The recent arrest of Russian citizen Roman Valeravich Seleznev by US authorities for alleged cyber crimes highlights one of the most difficult jurisdictional problems facing the international community today. In brief, does the country in which a cybercrime originates have sole jurisdiction over the act and the person committing the crime, or can countries whose citizens have been harmed by the crime, in this instance hacking, bring the criminal to justice? The United States has taken the stance that it has jurisdiction over criminals who hack into American computers and has taken vigorous action to bring these individuals to court. The Secret Service, FBI, CIA and other state agencies have conducted extensive investigations into the actions of hackers worldwide; Mr. Seleznev is one of several alleged Russian cyber criminals who have been arrested by US authorities over the last few years.
The case involving Mr. Seleznev is based on an indictment handed down in US District Court for the Western District of Washington that was sealed charging him with "hacking into point of sale systems at retailers through the United States." The indictment took place in March 2011 and was unsealed when the Russian citizen was found in Maldives and arrested in Guam. He is presently in jail in Guam awaiting extradition to the US. This became a cause of tension between Russia and the US partially due to the fact the father of the defendant is a member of the Duma (the Russian parliament) named Valery Seleznev and has accused the US of kidnapping his son in the Maldives.
The jurisdictional question of arrest has arisen several times between the US and Russia involving cybercrimes with Russia accusing the US of taking unauthorized custody of its citizens and the US considering Russia a "safe haven" for cyber criminals. The basis for this problem is the fact that the two countries have no extradition treaty. This was certainly given media attention by the recent asylum granted by the Russians to Edward Snowden.
Members of the criminal defense bar have stated that American officials have become increasingly relaxed in their overall recognition of established guidelines when pursuing accused cyber criminals across international boundaries. In September 2013, Russia's Foreign Ministry issued a warning for "citizens to refrain from traveling abroad, especially to countries that have signed agreements with the US on mutual extradition, if there is reasonable suspicion that US law enforcement agencies" have a case pending against them.
In quite a few of the cases, the suspects were held in third countries following a request from US authorities. American officials have extradited several and are presently working to secure the extradition of others. This repeated practice has raised the ire of Moscow officials. Defense attorneys have sought to fight these cases, but are unable to do so until the defendant is on US soil. One such case was that of Victor Bout, who was arrested for arms trafficking, and spent several years in a Thai prison before defense counsel was able to contest his arrest, to no avail, before a NY judge.
Prior to the present practice of first obtaining a sealed indictment, the FBI had worked on a few sting operations. In what may be the FBI's most famous case in connection with alleged Russian cyber criminals are the cases of Vasily Gorshkov and Alexei Ivanov. Promising a job interview in Seattle, the FBI established a fake computer security firm in 2000, named "Invita," and picked up Gorshkov and Ivanov when the duo came in under the pretense of a job interview. Arrested at the meeting, Gorshkov and Ivanov were subsequently convicted of cyber crimes, which hit PayPal, Yahoo and eBay and received three and four year sentences, respectively.
In an effort to arrest a client of mine, Alexander Panin, FBI agents crossed the globe as they joined the dark side and hacked into computers and posed as cyber crooks. Despite sifting through millions of lines of computer code, getting frustrated with law enforcement in Thailand, Bulgaria and Britain, they finally were forced to wait for Panin to leave Russia before they could arrest him in the Dominican Republic.
These jurisdictional issues are certainly raised by the defense in all of these cases and however there potentially be a bias in the judiciary in the country where the defendant is on trial. While it certainly may not happen very soon, the US and Russia would both benefit from coming to some agreement on extradition in the worldwide fight against cybercrime.
Arkady Bukh is a New York criminal defense attorney and an expert in cyber crime. He has defended many well-known cyber criminals, such as Igor Klopov, Oleg Nikolaenko, Alex Suvorov, Vlad Horohorin and others.
Suggested citation: Arkady Bukh, A Cold War in Cyberspace: Does the US Have Jurisdiction Over Russian Hackers?, JURIST-Hotline, August 1, 2014, http://jurist.org/hotline/2014/08/arkady-bukh-cyber-crime.php.
This article was prepared for publication by Jason Kellam, a Section Editor with JURIST's Commentary services. Please direct any questions or comments to him at firstname.lastname@example.org