This ain’t CSI: How the FBI hunts down cyber criminals around the globe

There is now a growing underground economy for cyber-crime. It is no longer the preserve of just the hacker elite. The market is thriving, said Symantec in one of its most recent threat reports. More cyber-criminals, whether sophisticated or glorified script kiddies, means more work for authorities as they try desperately to keep up with a flood of international attacks.

International cyber arrests

Many of the world’s most active hackers are dotted across the globe, from Russia to China, from the UK to Australia. The FBI’s most wanted cyber-crime list includes numerous foreign nationals. The most recent hacker snagged from across the pond was British man Lauri Love, who is charged with infiltrating US government computers and now faces extradition.

FBI

American authorities encounter many hurdles when trying to capture and extradite an international cyber-criminal. Recently, they scored a rare win with the extradition of alleged hacker Ercan Findikoglu, a Turkish man who’d been arrested in Germany in 2013 and had been sitting in prison there since. Findikoglu, 33, is accused of leading a criminal group that hacked ATMs in New York and 23 other countries, stealing over 50 million dollars. Findikoglu had been described as one of the most wanted cyber crooks in the world, and if convicted he could face life behind bars — in the form of a 247 year prison sentence.

A Swedish man named Alex Yucel, who led the Blackshades group, was convicted by a New York court in June and sentenced to four years and nine months for developing and selling malware. He had been arrested in Moldova in 2013 and successfully extradited following years of creating remote access tools that could gain control of victims’ computers. His software is believed to have infected over 500,000 computers.

Yucel pleaded guilty and Judge P. Kevin Castel described him and other cyber-criminals as “spreading misery” across the world’s internet users. “The message must go forth that this is a serious crime worthy of a serious punishment,” said the judge. “Yucel’s computer hacking days are now over,” said Preet Bharara, US Attorney for the Southern District of New York.

Forming cross border bonds

There are many wanted hackers in Europe that are of interest to American authorities. One of the most notorious is Nicolae Popescu, a Romanian national, wanted for orchestrating an Internet fraud scheme.

Local Romanian authorities take the threat of hackers very seriously, says Alexandru Catalin Cosoi, chief security strategist at Romanian security software company Bitdefender.

“[Authorities are] in the underground forums, they’re doing a lot of arrests,” he says. “I know that there are a lot of specialists in the law enforcement agencies that are very skilled and are very eager to solve these issues.”

Academics, the security industry, and governments need to form bonds to carry out international efforts, adds Dr. Bhavani Thuraisingham, director of the Cyber Security Research Center at the University of Texas, Dallas. “We need not just technical solutions, we need political solutions,” she says.

In Europe, organizations like Europol and the private security sector work together to investigate and eventually arrest cyber-criminals, says Ilias Chantzos, senior director of government affairs EMEA at Symantec.

“We will work together, collect intelligence to understand what is the criminal infrastructure we want to go after,” says Chantzos, who also sits on Europol’s Cybercrime Centre (EC3) advisory group. “What will happen, will be an effective, regular interaction between corporations and law enforcement, exchanging information, and when there’s a green light, the operation will take place.”

Europol also collaborates with the FBI, as seen recently in the shuttering of dark web forum Darkode, which included Romanian authorities, for example. The operation was led by the FBI and included law enforcement agencies from 20 countries. “Obviously jurisdiction is an issue,” explains Chantzos, but effective communication and collaboration makes a difference.

“We need to know that the criminal is in a territory that we can do the arrest or that we know that some of the criminal infrastructure we’re going to disrupt is in a territory that we can exercise jurisdiction. Some of it will not be there and we need to accept that so often the effectiveness will be as good as it possibly can be.”

Safe in Russia?

The top man on the FBI’s most wanted cyber-crime list is the Russian hacker Evgeniy Mikhailovitch Bogachev, with a three million dollar bounty on his head, the highest reward of anyone else on the list.

The FBI says he’s likely still at his residence in Anapa, Russia on the Black Sea, which poses immense challenges for investigators. The US doesn’t have a formal extradition treaty with Russia, unlike Sweden, Turkey, and Germany, and diplomatic relations between the countries are fraught. Russia’s decision to grant asylum to Edward Snowden in 2013 worsened relations between Russia and the US on this matter.

“We will use every available legal and diplomatic means to bring all cyber-criminals to justice wherever they reside,” said David Hickton, US Attorney for the Western District of Pennsylvania, where the charges were filed.

Bogachev (AKA “lucky12345″ and “slavik”) was formally indicted last year under his real name for developing strains of ransomware and coordinating the GameOver Zeus botnet, an attack network that could be used to siphon off online banking details. His malware is believed to have infected at least one million computers globally and raked in an estimated $100 million.

The Russian’s charges are exhaustive and include computer fraud, bank fraud, conspiracy, and aggravated identity theft. He’s considered a major threat to the US banking industry and the possible head of a cybercrime “gang” working out of Russia and Ukraine, which has made him a high priority.

There are rumors that Russian authorities have willingly turned a blind eye. According to a Telegraph report from last year, he is even seen as a hero of sorts among the residents of his hometown. That makes catching him much more difficult — though it’s still not impossible.

“Cybercriminals like normal people like to travel,” says Chantzos. “[Russians] might go to Cyprus for holiday. Well, guess what, there’s a European arrest warrant waiting for him. The moment he arrives in Cyprus, he’s going to get picked up.”

Many hackers, regardless of nationality, are known to have traveled in the hopes of evading capture, but it may give the FBI a chance. Latvian Alexsey Belan, wanted for hacking US ecommerce companies, was last known to be in Greece. Peteris Sahurovs, who allegedly sold fraudulent security software, may still be in Latvia. These hackers, if picked up in their travels, can be extradited regardless of nationality.

An unsolved mystery

As criminals like Bogachev have proven, there are still major gaps in international cyber-crime enforcement, and a smart hacker can exploit them to operate with near impunity.

Nevertheless, international stings have become more commonplace, and much more intensive. In recent news, the FBI is seeking the extradition of two Israeli suspects following their arrest over the JPMorgan hack. And in June, Europol successfully shut down a major cyber-crime organization in Ukraine.

“There’s a lot of countries that will not extradite. That will not stop us from pressing forward and charging those individuals and making it public,” Robert Anderson, the FBI’s Executive Assistant Director of the Criminal, Cyber, Response, and Services Branch, told a conference in May, promising more arrests under his tenure.

Bogachev may still be in Russia, but with a $3m incentive for his arrest, hacktivists and online sleuths could end up being the FBI’s friend. Countries across the globe are well aware of the threat foreign hackers can pose, and are working together to tighten the noose. Today’s Internet at times feels a bit like the wild west, it will in all likelihood be tamed. Eventually.