Euro Security Watch with Mathew J. Schwartz

Incident & Breach Response , Managed Detection & Response (MDR)

Hackers' Vacation Plans in Disarray After Prague Arrest

Czechs Bust Alleged Hacker Behind 2012 LinkedIn Mega Breach
Hackers' Vacation Plans in Disarray After Prague Arrest
Czech police released a video of the suspect's arrest.

Russian hackers may think twice before traveling outside the country for a vacation in light of the arrest of alleged 2012 LinkedIn hacker "Yevgeniy N." by Czech police at a hotel in Prague earlier this month.

See Also: Live Webinar | Special Delivery! Defending and Investigating Advanced Intrusions on Secure Email Gateways

Police in the Czech Republic, acting on a red notice issued by Interpol, say they arrested the Russian national 12 hours after receiving information about his whereabouts from the FBI. Red notices are international requests for cooperation - alerts between Interpol's 190 member countries seeking the location and arrest of wanted individuals, potentially for extradition.

Police identified the suspect as "Yevgeniy N.," according to Reuters, saying he's a Russian citizen born in 1987.

LinkedIn issued a statement confirming that the arrest was in relation to the massive data breach that it suffered in 2012, the full severity of which it didn't uncover until four years later.

"Following the 2012 breach of LinkedIn member information, we have remained actively involved with the FBI's case to pursue those responsible," LinkedIn says in its statement. "We are thankful for the hard work and dedication of the FBI in its efforts to locate and capture the parties believed to be responsible for this criminal activity."

Czech police arrest alleged Russian hacker in relation to 2012 LinkedIn breach investigation.

After the suspect was arrested at a Prague restaurant - where he was dining with his girlfriend - Czech police say he collapsed and required medical assistance and was briefly hospitalized before being returned to custody.

Police say they expect the suspect to soon face extradition proceedings initiated by the United States, with which the Czech Republic has an extradition treaty. The U.S. has two months to file related paperwork.

But the Russian government is already demanding the suspect's return.

"The embassy has been taking all necessary efforts to protect the interests of this Russian citizen," Russian Embassy spokesman Andrey Kolmakov told Russian news service TASS. "We are in contact with his attorney. Russia repudiates Washington's policy of imposing its extraterritorial jurisdiction on all countries. We insist that the detainee is handed over to Russia."

Endangered: Hacker Holidays

The arrest is no doubt already sending shock waves throughout the cybercrime community. Indeed, Nicholas Weaver, a researcher who focuses on computer security at the International Computer Science Institute in Berkeley, Calif., warns that the arrest highlights cybercriminals' rapidly disappearing vacation options.

"As a Russian hacker, your only vacation spot left is Sochi," he says via Twitter, referring to Russia's largest seaside resort city.

Breach Coda

The arrest also serves as a potential breach coda for LinkedIn, which has been criticized for failing to force all users to reset their passwords after 6.5 million password hashes showed up on a password-cracking forum in 2012 (see LinkedIn's Password Fail). Earlier this year, however, it came to light that attackers actually stole details on 165 million users' accounts, in what now ranks as one of the largest breaches in history.

The severity of the breach was further compounded by LinkedIn in 2012 using the SHA-1 hashing algorithm. Passwords shouldn't be stored in plain text, so algorithms are used to convert a password into a hash, or a cryptographic representation, which, in theory, cannot be reverse-engineered. But even four years ago, security experts were warning that SHA-1 was weak, inappropriate for hashing passwords and could be easily cracked. Following the breach, however, LinkedIn hired a CISO and overhauled its password and other security practices.

Cybercrime Travel Secrets

To date, Russia has extradited no cybercrime suspects to other countries. In fact, so long as cybercriminals operating from parts of the former Soviet Union follow a few rules, such as not stealing money from Russian banks, they have little chance of being locked up.

Faced with that reality, the U.S. Justice Department has resorted, in part, to a tactic it calls "informal extradition," but which others might call kidnapping. It involves federal agents intercepting a suspect abroad, flying them to U.S. territory, charging them and then bringing them before a judge.

For example, Russian hacker Roman Seleznev was grabbed by U.S. Secret Service in 2014 while he was vacationing in the Maldives. While that country has no extradition threat with the United States, it apparently sanctioned the moves. Seleznev was convicted in August of defrauding 3,700 financial institutions in the United States of at least $169 million.

Similarly, Russian hacker Vladimir Drinkman was arrested while in Amsterdam in 2012, at the U.S. Justice Department's request. He pleaded guilty last year in connection with a hacking scheme that resulted in the theft of more than 160 million payment card numbers.

The FBI's Modus Operandi

Those arrests highlight the FBI's long-standing modus operandi. As FBI supervisory special agent Elvis Chan noted in a panel in March at the Information Security Media Group's Fraud and Breach Prevention Summit in San Francisco, criminals might get away with their crimes in the short term, or hide out in jurisdictions that U.S. prosecutors can't reach. But he said the FBI's memory - and reach - is long.

"We are relentless; we are going to turn over every stone to make sure that we get the job done," Chan said.

Managing Editor Jeremy Kirk also contributed to this story.

About the Author

Mathew J. Schwartz

Mathew J. Schwartz

Executive Editor, DataBreachToday & Europe, ISMG

Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the executive editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, among other publications. He lives in Scotland.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.