The Hacker Hunters Chasing Russian Shadows
U.S. investigators are stepping up the fight against Russian cybercriminals. But are they going after the right guys?
It was the middle of the night when a group of Spanish police came crashing into the Levashovs’ vacation apartment in Barcelona. “They broke the door down… and forced us onto the floor in front of our four-year-old child,” Mariya Levashova told the Kremlin-controlled RT television network in an interview given shortly afterward.
Mariya’s husband, Pyotr Levashov, is now in a Spanish prison facing extradition to the United States on hacking charges. The U.S. maintains he is a spamming kingpin living a luxurious life in St. Petersburg. But Levashova says her husband is just an average computer programmer.
For many years, the U.S. has hunted Russian hackers accused of committing cyber crimes, targeting them with extradition requests when they leave the relatively safe confines of the former Soviet Union. But the game of cat and mouse took on a different dimension following alleged Russian interference in the 2016 U.S. presidential election. The arrest of Levashov in April and at least two other similar cases appear to be the result of a stepped-up effort by U.S. law enforcement.
Russian officials have repeatedly denied charges of meddling, and accuse U.S. authorities of kidnapping its citizens. In at least one instance, Russia has filed a counter-extradition request in a bid to nullify a move by the U.S.
The stakes of the hunt are high. Russian hackers who the U.S. succeeds in extraditing can expect long prison sentences if found guilty. Earlier this year, a Seattle court convicted Roman Seleznev, a Russian hacker, and son of a Duma deputy, to 27 years in prison. He was handed over to the U.S. by police while on holiday in the Maldives.
In a statement read out by his lawyer after the trial, 32-year old Seleznev, who has health problems, said he had been handed the equivalent of a “death sentence.”
One of the key challenges for U.S. investigators is linking a hacker’s digital footprints to a real person — and then proving the connection. Cyber-criminals often use dozens of online nicknames to throw investigators off the trail. According to the U.S. magazine Wired, Levashov was caught when he committed a basic error: he used the same credentials to log into his criminal ventures as he did to ordinary sites and applications like iTunes.
Another challenge police face is coordinating sprawling investigations, which can involve criminals all over the world. Cyber-crooks work in closely-knit online units, and not necessarily in the same country. Such groups involve technical specialists and managers, as well as mules responsible for cashing-out after successful cyber-heists. In December, the FBI was one of 30 law enforcement bodies involved in the world’s largest ever cyber-takedown, destroying an online crime platform known as Avalanche. At the end of the four-year investigation, police carried out 5 arrests, seized 39 web servers and removed more than 830,000 web domains.
At the same time as Levashov’s arrest in Spain in April, U.S. agents were working to dismantle the Kelihos botnet, a global network of infected computers. Kelihos was reportedly used to harvest login information, blast out millions of spam messages, implant malware and artificially elevate the price of certain stocks (so-called pump and dump schemes). The U.S. Department of Justice says Levashov had been running Kelihos since 2010.