Case 4: Extortion Attempt by Russian Hacker Against Bloomberg Financial—Using a psycholinguistic profile to lure a suspect out of safety

On March 24, 2000, Michael Bloomberg, at that time head, founder and owner of Bloomberg L.P., a multi-national financial communications firm, based in New York City, received an unsolicited email from someone identifying himself as “Alex.” The email contained an attachment, with a letter from Alex, offering to help Bloomberg “understand some drawbacks of your system.” These drawbacks included the claim that the Bloomberg Traveler—a small, portable version of the Bloomberg terminal for sending and receiving financial information and email—was unprotected in terms of its security. Because Bloomberg offers subscribing clients financial reports, analytical software, a members-only email service through which they can communicate with brokers to trade securities and allows members to store their private financial data on its servers, this security gap was potentially quite significant. In addition, Bloomberg supplies news service to its subscribers and the public worldwide. The subject claimed that he could also place “disinformation” into the Bloomberg news service by entering data under the user name of the editor of this service.  He appeared to have access to this editor’s user data. In the email, “Alex” supported this charge by claiming that he had obtained access to all the Traveler’s functions, passwords of various Bloomberg employees, including Michael Bloomberg, and was able to send and receive emails on behalf of, and in the name of any Bloomberg user. Alex further stated that he could prove his claims with screen shots of this access, and that he was not a “terrorist,” but was hoping “that you’ll find my information valuable and kindly propose…adequate payment.” While noting that Bloomberg could refuse his help, he closed the letter by stating that “your security and reputation are in your hands.” The tale of FBI, Bloomberg staff and private security efforts to lure “Alex” (whose real name was Oleg Zezov) from his safe haven in Kazakhstan to a hotel room in London where he was arrested and subsequently extradited to the U.S. reads like a crime novel.  On August 10, 2000 Zezov and a traveling companion described as a lawyer named Igor Yarimaka, met with Bloomberg representatives in a hotel room a the Hilton Hotel Park Lane in London. With the Bloomberg staffer in the room were two British police officers-- -one posing as a security guard the other working as a translator. Mike Bloomberg joined the group periodically. According to the transcript of the audio and videotape of the meeting, negotiations see-sawed over Zezov’s demand for an employment contract prior to revealing the manner in which he penetrated the Bloomberg system. Zezov and his lawyer noted that this contract was needed to protect Zezov from prosecution and also to explain the resulting income to tax authorities in Kazakhstan.

In the course of the negotiations the law enforcement team got Zezov to admit that he had written the “Alex” emails and penetrated the system. Bloomberg refused to give Zezov the employment letter which would have legitimized his attacks and threats. Having accepted the refusal for the employment letter, Yarimaka asked for a verbal contract to cover Zezov’s legal exposure and tax liability. This was also refused.  The law enforcement team increased the pressure on Zezov to reveal his methods prior to such a contract and Zezov continued to refuse to do so.  As the two groups continued to deadlock, the team decided to end the meeting and British police entered the room and arrested the two men. The team composing the email responses to Alex sought to tempt him with the payment he wanted while getting him to change his reluctance to meet in a location with computer crime statutes or an extradition agreement with the U.S.  The team had to monitor Alex’s psychological state and be ready to both pressure and mollify him depending on his reaction.  He often reacted angrily, threatening to expose the Bloomberg vulnerabilities to the press.  At other times, he was quite anxious about security guarantees designed to protect his safety and freedom. Using copies of the emails between Alex and Bloomberg we attempted to determine if WarmTouch could be useful in assessing the levels of anger and anxiety in Zezov as the team attempted to lure him to London. The figure below displays output directly from the system that groups together the psycholinguistic indicators of anger used across the 20 emails sent by Alex. As the figure indicates, Alex’s level of anger peaks when things don’t go as planned early in the negotiations, but slowly subsides, as he accepts the new plan.

The figure above displays WarmTouch output for retractors—a primary measure of anxiety, over the same 20 emails.  In a pattern similar to his anger, Alex’s anxiety appeared to peak early but then decline, allowing the Team to “pull him in."