Bank hackers find haven in Putin’s Russia

The diplomatic standoff between the United States and Russian President Vladimir Putin is hobbling efforts to prosecute cyber crime against American banks.

Russian hackers played a major role in the newly exposed worldwide cyber heist, where thieves learned how to imitate bank employees to withdraw more than $1 billion from 100 banks.

ADVERTISEMENT
While analysts suspect the heist originated in Ukraine and Eastern Europe, that information is of little use to American law enforcement officials who are getting no help from Moscow when it comes to catching cyber thieves.

“Trying to get cooperation from law enforcement in that area is, in many cases, actively hampered by the Russian government,” said Stu Sjouwerman, CEO of cybersecurity training firm KnowBe4, which most often works with banks.

“Given the current relationship between the United States and Russia, [cooperation] does not seem likely,” added Peter Toren, a cyber crime attorney who was part of the Department of Justice’s original batch of computer crimes prosecutors. 

Last August, Russian digital thieves were blamed for the cyber attack on JPMorgan that exposed sensitive data on over 83 million households. Reportedly, the same attack infiltrated up to nine other major banks.

“Harassment of U.S. financial firms is just part of the bigger picture and it is the price of business to some degree,” Sjouwerman said. 

Experts believe much of the hacking occurs either at the behest of Putin’s government, or with its tacit approval. Some speculated the JPMorgan hit was retaliation for the new U.S. sanctions that were slapped on Russia as the country amassed troops on the Ukraine border. 

Russia has been trying to exert influence in Ukraine since political unrest in late 2013 ousted Ukraine’s then-president. Russia later annexed Crimean Peninsula from Ukraine, angering the U.S. and leading to a slate of Western sanctions.

The escalating crisis has spurred calls from Congress for President Obama to supply defensive weapons to Ukraine to help it fight off Russian forces.  

The rift over Ukraine has plunged U.S.-Russia relations to their lowest level since the Cold War, damaging broader U.S. efforts to collect evidence against criminal networks operating abroad.

“I think there is greater suspicion than ever,” said Robert Cattanach, a cybersecurity lawyer and former DOJ prosecutor.

But the complex, worldwide “cyber mafia” that has been pillaging banks for two years have also been infiltrating Russian banks, perhaps giving Putin’s government a reason to work with the U.S.

Experts downplayed that possibility.

“Why would Putin ask for help from the people that are making his life difficult?” Sjourwerman asked.

Any evidence inherently contains hints about each country's cyber espionage efforts, Cattanach said.

“The mere fact” of sharing data “would tell someone about the capabilities of whatever agency is giving you that information,” he added. “They’re not going to be the least interested in giving any peek to anybody.”

The U.S. and Russia technically established a joint cyber working group in June 2013 to create a direct line of communication on cyber issues. But the group ceased meeting months later as the situation in Ukraine escalated.

With no clear path to resolving the Ukraine situation, the DOJ will continue to face high barriers to bringing foreign hackers to justice.

“I think they’re a little bit overwhelmed by just the amount, the expansiveness and the sophistication of the bad guys who are doing this,” Toren said.