When it comes to hackers and cybercrime, the wheels of justice often move at the speed of drool for several reasons. It may not be hard to identify a hacker, but bringing them to justice is another story.
Why It’s Hard to Bring Hackers to Justice
First, investigating a cyber-intrusion or fraud case is not simple. It can take weeks if not months to determine the source of the act, and it is not a given it can even be accomplished at all. Second, if an intrusion, theft, or fraud can be traced back to a group, how are they charged individually based on culpability and degree of participation? It does not play out like a television crime show in which witnesses seem to be conveniently identified and brought in for questioning. Finally, once an indictment is drawn up on an individual or multiple accused, the problem of serving them out of country and extraditing them back to the United States for pretrial, trial, and post trial proceedings can sometimes border on the near impossible. If the country the suspect is physically in fully cooperates and has reciprocal agreements with the United States, it is still not a given they will find them and in fact, is often down the pecking order of what cases deserve that country’s time and attention. If the case is big enough and you are lucky enough to have Interpol (global police organization), your chances of finding the person or persons and bringing them to justice increase, but it is not a fast process most of the time.
Examples of the Slow Arm of Cyber Justice
There are two recent cases that are perfect examples of how long cyber crime cases can take to get into a court process.
Mihai Paunescu, a Romanian National, was recently extradited for alleged crimes in which he hosted a heavily encrypted service for hackers, which simply explained, allowed them to roam anonymously through the wilds of the internet, while Paunescu raked in the money as a fee to let them do so. In the process, through this “bulletproof hosting”, nasty malware hitting the financial sector was unleashed by the black hat hacking community. This led to denial of service attacks, bank fraud, and stolen credential events. NASA was even attacked allegedly through one of Paunescu’s servers, infecting their computers with malware.
This sounds like a great coup for law enforcement getting this guy away from computers, except most of the activity mentioned in the indictment happened ten years ago! Paunescu was the main target of this hacking ring (along with Nikita Kuzmin, the creator of some of the malware), however, why did it take so long to bring him to justice, when multiple countries had residents who were victims of these attacks? Apparently, Paunescu had been arrested in Romania in 2012 but he was not deported to the United States because Romania was seeking prosecution and denied extradition. Paunescu ended up in Columbia, who had no problem extraditing him to the United States, although that process took months in and of itself.
Just last week, three Nigerian men were extradited from the UK to the United States based on charges of cyber fraud against universities, contractors and individuals here in the states. The defendants are accused of using a business email compromise scheme in which the identity of a real person or entity is stolen and using their email, convinces the victim to wire transfer money to the criminal’s account. Most of this activity allegedly took place in the 2016-2018 time frame. While not as long as the Paunescu case has taken, it could still be seven years from the alleged first offense before the matter is resolved. The indictment was actually returned in 2019 and because of COVID-19, the extradition process from the UK to the United States was slowed down.
Hackers Know They Can Run and Hide
Identifying the suspect(s) in these cases, while taking some time, doesn’t seem to be the issue. It’s bring them to justice that is time consuming and fraught with numerous barriers. Simply locating cyber criminals and getting them to the United States can be the most challenging piece of the justice effort. The hackers who aren’t narcissists who think they will never be caught understand where to hide….in that respect, international criminals have never changed their ways.