By 12 November 2019, hacker Alexei Burkov was extradited from Israel to the US to face major credit card fraud charges. Originally arrested in 2015 for his role in Cardplanet, his extradition was delayed several times as the Russian government was fighting against his extradition to the US. Israel subsequently received a competing extradition request from Russia. Then, Russia arrested and sentenced to prison an Israeli/US citizen and offered Israel to exchange her for Burkov. This case shows how authoritarian countries try to protect their hackers from US prosecution.
Figure 1. Alexei Burkov during his hearing in Israel
Alexei Burkov (also known as k0pa, Botnet, Alexey Burkov, Alexei Yurievich Burkov) was indicted by the US for operating card shop Cardplanet (cardplanet.cc). Additionally, Burkov ran invite-only online cybercriminal club that required recommendations and $5,000 deposit to join. Burkov’s activity in 2009-2013 caused the US $20,000,000 in damages from the sale of over 150,000 compromised payment cards.
Additionally, Israeli media sources discussed a theory that Burkov might be connected to Russia’s efforts to influence the American election process. That would explain the effort of the Russian government to protect him from the extradition. So far, the published indictment and the US Department of Justice (DOJ) statements do not confirm this theory. It is also important to keep in mind that Burkov was under Israeli arrest since December 2015. So, he was not among Russian government hackers attacking Democratic servers in 2016. Our analysts have seen previous criminal Russian hackers who were used by the Russian intelligence services, for example, Yahoo hackers Baratov and Belan, Zeus creator Bogachev. An extensive investigation, published by Brian Krebs, connects Burkov to many Russian elite criminal hackers and potentially to Bogachev. Burkov, hiding behind hacker aliases k0pa and Botnet, had access and different levels of control in various Russian criminal elite hacker forums, to include Mazafaka, Verified, DirectConnection, and the Cyber Lords.
If Burkov did not work with Russian intelligence himself, the Russian government may have been concerned with his deep knowledge of the Russian cybercriminal underground and, potentially, of other criminal hackers working with the Russian government. Alternatively, the Russian government in general, does not want its criminal hackers to be punished by the West, whether they do or do not work with intelligence agencies.
The main strategy Russian hackers employ to avoid prosecution, is to not leave Russia, or, at least try to travel only to countries that will not extradite to the US. If the arrest in a foreign country happens anyway, two strategies mentioned below could be employed by the Russian government to put additional pressure against extradition: competing request for extradition to Russia and prisoner exchange.
Competing Extraditions to Protect Hackers
In the Burkov case, competing extradition requests submitted by Russia significantly increased time for the US extradition request to be processed, even though eventually the US request prevails.
This is not the first time Russia uses this tactic to help Russian hackers. In the case of Amazon DDoS attacker Dmitry Zubakha, Russia was successful, and the hacker was extradited from Cyprus to Russia; avoiding US extradition. But in other cases, Russia failed. For example, LinkedIn/DropBox/Formsping hacker Yevgeny Nikulin was eventually extradited from the Czech Republic to the US. And in the case of arrested Cryptocurrency exchange BTC-e co-owner Alexander Vinnik, the extradition battle in Greece continues. In this case, three competing extradition requests were issued: US, Russian, and French.
Prisoner Swap to Protect Hackers
In the Burkov case, hostage taking by Russia was marginally effective, as it empowered a massive campaign to pressure for the prisoner swap and slightly delayed Burkov’s extradition to the US. Specifically, Russia arrested Naama Issachar, Israeli/US citizen on her transit flight from India to Israel. She received a seven-and-a-half-year prison sentence on a minor drug charge, which was harsher than typical punishment.
Figure 2. Naama Issachar
Both Russia and China work to maintain a list of arrested US and other nationals. Typically, this type of prisoner exchange scheme is for high profile cases, for example involving government spying. It will be interesting to see if this tactic in the Burkov case will be copied in future for other hacker extradition battles.
Rogue regimes such as Russia seek to protect their financial hackers from prosecution. Even after a hacker is arrested abroad, they may provide legal, public relations assistance, a competing extradition request, or even a prisoner exchange proposal.
Report Date: 11232019
Country: US, RU, IL
Prepared by: Yury Polozov