International cooperation helped nab Russian hacker in Czech Republic

Earlier this month, Czech police arrested a Russian hacker with the help of the FBI. The international nature of cyberattacks has made it even more difficult to catch hackers.

Police in the Czech Republic announced Tuesday that they had captured a suspected Russian hacker with the assistance of the US Federal Bureau of Investigation. The suspect, identified only as Yevgeniy N., was apprehended October 5.

The arrest was a coordinated effort between two countries in order to apprehend a criminal with ties to a third, highlighting many of the difficulties associated with dealing with international cyberattacks. The arrest came only two days before a formal accusation by the Obama administration that Russia has been sponsoring hacks of the Democratic National Committee's emails, among others, in order to affect the outcome of elections in the United States.

According to the Prague Daily Monitor, the man was apprehended in a Prague hotel within 12 hours after the informational exchange between the FBI and Czech authorities was initiated. The decision about whether to extradite the hacker to the United States has not yet been made.

Sources told CBS that the arrest was not made in connection with the DNC hack, however. The man is suspected of involvement in a massive 2012 security breach at LinkedIn, which may have compromised data from 100 million users.

The Russian Embassy in Prague called for the release of the hacker to Russian custody. Unlike the Czech Republic, Russia has no extradition treaty with the US.

This not the first time international authorities have cooperated to catch a hacker like Yevgeniy, as many Russia-sponsored cyberattacks often operate outside of Russia itself while targeting other countries, Frank Cilluffo, the director of the George Washington University Center for Cyber and Homeland Security.

"The Czech Republic has been used as a launch pad for such behavior for quite some time, so I think it's pretty significant that they're stepping up their activity here," Mr. Cilluffo tells The Christian Science Monitor. "I think that hinges, in large part, around the bilateral arrangements and agreements between law enforcement authorities in both the Czech Republic and the United States."

Yevgeniy's arrest comes as a result of an Interpol notice about the hacker, according to The New York Times. Interpol issues color-coded "international requests for cooperation or alerts" from police in member countries, including the highest alert, red, which seeks "the location and arrest" of suspects.

While traditional informational attacks required violating national borders and espionage networks supported by state powers, cyberattacks do not suffer from the same limitations. Online hacks can occur easily across borders, and governments no longer need as large a network of specially-trained agents to acquire information that can be taken from the internet.

Larry Ponemon, chairman and founder of the Ponemon Institute for information security research, tells the Monitor that countries and corporations that get hacked are often unwilling to share what happened with others, for fear of giving away too much information about how their own security systems operate, which prevents others from stopping future hacks or determining the origin of a cyberattack. This problem is compounded by the fact that a skilled hacker can mask an attack, making it appear to come from anywhere.

"Some of the conclusions we reach, like 'The bad guys are mostly in China,' or now in the Russian Federation or Eastern Europe, that may not be true," says Dr. Ponemon. "There are cases where bad guys are operating in places like New Jersey, but they give the appearance that they're operating from some far location." 

As Cilluffo puts it: "Smoking guns are hard to find, smoking keyboards are even harder."

Even if a specific hacker is identified, it can be next to impossible to find out who they are working for, if anyone. Even without state backing, cybercriminals are often able to hide behind complicated international extradition laws and treaties to avoid meeting justice.

"The people who are working for [law enforcement] organizations today are much stronger, much better, with much deeper levels of expertise than five or 10 years ago," says Ponemon. "But the old law-and-order concept where you have bad guys robbing banks, stealing things, doing awful things, it doesn't necessarily work in the cyber world, because the motivations are very different."

Ponemon points out that most traditional international law enforcement agencies are not designed to handle "hacktivism," which aims to make a political point by releasing information to the public. In order to meet the problem, existing laws need to be built upon and reexamined in a new context, he says. But to fully solve the problem, countries will have to cooperate on legal, technological, and political levels.

Unfortunately that level of trust is currently at a low between the US and Russia, as a result of conflicts in Ukraine and Syria and around the hacking of the DNC.

"[Trust] takes years to build, nanoseconds to lose. There is a whole new set of communications issues because it is a diplomatic, international set of issues too," says Cilluffo. "It really does come down to relationships, individuals, trust, being in the foxhole together, and I would argue there's a lot of strength in bringing those communities together because they have shared common end stakes and principles."