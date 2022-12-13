Comment on this story Comment Gift Article Share

Welcome to The Cybersecurity 202!

Russia rejected cybercriminals in possible prisoner swap, but they could feature in future trades

The U.S. government reportedly floated offers to send Russia two alleged cybercriminals alongside arms dealer Viktor Bout, as part of negotiations to free both WNBA star Brittney Griner and Marine Paul Whelan.

Russia didn’t take that part of the offer, CNN reported, leaving Alexander Vinnik and Roman Seleznev behind bars in the United States and Whelan in captivity in Russia, as Griner and Bout were swapped and returned to their home countries. But it was a cybersecurity dimension to an international tale of diplomacy and intrigue.

The Griner-Bout exchange has proven divisive within the Biden administration, and the release of the cybercriminals might have gotten a similar reception. It’s hard to get convictions and extraditions for overseas cybercriminals, and returning them to Russia in a prisoner swap could have stoked frustrations and concerns.

“To get a conviction and someone actually sentenced to jail is something that doesn’t happen every day. I’m sure the cyber prosecutors in the Department of Justice probably are glad to see them remain behind bars,” Marc Raimondi, a former Justice Department communications official during the Obama and Trump administrations who now serves as chief of staff to the executive chairman at the Silverado Policy Accelerator, told me.

That Russia rejected the offer also raises questions about how much Moscow values cybercriminals who hail from within its borders, at least during a war with Ukraine.

The culprits

Vinnik only just arrived in the United States in August after an extradition from Greece, which took him in custody in 2017 at the request of the U.S. government.

The Justice Department charged him on 21 counts for allegedly operating the cryptocurrency exchange BTC-e, which the DOJ calls a “significant cybercrime and online money laundering entity.” An indictment said the exchange facilitated transactions for hacking incidents, ransomware scams, identity theft schemes and other crimes.

An attorney for Vinnik and family members fear he could face 50 years in prison in the United States.

Vinnik already served a sentence in prison in France on money laundering charges.

He faces lesser, unrelated fraud charges in Russia.

Russia sentenced Griner on Aug. 4, the same date Vinnik was extradited to the United States — immediately prompting speculation about a prisoner swap involving the two.

Seleznev, by contrast with Vinnik, has been in the United States for longer.

The Secret Service arrested him in 2014 in Guam, a development that provoked outrage from Russia, which accused the United States of “kidnapping” the son of a member of Russia’s parliament known for making anti-American statements.

A U.S. court sentenced Seleznev to 27 years in prison over an assortment of charges for hacking, bank fraud and identity theft. He defrauded small-business and banking institution victims of more than $169 million, the DOJ said.

Seleznev hacked into retail systems and installed malware to steal millions of credit card numbers from more than 500 U.S. businesses, according to the DOJ.

Interestingly, the United States sent another Russian cybercriminal back to his homeland last year. Aleksei Burkov, who was sentenced in 2020 to nine years in prison for credit card fraud that DOJ said cost U.S. consumers $20 million and for running an online cybercriminal forum, was deported to Russia for reasons that remain unclear.

The DOJ ruled out that Burkov’s deportation was part of a prisoner exchange, at least. What’s notable about Burkov is that, at least in his case, Russia demonstrated a willingness to swap prisoners with Israel, which had detained him on the United States’ behalf.

The prospects

U.S. officials told the Wall Street Journal in 2019 that Russia had stepped up efforts to keep its hackers from ending up in U.S. courts, instead preferring them to work on Moscow’s behalf. That makes sense given the U.S. government’s view that many of those hackers are essentially spies.

“I think it’s fair and appropriate for us to treat them, and Russia to accept them, as espionage” arrests, said Jamil Jaffer, a former official at DOJ’s National Security Division who is the executive director of the National Security Institute at George Mason University’s Antonin Scalia Law School.

Russia reportedly rejected the alternative offers to include Whelan because it charged him with espionage and only would consider a spy-for-spy trade. But it’s also easier to see why Russia valued an arms dealer over a cybercriminal in any prisoner exchange in the context of Russia’s war with Ukraine, Jaffer said.

While Russia didn’t accept the trade of Vinnik or Seleznev for Whelan, the prospect of the United States sending cybercriminals back home in prisoner swaps is still alive. Vinnik’s French lawyer told CNN his client could figure into a future deal for Whelan.

“They make part of the possible ‘candidates’ for the next swap,” Frédéric Bélot said.

“We think that he is a good candidate, remains a good candidate,” another of Vinnik’s lawyers, David Rizk, told the Associated Press. “He’s somebody that both sides have a lot of interest in, and he’s also somebody who hasn’t killed anybody. He hasn’t committed any violent crime.”

The keys

Hackers planted evidence on Indian priest’s computer, cybersecurity firm says

A report from digital forensics firm Arsenal Consulting concluded that a hacker planted evidence on a computer belonging to a Jesuit priest, Father Stan Swamy, Niha Masih reports. Swamy championed the rights of tribal youth in central India accused of being Maoists before he was charged with the same crime.

“More than a dozen activists, academics and lawyers have been imprisoned under an anti-terrorism law — some for more than four years — accused of having ties to a banned Maoist armed group that aims to overthrow the government. They deny the charges,” Niha writes. “The stringent terrorism law has drawn criticism in part because the accused can rarely secure bail and cases brought under the law have a poor conviction rate.”

The report on the hacking of Swamy — who died at a hospital in July 2021 after he spent more than eight months in jail on terrorism charges — comes after The Post previously reported that at least two defendants in the case had devices that were compromised. Hackers also targeted people who weren’t facing charges in the case.

The National Investigation Agency, which is the case’s prosecuting authority, did not respond to requests for comment.

Trump allies’ effort to copy voting software should be investigated, election-security advocates say

Campaign-finance reform group Free Speech for People, computer scientists and former elections officials called on the Justice Department and Department of Homeland Security to investigate the campaign that resulted in the copying and sharing of sensitive election system files. Signatories of the letter said the effort mapped out a digital road map that could enable hackers to change results or disrupt voting, Emma Brown, Aaron C. Davis and Jon Swaine report.

Some of the 15 signatories of the letter have been experts for plaintiffs in a lawsuit over election security in Georgia.

The letter also asks the Cybersecurity and Infrastructure Security Agency to assess election security risks “posed by the unauthorized distribution of voting system software to individuals who have already spread misinformation and may attempt to disrupt elections.” The agency, which didn’t respond to a request for comment, said in an October announcement with the FBI that “attempts to manipulate votes at scale would be difficult to conduct undetected.”

California Department of Finance says it was hit in cyber ‘intrusion’

California officials say they’re “actively responding to a cybersecurity incident” at the California Department of Finance, CyberScoop’s AJ Vicens reports. “No state funds have been compromised” in the incident at the agency, which advises California Gov. Gavin Newsom (D) on fiscal policy, according to a statement. It didn’t say whether data had been stolen, and noted that the department “is continuing its work to prepare the Governor’s Budget that will be released next month.”

The Lockbit ransomware gang has claimed responsibility for the hack. It says it stole 76 gigabytes of data, including “databases, confidential data, financial documents” and “sexual proceedings in court.” Experts say that the ransomware gang isn’t always honest about the impact of its hacks.

Telehealth firms send health information to tech companies

Around a dozen of the firms’ websites had trackers that collected patient answers, while 25 had trackers that told at least one major tech company whether users had added items like prescriptions to their carts or bought a subscription to a treatment plan, STAT’s Katie Palmer and the Markup’s Todd Feathers and Simon Fondrie-Teitler report.

“Health privacy experts and former regulators said sharing such sensitive medical information with the world’s largest advertising platforms threatens patient privacy and trust and could run afoul of unfair business practices laws,” they write. “They also emphasized that privacy regulations like the Health Insurance Portability and Accountability Act (HIPAA) were not built for telehealth.”

Global cyberspace

Cyber insecurity

