Hey, there! Log in / Register

Computer data moving through a server in Downtown Crossing was enough to warrant bringing a Russian hacker boss to trial here, judge rules

Update: Klyushin's sentencing has been canceled "until further notice."

Vladislav Klyushin, a Moscow IT executive held at the Plymouth County jail since 2021, could learn at some point how much longer he sit behind bars in the US following his conviction in February on insider-trading charges related to the theft of American corporate financial statements before their official releases.

Klyushin's sentencing had been set for Monday in US District Court in Boston but was canceled "until further notice."

That entry in his court docket came not long after a federal judge rejected his bid to reverse the jury's verdict and acquit him on the grounds his alleged crime - hacking into servers used by public corporations to store financial statements before they are released to the SEC and the public, then making trades based on that information - had nothing to do with Boston and so he should never have been tried here. On Monday, he faces a potential sentence of up to 20 years on the convictions for wire and securities fraud.

In her ruling, Judge Patty Saris said that given the nature of the crimes committed by Klyushin and his underlings in Moscow, the fact that a couple of weeks worth of their hacking attempts were routed through a VPN server leased in a data center in the Macy's building at 1 Summer St. was enough of Boston connection to warrant his trial here as anywhere else.

Unlike their boss, Klyushin's underlings at his M-13 firm in Moscow did not also face trial here, because they remain in Russia - they were smart or poor enough to not go on a ski trip to Switzerland, like the one he went on, only to be arrested by Swiss police, who then turned him over to US law enforcement, who say his firm made roughly $90 million in profits in deals based on the documents they stole.

Following his conviction, Klyushin's attorneys moved to have him acquitted on the grounds that federal law requires attention to finding the proper venue for a criminal trial and that Boston really had no connection to the crimes, that neither he nor his employees likely even knew their traffic was being routed via a server room run by the Markley Group in the Macy's building at 1 Summer St.

At trial, prosecutors showed that between Oct. 22 and Nov. 6, 2018, some of hacking traffic from Moscow was routed via a series of 104 IP addresses through a server that a company called Micfo put in rented space in the Markley data center and then leased to a Dallas company called Stackpath, whose VPN services Klyushin and his alleged conspirators used to help break into the financial-data servers.

When a crime occurs in more than one place, especially when involving crimes that originate outside the US - the hackers were physically in Moscow, not the US - the law lets prosecutors file charges anywhere along the route, Saris wrote, citing a 1908 Supreme Court ruling involving a railroad caught giving kickbacks to certain meat packers shipping between the Mississippi River and New York.

In the Klyushin case, she wrote:

The earnings reports accessed through the Boston server included those of dozens of publicly traded companies. Klyushin and his co-conspirators placed their trades only after the confidential information was downloaded through the Boston server, and revised their positions following public announcements of those earnings. For example, confidential information pertaining to Tesla was downloaded to the Boston server at 5:18 a.m. on October 24, 2018. Later that morning, Klyushin bought Tesla stock. After the market closed that day and the earnings were publicly announced, the conspirators immediately sold their shares to great profit. ...

While Klyushin hit send on a computer in Russia, given the nature of the charged continuing crimes, he caused the crimes to be implemented in part in Massachusetts. Based on this evidence concerning the use of a server in Boston, a jury could reasonably find by a preponderance of the evidence that Klyushin's use of the IP addresses in Boston was essential conduct, and that Massachusetts had a meaningful connection to the crimes committed.

Neighborhoods: 
Topics: 
AttachmentSize
PDF icon Complete ruling192.75 KB
PDF icon Klyushin's motion for acquittal264.7 KB


Ad:


Like the job UHub is doing? Consider a contribution. Thanks!

Comments

I actually interviewed for that data center while in college , I think it was a security type job, didn't end up taking it but it was so weird to be walking around in there. I had never known there was a whole data center literally behind the walls of Macy's! It definitely has "top secret" vibes and it's quite interesting to see it involved in this case.

although I did work for a company that used it, and every once in a great while IT would ask for people to come help move servers. Would have been interesting to see the servers my code was running on.

Oh, and it was great fun when it caught fire a few years back, let me tell you...

Not only do I get my sheets in the basement, but I've interviewed (multiple times) for jobs in that building.

I've also had multiple companies have hardware in One Summer (the data center) where I was one of (or the only) one who went there to manage all of it. I've had hardware on a few floors in there. Plus gone to the office(s) . They have a break room area, cubes, and conf rooms for customers to use.

I've been in several DC's in the area (I work in one now somewhere else) and Markley is by far the nicest. Very clean, up to date, they love the customers coming in. Its also one of the most expensive in the area too.

But the data center part is a huge maze of corridors. Some are just doors with signs that lead to rooms with cabinets or cages. Some are doors to a room that is just one customer. On one floor there's a long corridor with just doors along one side that have names of very recognizable companies (and not all telecom ones either!)

I think the six floor is actually empty. Last company was invited to a customer xmas party there (it was one hellva party). And it was unfinished and was going to become more data center space as the other 3 floors were at capacity. You could even see the terracotta tiles form when it was Jordan Marsh. (these are also evident in ceiling of the data center spaces where there's no drop ceiling and just mechanical above)

From the outside you would never know what was in there, you'd just assume it was Macy's. Good cover up. And to think most of the internet traffic for Eastern MA goes thru that building.

When they had the fire in a UPS/battery room a few years ago, it turned out that they had a single point of failure in that room, at least for the affected floors -- no second power distribution room. So they were down hard for a few days.

It has been fixed. They POUR money into that place. I am sure that was an oversight. They've just built out so fast.

Surprised to hear this because the power in that building has been very carefully planned. They have multiple power links to the local grid (Eversource). What a bad oversight tho.

given how basically everything else was so carefully redundant. (Including ensuring that the fiber links take geographically distinct routes to the building.)

Not sure if its still there, but they had this fact sheet about that place on their website that was pretty amazing. Talked about all the redundancy and such. It was pretty unreal how much effort was put into thinking this out. A lot more than other DC sites..

Yep, that caused an extensive outage for Boston city hall's servers. The summer street data center is below sea level which makes it undesirable for mission critical hosting. You're better off with a data center outside the city, connected to two power grids, in a disaster-resistant building. Being in a basement of an urban structure too many things can go wrong.

Evan Gershkovich maybe?

It's pretty screwed up that a US Court in 2023 is citing precedent from 1908 about railroad shipping to figure out how to treat VPN traffic that happens to exit a random data center.

This is an issue Congress, not the Courts, needs to sort out.

The issue was simpler: Where to bring the guy to trial. That's not really a technology issue - where to bring charges or lawsuits is an issue that predates computers (as seen by the decision in the Armour case).

If you do want to read up on the issues modern technology by itself raises for the judicial system, you might want to read up about things like warrants for searching data on cell phones - or for that matter, location data from cell towers.