In November, 2009, US authorities identified BadB, one of the internet's most ingenious financial criminals, as 27-year-old Moscow resident Vladislav Horohorin. He was recently arrested in France. But why did Russian authorities let him operate freely in the meantime?
The New York Times sketches out a few popular theories among security experts as to why, generally, Russia has been lax with its cyber-policing.
1. Miscommunication: In Horohorin's case, it's possible that Russian police never got our memo:
Olga K. Shklyarova, spokeswoman for the Russian bureau of Interpol, said no American law enforcement agency had requested Mr. Horohorin's arrest in her country. "We never received such a request," she said by telephone.
If we had intended to let them know that this guy was one of the world's most prolific cyber criminals and somehow the message got lost in translation, that's worrisome for a whole different host of reasons.
2. Indifference: Security experts claim that 7 of the top 10 spammers in the world can be found in nations that were formerly part of the Soviet Union, but according to Dmitri Zakharov, a lobbyist for Russian internet businesses, such natinos are rarely the target of those spammers:
Online fraud is not a high priority for the Russian police, Mr. Zakharov said, because most of it is aimed at computer users in Europe or the United States. "This is a main reason why spammers are not arrested," he said.
3. Politics: In broad strokes: US sees cybercrime as as a matter for law enforcement. Russia has pushed for international treaties that would entrust cybersecurity regulation with military and espionage agencies. Vladimir Sokolov, deputy director of Russian research group Institute of Information Security, says that Russia and the United States "were still at odds on basic issues of computer security", though he thinks that we're increasingly seeing eye to eye.
4. Conspiracy: Some computer security researchers suggest that Russia's reluctance to prosecute cyber-criminals is based on some sort of mutual agreement with those very individuals. The idea is that
criminal spamming gangs have been co-opted by the intelligence agencies in Russia, which provide cover for their activities in exchange for the criminals' expertise or for allowing their networks of virus-infected computers to be used for political purposes - to crash dissident Web sites, perhaps.
The New York Times cites Russian hackers' attack on computer systems in Georgia during Russia's war with that country in 2008 as one such possible example of cooperation, though Russian authorities have said they had nothing to do with the attacks.
While that last possibility is certainly the juiciest, it's also the unlikeliest. And while US authorities claim they knew BadB's identity late last year, there's really no way of knowing what went on behind the scenes. The Times mentions an incident in 2002 in which the F.B.I. apprehended a Russian cybercriminal by luring him into US under the pretence of a job offer - before even asking the Russian authorities for help.
So I'd imagine Horohorin's delayed arrest can more realistically be attributed to some discrepancy in the two nations' priorities, or perhaps to a miscommunication of those priorities. In any event, it's probably something we should all get sorted out sooner than later. [NYT]