Every time there’s a new revelation about hackers and their cybercrimes it seems that the number of compromised accounts is more unbelievable. The announcement that a Russian hacker group has a billion stolen Internet passwords is certainly the most dramatic theft yet. The number of compromised records isn’t the only unbelievable thing about this latest theft. According to a recent New York Times article, the hackers are in their twenties and live in south central Russia. When so much is known about the hackers, can’t something be done to stop them? Do hackers ever suffer consequences for their crimes?
The legal situation regarding hackers is ambiguous.
There’s widespread skepticism about political willingness in some countries to turn hackers over to the US legal authorities, and that’s a major part of the problem. The legal situation is ambiguous in any case. Does the country in which the cybercriminals live have sole jurisdiction over them, or do the countries where their victims live also have jurisdiction? The US position is that it has the right to bring international cybercriminals to justice, but authorities in other countries aren’t necessarily inclined to cooperate. So how does this play out?
In a famous case, the cybercriminals Vasily Gorshkov and Alexey Ivanov came to Seattle in 2000 for a job interview. The computer firm they were interviewing with was actually a fake company set up by the FBI to lure the two onto US soil. They were both arrested; Ivanov was sentenced to 48 months in prison, Gorshkov to three years.
30 percent of the world’s junk emails sent by one cybercriminal.
Visiting the US is generally a bad idea for cybercriminals. In 2010, the Russian Oleg Nikolaenko was arrested at a car show in Las Vegas. He was charged with being responsible for sending between 30 and 40 percent of the world’s junk emails using a botnet that infected half a million computers and churned out 10 billion spam emails per day.
The complexities of international law mean that sometimes the authorities don’t get their guy or guys. Last May, the US indicted five Chinese military officers. They’re charged with hacking into the computers of US businesses and stealing trade secrets. According to the indictment, U.S. Steel, Westinghouse, and Alcoa were among the victims. There’s no extradition treaty with China, so in this case the indictments are probably primarily symbolic.
Crime doesn’t always pay for hackers, but hackers who live in Russia or China and can resist traveling usually don’t have anything to worry about, making both countries a refuge for cyber crime. And things may work out for the cybercriminals who travel too. Ivanov had long wanted to move to the US, and the FBI sting operation finally gave him the opportunity. Cybercrime results in global losses and it’s in everyone’s interest to prevent it. These cases hopefully make us all think about how important keeping your business network secure is and the need for harmonization of international law in relation to cybercrime.