Edward Snowden may be the most high-profile computer-savvy fugitive to find safe haven in Russia, but he is hardly the first. In the telling of American law enforcement authorities, Russia has become a primary sanctuary for hackers who use the Web to attack companies and individuals in the United States.
When President Obama scrapped a planned Moscow summit with Russian President Vladimir Putin on Wednesday, the White House acknowledged that one factor was Snowden, the fugitive intelligence analyst who leaked secrets about the National Security Agency’s controversial cyber-spying programs and then gained refuge in Russia.
But for American law enforcement agencies, the Snowden episode was merely the latest indignity, landing atop a stack of files in which Russia has ignored pleas from Washington to help with investigations and extradite alleged lawbreakers to the United States.
Speaking on Tuesday at a cybersecurity conference at Fordham University in New York City, Joseph Demarest, assistant director of the FBI's cyber division, said that “well over 90 percent” of hackers are based overseas, making law enforcement dependent upon cooperation with foreign governments.
"We see our approach to this as global,” he said. “We can't do it without foreign partners."
Demarest did not specify how much activity can be attributed to Russia, but other estimates underscore the scope of the problem. Hackers operating in Russia are responsible for more than one-third of cyber-crime revenues worldwide or as much as $3.7 billion a year, according to Mark Galeotti, a professor of global affairs at New York University.
In recent weeks, current and former American officials have vented frustration over their inability to gain assistance from governments in countries in which hackers attack concerns in the United States. In a rare move, prosecutors last month publicly named three alleged cyber criminals who are still at large, with law enforcement officials telling Reuters this was intended as “a slap at uncooperative Russian authorities.”
At the Fordham conference on Tuesday, former Homeland Security Secretary Michael Chertoff cited that case as an example of how other nations -- even some that have signed extradition treaties with the United States -- are failing to crack down on computer crime.
"What that tells me is we still have countries that don't really treat this as serious,” Chertoff said. “That's got to change."
In Russia, fugitive hackers often live in plain sight. One alleged cyber criminal responsible for unleashing a virus on Facebook routinely posted his location on Foursquare, according to researchers who investigated him.
For the most part, Russian officials have not cracked down on hackers because they do not attack computer systems in Russia, and therefore are not violating laws in that country, according to E.J. Hilbert, a former FBI agent who investigated cybercrime.
"What most people don’t understand is these are sovereign countries with laws that are completely different than ours," Hilbert said. “They’ve done nothing illegal in their country, therefore they can’t be arrested, and that makes it really, really difficult.”
Without assistance from Russian police, Facebook last year took the unusual step of publicly releasing the names, aliases and photographs of five Russian cybercriminals accused of operating a virus known as "Koobface."
The Koobface virus prompted Facebook users to install software to watch a video and thereby installed malware on their computers that helped hackers to commit advertising fraud and steal from users' bank accounts.
Facebook's efforts appeared to temporarily shut down the virus. But the cyber criminals behind it are still at large.
Even close American allies have refused to allow their citizens to be tried for cybercrimes on American soil. Last fall, British Home Secretary Theresa May declined to extradite Gary McKinnon, a British citizen, to face charges of breaking into computer networks of NASA and the Pentagon in 2002. At the time, authorities called the break-in "the biggest military hack of all time."
McKinnon admitted to accessing U.S. government computers but maintains he was only looking for evidence of UFOs. May sided with McKinnon’s supporters, who argued that he suffers from Asperger's syndrome and depression.
"After careful consideration of all of the relevant material, I have concluded that Mr McKinnon's extradition would give rise to such a high risk of him ending his life that a decision to extradite would be incompatible with Mr McKinnon's human rights,” May said last fall.
Some accused cybercriminals have not only avoided extradition to the United States, they have even become public figures in their home countries.
In Ukraine in 2005, police arrested Dmitry Golubov, who went by the nickname “Script,” and charged him with running a website called CarderPlanet.com. The site was a popular forum for hackers to exchange data about stolen credit cards, a scheme that has cost U.S. banks millions of dollars in losses.
Golubov had been a fugitive for years “due to indifference from Ukrainian authorities,” according to a story in Wired.com. But a few months after his arrest, two Ukrainian politicians persuaded a local judge to drop the charges and release Golubov from prison.
Hilbert, who worked on the case while at the FBI, said the politicians convinced the judge that “it was a detriment to the Ukrainian economy to keep him in jail.”
“It was hurting those guys pocketbooks when the guy was no longer able to pay their bribes,” Hilbert said.
After his release, Golubov became the leader of the Internet Party of Ukraine.
This story appears in Issue 62 of our weekly iPad magazine, Huffington, in the iTunes App store, available Friday, August 16.