There have been many new reports recently detailing how hackers have managed to obtain tens of thousands of confidential records, or in some instances, tens of millions or more. However, it is rare that a hacker is caught and brought to justice for the crimes carried out.
Recently, a hacking group in Russia was reported to have illegally obtained a staggering 1 billion passwords. If that was not surprising enough, the authorities know the individuals are located in central Russia. They are also in their early 20s. If they have been caught, why have they not been arrested?
There are issues as the United States that wishes to take action but the criminal may be located elsewhere, Russia for example. So it must be considered if should the criminals be tried in Russia or in the United States? Where should justice occur, where the crimes were committed or in the country most affected by the crimes? Should hackers be extradited?
If there is no treaty existing between two countries, hackers will be tried and sentenced (or not) in their own countries. The United States has attempted to get five Chinese hackers extradited and brought to the United States to face trial. They were employed by the Chinese military. China is unlikely to take any action, and certainly will not hand them over to the United States. The criminals are believed to be behind attacks on Alcoa, U.S. Steel and Westinghouse, as well as on other U.S. companies. The criminals were indicted, but that is as far as the U.S. progressed. They are very likely working on new hacks against U.S. companies.
In some cases, hackers do not need to be extradited. The FBI has previously fooled hackers into coming over to the United States voluntarily. By doing so the tricky issue of extradition has been bypassed. The FBI set up a job interview for two hackers using a fake Seattle company. The duo, Alexey Ivanov and Vasily Gorshkov, arrived for the interview and were promptly arrested. The latter received a sentence of three years, the former got four years months.
Cybercriminals are very talented at concealing their real identities and consequently can be difficult to locate. It can be even more difficult to bring them to justice.
It should come as no shock to hear that many successful hackers are based in countries that offer security against extradition to the United States. Unless there are international laws completed, and more cooperation between countries to tackle the global issue of cybercrime, they are unlikely to be tried and sentenced for their crimes.
