8 Notorious Russian Hackers Arrested in the Past 8 Years
Lesson learned by Russian cybercriminals: Don't go on vacation, it's bad for your freedom to scam.
May 12, 2017
![](https://eu-images.contentstack.com/v3/assets/blt6d90778a997de1cd/blt69be81f2ddcd418d/64f0d7f87af833ee80fcd689/01-russian.jpeg?width=700&auto=webp&quality=80&disable=upscale)
The Russian criminal scene is an undeniable force in the world of black hat hacking, scams and thefts. While many Russian cybercriminals continue to skate by unapprehended and - sometimes - undetected, the US government has gone to incredible lengths to nab the crooks responsible for some of the biggest fraud rings in the last decade.
Unfortunately, the indictment and arrest history shows a picture where cooperation from the Russian government to catch these bad guys is non-existent. Instead, US lawmen and prosecutors have had to depend on a complex set of international relationships to snag these hackers when they are out of Russia, typically while vacationing at exotic locales using the fruits of their criminal labors. Here's the lowdown on arrests made in the last eight years.
Indicted: January 2009
Arrested: June 2012 (Netherlands)
Extradited: February 2015
The Crime: Hacker responsible for some of the biggest data breaches in history, namely those of Heartland Payment Systems and Hannaford Bros. Co. grocery chain.
Indicted way back in 2009, it took over three years for Drinkman to be apprehended. He was picked up by the Dutch police while on vacation and it took another three years before he was extradited and put in front of U.S. judges. In 2015 he pled guilty for his role in stealing 160 million credit card numbers from 2005 to 2012.
Indicted: January 2009
Arrested: June 2012 (Netherlands)
Extradited: September 2012
The Crime: Fraudster responsible for selling millions of credit card numbers stolen from major breaches at Heartland Payment Systems and 15 other organizations.
Smilianets was vacationing with Drinkman, thus being picked up in the same sting. Though he was extradited much earlier than Drinkman, Smilianets didn't plead guilty to his role in the credit card theft ring until a day after Drinkman. Sentencing for both Drinkman and Smilianets is still pending, with an expected announcement next month. Meanwhile three of their co-conspirators remain at large.
Indicted: March 2011
Arrested: July 2014 (Maldives)
Extradited: 2014
The Crime: Guilty of 38 charges, including nine counts of hacking and 10 counts of wire fraud for perpetration of years-long targeting of restaurant point-of-sale systems.
Seleznev was another Russian national caught up in a sting by foreign authorities who nabbed him while he vacationed - for him it was in Maldives. His family claims he was 'kidnapped' by the US, but the feds say his arrest was justified. After all, at the time of his arrest he had 2.9 million unique credit card numbers in his possession. And he's known in the criminal underground as "Track2." Seleznev's hearing and sentencing were high profile due to his political connections; his father, Valery Seleznev, is a member of the Russian Parliament. Though he admitted his crime in court and initially expressed remorse before sentencing, the younger Seleznev later read a statement that said his 27-year sentence was an injustice based on political motivations.
Indicted: December 2011
Arrested: July 2013 (US)
The Crime: Co-creator and distributor of the SpyEye banking Trojan.
Panin's arrest and extradition was a little less cut-and-dried than the other stories already told here. Like Drinkman, Smilianets and Seleznev, he was nabbed on vacation. But in this case he wasn't officially arrested or extradited. While in the in the Dominican Republic, Dominican officials managed to get him to board an airplane to the US and he was arrested when it landed. Since that 2013 sting, Panin pled guilty to his crime and was sentenced to over nine years in prison and another three years of supervised release.
Indicted: January 2015
Arrested: August 2015 (Finland)
Extradited: January 2016
The Crime: Senakh was one of the criminals behind the Ebury botnet, which generated millions of dollars in fraudulent revenue.
Picked up in Finland two summers ago, Senakh in March pled guilty for his role in running a Linux botnet which used infected servers worldwide to send 35 million spam emails a day at its height. According to ESET researchers in 2014, Ebury was used to perpetrate the Operation Windigo malware campaign, which infected half a million computers and 25,000 servers. And that was just one campaign in its years-long existence. Senakh is due to be sentenced later this year.
Indicted: October 2015
Arrested: August 2015 (Cyprus)
Extradited: February 2016
The Crime: One of the main conspirators responsible for creating and disseminating the Dridex malware package in order to steal banking credentials and drain victims' bank accounts.
Though not a Russian national per se - he's Moldovan - Ghinkul ran money stolen by his massive Dridex operation through Russian and Baltic state banks. According to the FBI, he stole over $10 million from targets in the US. Ghinkul pled guilty to charges in February and is up for sentencing in July. He faces 15 years and $500,000 in penalties for his crimes.
Indicted: October 2016
Arrested: October 2016 (Czech Republic)
The Alleged Crime: Alleged perpetrator of LinkedIn, Dropbox and Formspring breaches.
Indicted and arrested in the Czech Republic last fall for his role in breaches at LinkedIn, Dropbox and Formspring, Nikulin is yet another Russian detained while on vacation. He's currently sitting in a jail cell in Prague while the US and Russia duke it out with Czech authorities about his potential extradition. The Feds say that he'll be tried for data theft and fraud crimes that could put him away for 30 years, though this international struggle may be higher stakes than what's officially on the record. Speculation has it that Nikulin may have played a role in hacking the Democratic National Committee in the run-up to the election last year, or at least may know those who did play a role.
Indicted: March 2017
Arrested: April 2016 (Spain)
The most recent Russian hacker arrest nabbed on behalf of the US authorities, Levashov is accused of running the Kelihos botnet, one of the most prolific spam operations ever known. Like Nikulin, his arrest has also been speculatively linked with US election hacking, but Kelihos is the official charge. The Justice Department says that Levashov was selling a service to fellow crooks to perpetrate phishing attacks for $500 per million messages sent. Fitting in with nearly a decade of other Russian hacker arrests, Levashov was arrested in Spain while on vacation. He currently awaits extradition.
Indicted: March 2017
Arrested: April 2016 (Spain)
The most recent Russian hacker arrest nabbed on behalf of the US authorities, Levashov is accused of running the Kelihos botnet, one of the most prolific spam operations ever known. Like Nikulin, his arrest has also been speculatively linked with US election hacking, but Kelihos is the official charge. The Justice Department says that Levashov was selling a service to fellow crooks to perpetrate phishing attacks for $500 per million messages sent. Fitting in with nearly a decade of other Russian hacker arrests, Levashov was arrested in Spain while on vacation. He currently awaits extradition.
The Russian criminal scene is an undeniable force in the world of black hat hacking, scams and thefts. While many Russian cybercriminals continue to skate by unapprehended and - sometimes - undetected, the US government has gone to incredible lengths to nab the crooks responsible for some of the biggest fraud rings in the last decade.
Unfortunately, the indictment and arrest history shows a picture where cooperation from the Russian government to catch these bad guys is non-existent. Instead, US lawmen and prosecutors have had to depend on a complex set of international relationships to snag these hackers when they are out of Russia, typically while vacationing at exotic locales using the fruits of their criminal labors. Here's the lowdown on arrests made in the last eight years.
About the Author(s)
You May Also Like
CISO Perspectives: How to make AI an Accelerator, Not a Blocker
August 20, 2024Securing Your Cloud Assets
August 27, 2024