcompany config.doc (router configuration file) (tech.net.ru: /home/subbsta/enc/disk1.tar > disk1/subbsta/hack/sites/narabankna.com/cisco.zip > /cisco/aifcompany config.doc) |
424. | fnsusa.txt (router configuration file) (tech.net.ru: /home/subbsta/enc/disk1.tar > disk1/subbsta/hack/sites/narabankna.com/cisco.zip > /cisco/fnsusa.txt) |
425. | Korea Times int router setup 9-18.doc (tech.net.ru: /home/subbsta/enc/disk1.tar > disk1/subbsta/hack/sites/narabankna.com/cisco.zip > /cisco/_vti_cnf/Korea Times int router setup 9-18.doc) |
426. | Korea Times router setup w router rip delete.doc (tech.net.ru: /home/subbsta/enc/disk1.tar > disk1/subbsta/hack/sites/narabankna.com/cisco.zip > /cisco/_vti_cnf/Korea Times router setup w router rip delete.doc) |
427. | Nara Bank 3 pix firewall setup.txt (tech.net.ru: /home/subbsta/enc/disk1.tar > disk1/subbsta/hack/sites/narabankna.com/cisco.zip > /cisco/Nara Bank 3 pix firewall setup.txt) |
428. | Nara Bank router setup 1router.txt (tech.net.ru: /home/subbsta/enc/disk1.tar > disk1/subbsta/hack/sites/narabankna.com/cisco.zip > /cisco/Nara Bank router setup 1router.txt) |
429. | Nara Bank router setup 2router.txt (tech.net.ru: /home/subbsta/enc/disk1.tar > disk1/subbsta/hack/sites/narabankna.com/cisco.zip > /cisco/Nara Bank router setup 2router.txt) |
430. | Nara Bank router setup 70822su.txt (tech.net.ru: /home/subbsta/enc/disk1.tar > disk1/subbsta/hack/sites/narabankna.com/cisco.zip > /cisco/Nara Bank router setup 70822su.txt) |
431. | NARA CONFIG.doc (tech.net.ru: /home/subbsta/enc/disk1.tar > disk1/subbsta/hack/sites/narabankna.com/cisco.zip > /cisco/NARA CONFIG.doc) |
432. | nara downtown torrance cisco conf.doc (tech.net.ru: /home/subbsta/enc/disk1.tar > disk1/subbsta/hack/sites/narabankna.com/cisco.zip > /cisco/_vti_cnf/nara downtown torrance cisco conf.doc) |
433. | NB-VALLY.TXT (tech.net.ru: /home/subbsta/enc/disk1.tar > disk1/subbsta/hack/sites/narabankna.com/cisco.zip > /cisco/NB-VALLY.TXT) |
434. | searoad correct config.doc (tech.net.ru: /home/subbsta/enc/disk1.tar > disk1/subbsta/hack/sites/narabankna.com/cisco.zip > /cisco/searoad correct config.doc) |
435. | searoad.txt.txt (tech.net.ru: /home/subbsta/enc/disk1.tar > disk1/subbsta/hack/sites/narabankna.com/cisco.zip > /cisco/searoad.txt.txt) |
436. | Account table from nara2.mdb (tech.net.ru: /home/subbsta/enc/disk1.tar > disk1/subbsta/hack/sites/narabankna.com/nara2.mdb) |
437. | Transaction table from nara2.mdb (tech.net.ru: /home/subbsta/enc/disk1.tar > disk1/subbsta/hack/sites/narabankna.com/nara2.mdb) |
438. | List of files in tech.net.ru: /home/subbsta/f directory |
439. | accounts.txt (first 25 pages and last page) (tech.net.ru: /home/subbsta/f/accounts.txt) |
440. | adovbs.inc (tech.net.ru: /home/subbsta/f/adovbs.inc) |
441. | base (first 25 pages and last page) (tech.net.ru: /home/subbsta/f/base) |
442. | base1 (first 25 pages and last page) (tech.net.ru: /home/subbsta/f/base1) |
443. | base2 (first 15 pages and last page) (tech.net.ru: /home/subbsta/f/base2) |
444. | base3 (first 25 pages and last page) (tech.net.ru: /home/subbsta/f/base3) |
445. | base4 (first 25 pages and last page) (tech.net.ru: /home/subbsta/f/base4) |
446. | conv (tech.net.ru: /home/subbsta/f/conv) |
447. | deposits.asp (tech.net.ru: /home/subbsta/f/deposits.asp) |
448. | name (tech.net.ru: /home/subbsta/f/name) |
449. | names (tech.net.ru: /home/subbsta/f/base) |
450. | overview.asp (tech.net.ru: /home/subbsta/f/overview.asp) |
451. | paypal.asp (tech.net.ru: /home/subbsta/f/paypal.asp) |
452. | summary.asp (tech.net.ru: /home/subbsta/f/summary.asp) |
455. | msadc.pl (tech.net.ru: /home/subbsta/1/!/msadc.pl) |
456. | msadc.sh (tech.net.ru: /home/subbsta/1/!/msadc.sh) |
457. | m.sh (tech.net.ru: /home/subbsta/1/!/m.sh) |
458. | ftp (tech.net.ru: /home/subbsta/1/!/ftp) |
EVIDENCE FROM NARA BANK (HANKOOK SERVER) | |
461. | Excerpts of web log files listed in Exhibit 460, selected by Internet Protocol (IP) address and sorted by date/time |
462. | List of IP addresses that were recorded accessing paypal.asp file in web log files listed in Exhibit 460 |
F. | CENTRAL NATIONAL BANK-WACO |
CNB-WACO EVIDENCE RECOVERED FROM TECH.NET.RU COMPUTER | |
502. | DDA697 (CNB-Waco Daily Account Activity for August 7, 2000) (first 10 and last pages) (tech.net.ru: /home/subbsta/a.zip > 08/DDA697) |
503. | QUPHIST (DataBase History of CNB-Waco Banking) (first 10 and last pages) (tech.net.ru: /home/subbsta/a.zip > 08/QUPHIST) |
504. | QUPLOAN (History of CNB-Waco Loan Accounts) (first 10 and last pages) (tech.net.ru: /home/subbsta/a.zip > 08/QUPLOAN) |
505. | QUPMAST (Master List of CNB-Waco Accounts) (first 10 and last pages) (tech.net.ru: /home/subbsta/a.zip > 08/QUPMAST) |
506. | QUPTIME (DataBase of CNB-Waco Time Deposits) (first 10 and last pages) (tech.net.ru: /home/subbsta/a.zip > 08/QUPTIME) |
507. | QUPNSF (DataBase of CNB-Waco NSF Accounts) (tech.net.ru: /home/subbsta/a.zip > 08/QUPNSF) |
G. | PAYPAL and EBAY |
E-MAIL ACCOUNTS AT MYOWNEMAIL AND YAHOO! | |
601. | Quantum Computer Services E-mail account records |
601A. | Spreadsheet summary of Exhibit 601 |
601B. | List of current domains at Quantum Computer Services |
601C. | Registration process at Quantum Computer Services |
601D. | List of accounts opened at Quantum Computer Services |
601E. | Accounts opened at Quantum Computer Services |
602. | Yahoo! E-mail account records |
603. | Hotmail E-mail account records |
EBAY RECORDS | |
604. | eBay log captioned activity-details (3 pages) |
605. | eBay log captioned activity (3 pages) |
606. | Whois (tech.net.ru) (2 pages) |
607. | Accounts opened at eBay with E-mail addresses found on tech.net |
608. | Accounts opened at eBay from Musashi 133.78.216.28 |
609. | Account activity on accounts opened at eBay from Musashi 133.78.216.28 |
PAYPAL RECORDS | |
610-1 | Spreadsheet captioned Ips Knwn Stiv.xls (sorted by IP address) |
611. | Spreadsheet captioned PayPal Chargebacks With IP Numbers Resolved.xls |
611B. | PayPal IP addresses in kvakin’s bash_history |
611C. | Spreadsheet of PayPal chargebacks |
614. | Spreadsheet captioned stivenson evidence.xls showing connections to PayPal from IP addresses 216.122.89.110 (Lightrealm) and 133.78.216.28 (Musashi) |
615-1. | Spreadsheet captioned Ips knwn stiv.xls, sheet 2, sorted by IP address |
615-2. | Spreadsheet captioned Ips knwn stiv.xls, sheet 2, sorted by E-mail address |
621. | PayPal account activity records re: Nara Bank Account 400715807 (Eui Sun Ahn) |
621A. | Nara Bank records re: Nara Bank Account 400715807 (Eui Sun Ahn) |
622. | PayPal account activity records re: Nara Bank Account 75076706 (Inhwa Kim) |
622A. | Nara Bank records re: Nara Bank Account 75076706 (Inhwa Kim) |
623. | PayPal account activity records re: Nara Bank Account 301346406 (Young Joo Kim) |
623A. | Nara Bank records re: Nara Bank Account 301346406 (Young Joo Kim) |
624. | PayPal account activity records re: Nara Bank Account 1050469406 (David B. Suh) |
624A. | Nara Bank records re: Nara Bank Account 1050469406 (David B. Suh) |
625. | PayPal account activity records re: Nara Bank Account 116230606 (Chang Jin Park) |
625A. | Nara Bank records re: Nara Bank Account 116230606 (Chang Jin Park) |
626. | PayPal account activity records re: Nara Bank Account 750423306 (Sun Yeo Kim) |
626A. | Nara Bank records re: Nara Bank Account 750423306 (Sun Yeo Kim) |
627. | Nara Bank records reflecting charges and reversals to customer accounts via PayPal |
640. | E-mail correspondence between Greg Stivenson and John Kothanek of PayPal |
640A. | English translation of 10/19 11:15 p.m. message |
COMPUTER PARTS SELLER RECORDS | |
651. | E-mail correspondence between Tad Brooker and Greg Stivenson, regarding the sale of computer processors |
BANK AND CREDIT CARD RECORDS RELATING TO PAYPAL | |
670. | Citibank records |
H. | VERIO |
VERIO EVIDENCE ON TECH.NET.RU COMPUTER | |
700. | Chart of directories and files in /home/subbsta/enc/disk1.tar > disk1/kvakin |
701. | List of files in mercantec directory (tech.net.ru: /home/subbsta/enc/disk1.tar > disk1/kvakin/mercantec/) |
701A. | abso16.txt (client secure server information) (tech.net.ru: /home/subbsta/enc/disk1.tar > disk1/kvakin/mercantec/abso16.txt) |
701B. | zytal1.txt (client secure server information) (tech.net.ru: /home/subbsta/enc/disk1.tar > disk1/kvakin/mercantec/zytal1.txt) |
702. | List of files in shopsite directory (tech.net.ru: /home/subbsta/enc/disk1.tar > disk1/kvakin/shopsite/) |
702A. | beckm1.txt (client secure server information) (tech.net.ru: /home/subbsta/enc/disk1.tar > disk1/kvakin/shopsite/beckm1.txt) |
702B. | yourun.txt (client secure server information) (tech.net.ru: /home/subbsta/enc/disk1.tar > disk1/kvakin/shopsite/yourun.txt) |
703. | mbox (E-mail to and from Alexey Ivanov) (tech.net.ru: /home/subbsta/ne/soft/mbox) |
704. | cracked.lst (tech.net.ru: /home/subbsta/enc/disk1.tar > disk1/kvakin/Documents/WEBCOM/!/cracked.lst) |
705. | password.lst (tech.net.ru: /home/subbsta/enc/disk1.tar > disk1/kvakin/Documents/WEBCOM/!/password.lst) |
706. | Files containing orders from customers of AMR Online, a Verio client (files in tech.net.ru: /home/subbsta/enc/disk1.tar > disk1/kvakin/Documents/CARDZ/jamesj directory) |
707. | Files containing online orders (and credit card information) from various customers of Verio clients (files in tech.net.ru: /home/subbsta/enc/disk1.tar > disk1/kvakin/Documents/CARDZ directory) |
708. | ORDERS.TXT (Online customer orders from AIVR Corporation, a Verio client) tech.net.ru: /home/subbsta/enc/disk1.tar > disk1/kvakin/Documents/CARDZ/ORDERS.TXT) |
710. | SHELL (tech.net.ru: /home/subbsta/enc/disk1.tar > disk1/subbsta/s.tgz > Stuff/Stuff/Shells/SHELL) |
711. | |
I. | ST. CLAIR COUNTY INTERMEDIATE SCHOOL DISTRICT |
ST. CLAIR SCHOOL DISTRICT EVIDENCE FOUND ON TECH.NET.RU | |
802. | eagles.port-huron.k12.mi.us (password file) (tech.net.ru: /home/subbsta/ne/soft/ucfjohn/john-15/eagles.port-huron.k12.mi.us) |
803. | memphis.k12.mi.us (password file) (tech.net.ru: /home/subbsta/ne/soft/ucfjohn/john-15/memphisk12.mi.us) |
804. | yale.k12.mi.us (password file) (tech.net.ru: /home/subbsta/ne/soft/ucfjohn/john-15/yale.k12.mi.us) |
EVIDENCE FROM ST. CLAIR COUNTY INTERMEDIATE SCHOOL DISTRICT | |
850. | E-mail from Dale J. Cruse to Greg Stivenson, dated August 16, 2000 |
851. | RIPN whois search result for tech.net.ru |
852. | RIPN whois search result for formula1.com.ru |
853. | RIPN whois search result for zoo-chel.com.ru |
854. | RIPN whois search result for onanizm.com.ru |
855. | RIPN whois search result for warhammer.org.ru |
856. | RIPN whois search result for cdma.com.ru |
862. | Greg Stivenson e-mails in mailbox of [email protected] |
865A. | TRU SYN.jpg (screen capture from sniff2.cap log) |
865B. | SYN Flood.jpg (screen capture from sniff2.cap log) |
865C. | ICMP Attack + DNS.jpg (screen capture from sniff2.cap log) |
865D. | TRU - telnet + DNS.jpg (screen capture from sniff2.cap log) |
865E. | pop3-1.jpg (screen capture from sniff2.cap log) |
865F. | pop3-2.jpg (screen capture from sniff2.cap log) |
865G. | pop3-3.jpg (screen capture from sniff2.cap log) |
865H. | pop3-4.jpg (screen capture from sniff2.cap log) |
865I. | pop3-5.jpg (screen capture from sniff2.cap log) |
865J. | pop3-6.jpg (screen capture from sniff2.cap log) |
865K. | pop3-7.jpg (screen capture from sniff2.cap log) |
869. | Backup tape from memphis.k12.mi.us |
870. | /popper.core (output from strings command) |
871. | /etc/passwd |
873. | /etc/named.boot |
874. | List of files in /etc/namedb directory |
878. | /root/.rhosts |
879. | /usr/opt/email |
880. | /usr/opt/emails |
881. | |
886. | /var/backups/ftp.log |
887. | /var/backups/maillog |
J. | CTS NETWORK SERVICES |
CTS NETWORK SERVICES EVIDENCE FOUND ON TECH.NET.RU | |
901. | hack (login and password files) (tech.net.ru: /home/subbsta/enc/disk1.tar > disk1/subbsta/s.tgz > /Stuff/Stuff/Users/subbsta/work/cts/hack) |
902. | phones.txt (internal cts telephone numbers) (tech.net.ru: /home/subbsta/enc/disk1.tar > disk1/subbsta/s.tgz > /Stuff/Stuff/Users/subbsta/work/cts/phones.txt) |
903. | webmail (WebMail project description) (tech.net.ru: /home/subbsta/enc/disk1.tar > disk1/subbsta/s.tgz > /Stuff/Stuff/Users/subbsta/work/cts/projects/description/webmail) |
904. | MAKEDEV.dgb (Digiboard driver device creation utility) (tech.net.ru: /home/subbsta/enc/disk1.tar > disk1/subbsta/s.tgz > /Stuff/Stuff/Users/subbsta/work/cts/projects /src/dev/MAKEDEV.dgb) |
905. | clockin.cfg (tech.net.ru: /home/subbsta/enc/disk1.tar > disk1/subbsta/s.tgz > /Stuff/Stuff/Users/subbsta/work/cts/security/clockin.cfg) |
906. | [email protected]_1 (E-mail with resume) (tech.net.ru: /home/subbsta/enc/disk1.tar > disk1/subbsta/s.tgz > /Stuff/Stuff/Users/subbsta/work/cts/security/[email protected]_1) |
907. | [email protected]_2 (E-mail with resume) (tech.net.ru: /home/subbsta/enc/disk1.tar > disk1/subbsta/s.tgz > /Stuff/Stuff/Users/subbsta/work/cts/security/[email protected]_2) |
908. | CRT.1 (INI files) (tech.net.ru: /home/subbsta/enc/disk1.tar > disk1/subbsta/hack/sites/cts.com/CRT.1 and …/cts.com/!/CRT.1) |
909. | CRT.9 (INI files) (tech.net.ru: /home/subbsta/enc/disk1.tar > disk1/subbsta/hack/sites/cts.com/CRT.9 and …/cts.com/!/CRT.9) |
910. | CRT.13 (INI files) (tech.net.ru: /home/subbsta/enc/disk1.tar > disk1/subbsta/hack/sites/cts.com/CRT.13 and …/cts.com/!/CRT.13) |
911. | CRT.OLD (INI files) (tech.net.ru: /home/subbsta/enc/disk1.tar > disk1/subbsta/hack/sites/cts.com/CRT.OLD) |
912. | cts.scan1 (port scan) (tech.net.ru: /home/subbsta/enc/disk1.tar > disk1/subbsta/hack/sites/cts.com/cts.scan1) |
913. | PWD (passwords and user names) (tech.net.ru: /home/subbsta/enc/disk1.tar > disk1/subbsta/hack/sites/cts.com/PWD) |
914. | CRT.14 (INI files) (tech.net.ru: /home/subbsta/enc/disk1.tar > disk1/subbsta/hack/sites/cts.com/!/CRT.14) |
915. | CRT.15 (INI files) (tech.net.ru: /home/subbsta/enc/disk1.tar > disk1/subbsta/hack/sites/cts.com/!/CRT.15) |
916. | master.passwd (password file from subbsta.chel.su) (tech.net.ru: /home/subbsta/enc/disk1.tar > disk1/subbsta/FreeBSD/configs/etc/master.passwd) |
917. | passwd (password file from subbsta.chel.su) (tech.net.ru: /home/subbsta/enc/disk1.tar > disk1/subbsta/FreeBSD/configs/etc/passwd) |
918. | passwd.save (password file from subbsta.chel.su) (tech.net.ru: /home/subbsta/enc/disk1.tar > disk1/subbsta/FreeBSD/configs/etc/passwd) |
919. | pw.q24933 (password file from subbsta.chel.su) (tech.net.ru: /home/subbsta/enc/disk1.tar > disk1/subbsta/FreeBSD/configs/etc/pw.q24933) |
920. | 205.163.0.0-205-163-24-255.log (tech.net.ru: /home/subbsta/enc/disk1.tar > disk1/subbsta/s.tgz > /Stuff/Unsorted/var_ftp/Stuff/cts/205.163.0.0-205-163-24-255.log) |
921. | 205.163.21.0-205.163.24.255.log (tech.net.ru: /home/subbsta/enc/disk1.tar > disk1/subbsta/s.tgz > /Stuff/Unsorted/var_ftp/Stuff/cts/205.163.21.0-205.163.24.255.log) |
922. | 205.163.23.0-205.163.24.255.log (tech.net.ru: /home/subbsta/enc/disk1.tar > disk1/subbsta/s.tgz > /Stuff/Unsorted/var_ftp/Stuff/cts/205.163.23.0-205.163.24.255.log) |
923. | 205.163.8.0-205.163.9.255.log (tech.net.ru: /home/subbsta/enc/disk1.tar > disk1/subbsta/s.tgz > /Stuff/Unsorted/var_ftp/Stuff/cts/205.163.8.0-205.163.9.255.log) |
924. | a (list of CTS IP addresses) (tech.net.ru: /home/subbsta/enc/disk1.tar > disk1/subbsta/s.tgz > /Stuff/Unsorted/var_ftp/Stuff/cts/a) |
925. | authorized_keys (tech.net.ru: /home/subbsta/enc/disk1.tar > disk1/subbsta/s.tgz > /Stuff/Unsorted/var_ftp/Stuff/cts/authorized_keys) |
926. | cts.com (list of IP addresses for CTS computers) (first 10 and last pages) (tech.net.ru: /home/subbsta/enc/disk1.tar > disk1/subbsta/s.tgz > /Stuff/Unsorted/var_ftp/Stuff/cts/cts.com) |
927. | cts.com.passwords (logins and passwords for CTS computers) (tech.net.ru: /home/subbsta/enc/disk1.tar > disk1/subbsta/s.tgz > /Stuff/Unsorted/var_ftp/Stuff/cts/ cts.com.passwords) |
928. | cts1 (list of IP addresses for CTS computers) (first 10 and last pages) (tech.net.ru: /home/subbsta/enc/disk1.tar > disk1/subbsta/s.tgz > /Stuff/Unsorted/var_ftp/Stuff/cts/cts1) |
929. | cts2 (list of IP addresses for CTS computers) (first 10 and last pages) (tech.net.ru: /home/subbsta/enc/disk1.tar > disk1/subbsta/s.tgz > /Stuff/Unsorted/var_ftp/Stuff/cts/cts2) |
930. | cts3 (list of IP addresses for CTS computers) (first 10 and last pages) (tech.net.ru: /home/subbsta/enc/disk1.tar > disk1/subbsta/s.tgz > /Stuff/Unsorted/var_ftp/Stuff/cts/cts3) |
931. | cts4 (list of IP addresses for CTS computers) (first 10 and last pages) (tech.net.ru: /home/subbsta/enc/disk1.tar > disk1/subbsta/s.tgz > /Stuff/Unsorted/var_ftp/Stuff/cts/cts4) |
932. | dir (directory of C drive) (tech.net.ru: /home/subbsta/enc/disk1.tar > disk1/subbsta/s.tgz > /Stuff/Unsorted/var_ftp/Stuff/cts/dir) |
933. | lomscan (scan log) (tech.net.ru: /home/subbsta/enc/disk1.tar > disk1/subbsta/s.tgz > /Stuff/Unsorted/var_ftp/Stuff/cts/lomscan) |
934. | mp (password file) (first 10 and last pages) (tech.net.ru: /home/subbsta/enc/disk1.tar > disk1/subbsta/s.tgz > /Stuff/Unsorted/var_ftp/Stuff/cts/mp) |
935. | nmap (port scan output) (tech.net.ru: /home/subbsta/enc/disk1.tar > disk1/subbsta/s.tgz > /Stuff/Unsorted/var_ftp/Stuff/cts/nmap) |
936. | nt (user name and password) (tech.net.ru: /home/subbsta/enc/disk1.tar > disk1/subbsta/s.tgz > /Stuff/Unsorted/var_ftp/Stuff/cts/nt) |
937. | cts_ports (IP addresses) (tech.net.ru: /home/subbsta/enc/disk1.tar > disk1/subbsta/s.tgz > /Stuff/Unsorted/cts_ports) |
938. | cts_usr (user names and passwords) (tech.net.ru: /home/subbsta/enc/disk1.tar > disk1/subbsta/s.tgz > /Stuff/Unsorted/cts_usr) |
939. | cts-users (list of user names) (tech.net.ru: /home/subbsta/enc/disk1.tar > disk1/subbsta/s.tgz > /Stuff/Unsorted/cts-users) |
940. | king.cts.com (password file) (first 10 and last pages) (tech.net.ru: /home/subbsta/enc/disk1.tar > disk1/subbsta/s.tgz > /Stuff/Stuff/Hack/Tools/John-1.6/king.cts.com) |
941. | new_ (logins and passwords for CTS computers) (tech.net.ru: /home/subbsta/enc/disk1.tar > disk1/subbsta/s.tgz > /Stuff/Stuff/Users/subbsta/new_) |
942. | pass (password file) (tech.net.ru: /home/subbsta/pass) |
EVIDENCE FROM CTS NETWORK SERVICES | |
950A. | CD1 containing CTS Network Services files and data |
950B. | CD2 containing CTS Network Services files and data |
950C. | CD3 containing CTS Network Services files and data |
950D. | CD4 containing CTS Network Services files and data |
951. | List of files in bd directory (cd1.tar.gz > cd1/ctsavi/bd) |
952. | File named A192.168.0.1-192.168.0.255.log” from bd directory |
953. | File named dir from bd directory |
954. | File named dirlist_c from bd directory (first 10 and last pages) |
955. | File named dirlist_d from bd directory (first 10 and last pages) |
956. | File named dirlist_e from bd directory (first 10 and last pages) |
957. | File named ipconfig.log from bd directory |
958. | File named mount.log from bd directory |
959. | File named net_view.lo1 from bd directory |
960. | File named net_view.log from bd directory |
961. | File named netstat.log from bd directory |
962. | File named pwdump.log from bd directory |
963. | File named serv.log from bd directory |
964. | File named serv1.log from bd directory |
965. | Executable named 1433.exe from bd directory (pages 1, 12, 13, and 19-21) |
966. | Executable named 21.exe from bd directory (pages 1, 12, 13 and 19-21) |
967. | Executable named 26405.exe from bd directory (pages 1, 12, 13, 19-21) |
968. | Executable named gzip.exe from bd directory (pages 1and 10-19) |
969. | Executable named kill.exe from bd directory |
970. | Executable named lomscan.exe from bd directory (pages 1 and 14-19) |
971. | Executable named lsaprivs.exe from bd directory (pages 1 and 7-10) |
972. | Executable named mount.exe from bd directory |
973. | Executable named ntalert.exe from bd directory (pages 1, 12, 13 and 19-21) |
974. | Executable named proxy.exe from bd directory (pages 1 and 38-44) |
975. | Executable named pslist.exe from bd directory (pages 1 and 10-13) |
976. | Executable named pwdump.exe from bd directory (pages 1 and 9-12) |
977. | Executable named redirect.exe from bd directory (pages 1 and 8-10) |
978. | Executable named serv.exe from bd directory (pages 1 and 7-10) |
979. | Executable named startcmd.exe from bd directory (pages 1, 5, and 11-12) |
980. | Executable named transcmd.exe from bd directory (pages 1, 7, 8 and 13-15) |
981. | Executable named zip.exe from bd directory (pages 1 and 25-31) |
982. | emoney_in.emoneyin2 (customer database (with CC #’s) belonging to Emoney) (pages 1-25; 578 and 579) (cd2.tar.gz > cd2/ctsavi.7.19/emoney_in.emoneyin2) |
983. | Backup_Orders.txt.TestVendor (first 25 pages and last page) (cd3.tar.gz > cd3/fsi/fsiwebs_ccs_arc.gz > fsiwebs_ccs_arc > fsiwebs_ccs/Backup_Orders.txt.TestVendor) |
984. | Backup_Orders.txt.Capresso (first 25 pages and last 2 pages) (cd3.tar.gz > cd3/fsi/fsiwebs_ccs_arc.gz > fsiwebs_ccs_arc > fsiwebs_ccs/Backup_Orders.txt.Capresso) |
985. | Backup_Orders.txt.ePhonecard (first 25 pages and last 2 pages) (cd3.tar.gz > cd3/fsi/fsiwebs_ccs_arc.gz > fsiwebs_ccs_arc > fsiwebs_ccs/Backup_Orders.txt.ePhonecard) |
986. | Backup_Orders.txt.Pelikan (first 25 pages and last 2 pages) (cd3.tar.gz > cd3/fsi/fsiwebs_ccs_arc.gz > fsiwebs_ccs_arc > fsiwebs_ccs/Backup_Orders.txt.Pelikan) |
987. | Backup_Orders.txt.RoyalCrownWigs (first 25 pages and last page) (cd3.tar.gz > cd3/fsi/fsiwebs_ccs_arc.gz > fsiwebs_ccs_arc > fsiwebs_ccs/Backup_Orders.txt.RoyalCrownWigs) |
988. | websites.zip (cd1.tar.gz > cd1/ctsavi/websites.zip) |
990. | E-mail message from Alexey Ivanov <[email protected]> to Jim Fitzgerald of CTS, dated July 1, 2000 |
991. | List of files in ctsavi/[space] directory (cd1.tar.gz > cd1/ctsavi/ /) |
992. | su.c (cd1.tar.gz > cd1/ctsavi/ /su.c) |
993. | su.log (cd1.tar.gz > cd1/ctsavi/ /su.log) |
994. | PERL scripts relating to PayPal |
994A. | Email from J. Fitzgerald transmitting same |
995. | boydurak CTS Account documents |
996. | skyhuy CTS Account documents |
997. | brian123 CTS Account documents |
998. | skyfly CTS Account documents |
999. | ctsavi CTS Account documents |
999A. | subbst and subbsta CTS Account documents |
K. | LIGHTREALM COMMUNICATIONS (HOSTPRO) |
1001. | talk_with_mike (correspondence between IVANOV and Mike Smith) (tech.net.ru: /home/subbsta/enc/disk1.tar > /disk1/subbsta/s.tgz > /Stuff/Stuff/Users/subbsta/work/lightrealm/talk_with_mike) |
1002. | mbox (e-mail correspondence to and from IVANOV) (tech.net.ru: /home/subbsta/ne/soft/mbox) |
1003. | bp (business plan) (tech.net.ru: /home/subbsta/enc/disk1.tar > disk1/subbsta/s.tgz > /Stuff/Stuff/Users/subbsta/work/lightrealm/bp) |
1004. | bero (e-mail to Ray Bero, Lightrealm) (tech.net.ru: /home/subbsta/enc/disk1.tar > disk1/subbsta/s.tgz > /Stuff/Stuff/Users/subbsta/work/lightrealm/mail/bero) |
1005. | [email protected] (correspondence between IVANOV and Ray Bero, Lightrealm) (tech.net.ru: /home/subbsta/enc/disk1.tar > disk1/subbsta/s.tgz > /Stuff/Stuff/Users/subbsta/work/lightrealm/mail/[email protected]) |
1006. | [email protected] (correspondence between IVANOV and Ray Bero, Lightrealm) (tech.net.ru: /home/subbsta/enc/disk1.tar > disk1/subbsta/s.tgz > /Stuff/Stuff/Users/subbsta/work/lightrealm/mail/[email protected]) |
1007. | [email protected] (correspondence between IVANOV and Ray Bero, Lightrealm) (tech.net.ru: /home/subbsta/enc/disk1.tar > disk1/subbsta/s.tgz > /Stuff/Stuff/Users/subbsta/work/lightrealm/mail/[email protected]) |
1008. | [email protected] (correspondence between IVANOV and Ray Bero, Lightrealm) (tech.net.ru: /home/subbsta/enc/disk1.tar > disk1/subbsta/s.tgz > /Stuff/Stuff/Users/subbsta/work/lightrealm/mail/[email protected]) |
1009. | [email protected] (correspondence between IVANOV and Ray Bero, Lightrealm) (tech.net.ru: /home/subbsta/enc/disk1.tar > disk1/subbsta/s.tgz > /Stuff/Stuff/Users/subbsta/work/lightrealm/mail/[email protected]) |
1010. | [email protected] (e-mail address for J. Young at Lightrealm) (tech.net.ru: /home/subbsta/enc/disk1.tar > disk1/subbsta/s.tgz > /Stuff/Stuff/Users/subbsta/work/lightrealm/mail/[email protected]) |
1011. | [email protected] (correspondence between IVANOV and Mike Smith, Lightrealm) (tech.net.ru: /home/subbsta/enc/disk1.tar > disk1/subbsta/s.tgz > /Stuff/Stuff/Users/subbsta/work/lightrealm/mail/[email protected]) |
1012. | [email protected] (correspondence between IVANOV and Mike Smith, Lightrealm) (tech.net.ru: /home/subbsta/enc/disk1.tar > disk1/subbsta/s.tgz > /Stuff/Stuff/Users/subbsta/work/lightrealm/mail/[email protected]) |
1013. | [email protected] (correspondence between IVANOV and Mike Smith, Lightrealm) (tech.net.ru: /home/subbsta/enc/disk1.tar > disk1/subbsta/s.tgz > /Stuff/Stuff/Users/subbsta/work/lightrealm/mail/[email protected]) |
1014. | [email protected] (correspondence between IVANOV and Mike Smith, Lightrealm) (tech.net.ru: /home/subbsta/enc/disk1.tar > disk1/subbsta/s.tgz > /Stuff/Stuff/Users/subbsta/work/lightrealm/mail/[email protected]) |
1015. | [email protected] (correspondence between IVANOV and Mike Smith, Lightrealm) (tech.net.ru: /home/subbsta/enc/disk1.tar > disk1/subbsta/s.tgz > /Stuff/Stuff/Users/subbsta/work/lightrealm/mail/[email protected]) |
1016. | [email protected] (correspondence between IVANOV and Mike Smith, Lightrealm) (tech.net.ru: /home/subbsta/enc/disk1.tar > disk1/subbsta/s.tgz > /Stuff/Stuff/Users/subbsta/work/lightrealm/mail/[email protected]) |
1017. | AVI_Resume.txt (tech.net.ru: /home/subbsta/enc/disk1.tar > disk1/subbsta/s.tgz > /Stuff/Stuff/Users/subbsta/Resumes/AVI_Resume.txt) |
LIGHTREALM CUSTOMERS’ DATABASES FOUND ON TECH.NET.RU | |
1050. | orderhandler.cg (Database (formatted) of customers and CC#’s of Lightrealm client) (tech.net.ru: /home/subbsta/enc/disk1.tar > disk1/subbsta/s.tgz > /Stuff/Stuff/Carding/CreditCards/orderhandler.cg) |
1051. | orders.tx1 (Database (formatted) of customers and CC#’s of Lightrealm client) (tech.net.ru: /home/subbsta/enc/disk1.tar > disk1/subbsta/s.tgz > /Stuff/Stuff/Carding/CreditCards/orders.tx1) |
1052. | orders.tx5 (Database (formatted) of customers and CC#’s of Lightrealm client) (tech.net.ru: /home/subbsta/enc/disk1.tar > disk1/subbsta/s.tgz > /Stuff/Stuff/Carding/CreditCards/orders.tx5) |
1053. | orders_1.xls (Database (formatted) of customers and CC#’s of Lightrealm client) (tech.net.ru: /home/subbsta/enc/disk1.tar > disk1/subbsta/s.tgz > /Stuff/Stuff/Carding/CreditCards/orders_1.xls) |
1054. | orders_2 (Database (formatted) of customers and CC#’s of Lightrealm client) (tech.net.ru: /home/subbsta/enc/disk1.tar > disk1/subbsta/s.tgz > /Stuff/Stuff/Carding/CreditCards/orders_2) |
1055. | pluscellular.com-1999.10.08 (Database (formatted) of customers and CC#’s of Lightrealm client) (tech.net.ru: /home/subbsta/enc/disk1.tar > disk1/subbsta/s.tgz > /Stuff/Stuff/Carding/CreditCards/pluscellular.com-1999.10.08) |
1056. | pluscellular.com~orders-1999.10.25 (Database (formatted) of customers and CC#’s of Lightrealm client) (tech.net.ru: /home/subbsta/enc/disk1.tar > disk1/subbsta/s.tgz > /Stuff/Stuff/Carding/CreditCards/pluscellular.com~orders-1999.10.25) |
1057. | www.alderac.com (Database (formatted) of customers and CC#’s of Lightrealm client) (tech.net.ru: /home/subbsta/enc/disk1.tar > disk1/subbsta/s.tgz > /Stuff/Stuff/Carding/CreditCards/www.alderac.com) |
1058. | www.alderac.com~orders-1999.10 (Database (formatted) of customers and CC#’s of Lightrealm client) (tech.net.ru: /home/subbsta/enc/disk1.tar > disk1/subbsta/s.tgz > /Stuff/Stuff/Carding/CreditCards/www.alderac.com~orders-1999.10) |
1059. | www.a-market.com~orders-1999.10.08 (Database (formatted) of customers and CC#’s of Lightrealm client) (tech.net.ru: /home/subbsta/enc/disk1.tar > disk1/subbsta/s.tgz > /Stuff/Stuff/Carding/CreditCards/www.a-market.com~orders-1999.10.08) |
1060. | www.bowwowvw.com~orders-1999.10.10 (Database (formatted) of customers and CC#’s of Lightrealm client) (tech.net.ru: /home/subbsta/enc/disk1.tar > disk1/subbsta/s.tgz > /Stuff/Stuff/Carding/CreditCards/www.bowwowvw.com~orders-1999.10.10) |
1061. | www.comunicacion.com (Database (formatted) of customers and CC#’s of Lightrealm client) (tech.net.ru: /home/subbsta/enc/disk1.tar > disk1/subbsta/s.tgz > /Stuff/Stuff/Carding/CreditCards/www.comunicacion.com) |
1062. | www.pluscellular.com (Database (formatted) of customers and CC#’s of Lightrealm client) (tech.net.ru: /home/subbsta/enc/disk1.tar > disk1/subbsta/s.tgz > /Stuff/Stuff/Carding/CreditCards/pluscellular.com) |
1063. | www.portolano.com~orders-1999.1 (Database (formatted) of customers and CC#’s of Lightrealm client) (tech.net.ru: /home/subbsta/enc/disk1.tar > disk1/subbsta/s.tgz > /Stuff/Stuff/Carding/CreditCards/www.portolano.com~orders-1999.1) |
1064. | www.richmondhillinn.com~Jan-23-2000 (Database (formatted) of customers and CC#’s of Lightrealm client) (tech.net.ru: /home/subbsta/enc/disk1.tar > disk1/subbsta/s.tgz > /Stuff/Stuff/Carding/CreditCards/www.richmondhillinn.com~Jan-23-2000) |
1065. | www.richmondhillinn.com~orders.10.09 (Database (formatted) of customers and CC#’s of Lightrealm client) (tech.net.ru: /home/subbsta/enc/disk1.tar > disk1/subbsta/s.tgz > /Stuff/Stuff/Carding/CreditCards/www.richmondhillinn.com~orders.10.09) |
1066. | www.sa-trading.co.za (Database (formatted) of customers and CC#’s of Lightrealm client) (tech.net.ru: /home/subbsta/enc/disk1.tar > disk1/subbsta/s.tgz > /Stuff/Stuff/Carding/CreditCards/www.sa-trading.co.za) |
1067. | www.sa-trading.co.za~orders-1999.10.08 (Database (formatted) of customers and CC#’s of Lightrealm client) (tech.net.ru: /home/subbsta/enc/disk1.tar > disk1/subbsta/s.tgz > /Stuff/Stuff/Carding/CreditCards/www.sa-trading.co.za~orders-1999.10.08) |
1068. | www.supoutlet.com (Database (formatted) of customers and CC#’s of Lightrealm client) (tech.net.ru: /home/subbsta/enc/disk1.tar > disk1/subbsta/s.tgz > /Stuff/Stuff/Carding/CreditCards/www.supoutlet.com) |
1069. | www.supoutlet.com~orders-1999.11.20 (Database (formatted) of customers and CC#’s of Lightrealm client) (tech.net.ru: /home/subbsta/enc/disk1.tar > disk1/subbsta/s.tgz > /Stuff/Stuff/Carding/CreditCards/www.supoutlet.com~orders-1999.11.20) |
1070. | www.uspaintball.com (Database (formatted) of customers and CC#’s of Lightrealm client) (tech.net.ru: /home/subbsta/enc/disk1.tar > disk1/subbsta/s.tgz > /Stuff/Stuff/Carding/CreditCards/www.uspaintball.com) |
1071. | merchants (tech.net.ru: /home/subbsta/enc/disk1.tar > /disk1/subbsta/s.tgz > /Stuff/Stuff/Hack/Domains/com/lightrealm/merchants) |
1072. | credit_cards (tech.net.ru: /home/subbsta/enc/disk1.tar > /disk1/subbsta/s.tgz > /Stuff/Stuff/Hack/Domains/com/lightrealm/credit_cards) |
L. | MISCELLANEOUS BUSINESS RECORDS |
1151. | FDIC Certificate of Proof of Insured Status for Nara Bank |
1152. | FDIC Certificate of Proof of Insured Status for Central National Bank |
M. | OTHER EXHIBITS |
1E. | Excerpt of transcript of Exhibit 1 |
A-1. | Hacker notes maintained by Cliff Brown, EDE (E-Money) |
A-2. | |
A-3. | Tech.Net.Ru tar listing |
A-4. | kvakin-home directory listing (Windows Format) |
A-5. | Web page |
A-6. | Web page |
A-7. | Web page |
A-8. | Web page |
A-9. | Web page |
18.188.216.249