International cooperation helped nab Russian hacker in Czech Republic

Earlier this month, Czech police arrested a Russian hacker with the help of the FBI. The international nature of cyberattacks has made it even more difficult to catch hackers.

Pablo Martinez Monsivai/AP/File
FBI Director James Comey testifies on Capitol Hill in Washington on the threat of Russian hackers trying to disrupt US elections, Sept. 28.

Police in the Czech Republic announced Tuesday that they had captured a suspected Russian hacker with the assistance of the US Federal Bureau of Investigation. The suspect, identified only as Yevgeniy N., was apprehended October 5.

The arrest was a coordinated effort between two countries in order to apprehend a criminal with ties to a third, highlighting many of the difficulties associated with dealing with international cyberattacks. The arrest came only two days before a formal accusation by the Obama administration that Russia has been sponsoring hacks of the Democratic National Committee's emails, among others, in order to affect the outcome of elections in the United States.

According to the Prague Daily Monitor, the man was apprehended in a Prague hotel within 12 hours after the informational exchange between the FBI and Czech authorities was initiated. The decision about whether to extradite the hacker to the United States has not yet been made.

Sources told CBS that the arrest was not made in connection with the DNC hack, however. The man is suspected of involvement in a massive 2012 security breach at LinkedIn, which may have compromised data from 100 million users.

The Russian Embassy in Prague called for the release of the hacker to Russian custody. Unlike the Czech Republic, Russia has no extradition treaty with the US.

This not the first time international authorities have cooperated to catch a hacker like Yevgeniy, as many Russia-sponsored cyberattacks often operate outside of Russia itself while targeting other countries, Frank Cilluffo, the director of the George Washington University Center for Cyber and Homeland Security.

"The Czech Republic has been used as a launch pad for such behavior for quite some time, so I think it's pretty significant that they're stepping up their activity here," Mr. Cilluffo tells The Christian Science Monitor. "I think that hinges, in large part, around the bilateral arrangements and agreements between law enforcement authorities in both the Czech Republic and the United States."

Yevgeniy's arrest comes as a result of an Interpol notice about the hacker, according to The New York Times. Interpol issues color-coded "international requests for cooperation or alerts" from police in member countries, including the highest alert, red, which seeks "the location and arrest" of suspects.

While traditional informational attacks required violating national borders and espionage networks supported by state powers, cyberattacks do not suffer from the same limitations. Online hacks can occur easily across borders, and governments no longer need as large a network of specially-trained agents to acquire information that can be taken from the internet.

Larry Ponemon, chairman and founder of the Ponemon Institute for information security research, tells the Monitor that countries and corporations that get hacked are often unwilling to share what happened with others, for fear of giving away too much information about how their own security systems operate, which prevents others from stopping future hacks or determining the origin of a cyberattack. This problem is compounded by the fact that a skilled hacker can mask an attack, making it appear to come from anywhere.

"Some of the conclusions we reach, like 'The bad guys are mostly in China,' or now in the Russian Federation or Eastern Europe, that may not be true," says Dr. Ponemon. "There are cases where bad guys are operating in places like New Jersey, but they give the appearance that they're operating from some far location." 

As Cilluffo puts it: "Smoking guns are hard to find, smoking keyboards are even harder."

Even if a specific hacker is identified, it can be next to impossible to find out who they are working for, if anyone. Even without state backing, cybercriminals are often able to hide behind complicated international extradition laws and treaties to avoid meeting justice.

"The people who are working for [law enforcement] organizations today are much stronger, much better, with much deeper levels of expertise than five or 10 years ago," says Ponemon. "But the old law-and-order concept where you have bad guys robbing banks, stealing things, doing awful things, it doesn't necessarily work in the cyber world, because the motivations are very different."

Ponemon points out that most traditional international law enforcement agencies are not designed to handle "hacktivism," which aims to make a political point by releasing information to the public. In order to meet the problem, existing laws need to be built upon and reexamined in a new context, he says. But to fully solve the problem, countries will have to cooperate on legal, technological, and political levels.

Unfortunately that level of trust is currently at a low between the US and Russia, as a result of conflicts in Ukraine and Syria and around the hacking of the DNC.

"[Trust] takes years to build, nanoseconds to lose. There is a whole new set of communications issues because it is a diplomatic, international set of issues too," says Cilluffo. "It really does come down to relationships, individuals, trust, being in the foxhole together, and I would argue there's a lot of strength in bringing those communities together because they have shared common end stakes and principles."

You've read  of  free articles. Subscribe to continue.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to CSMonitor.com.