August 25, 2017
By Jack Stubbs and Joseph Menn
MOSCOW/SAN FRANCISCO (Reuters) – When Alexander Vinnik was arrested on money-laundering charges at a Greek hotel in late July, the status of his Jabber secure online messaging account was set to “away”.
“He often takes some time to reply, so at first I didn’t think anything of it,” said one person who knew the Russian as an administrator of a digital currency exchange which U.S. prosecutors say was used to launder criminal funds.
“Then when I saw his picture on the news, I knew he would be ‘away’ for a long time,” said the person, who spoke on condition of anonymity.
The U.S. Justice Department says Vinnik facilitated crimes including computer hacking, fraud and drug trafficking by laundering at least $4 billion through BTC-e — an exchange used to trade bitcoin and other digital currencies — since 2011.
The 37-year-old faces up to 55 years in prison if extradited to the United States. He denies the allegations against him, according to Greek media reports, and BTC-e has said he never worked for the exchange. Reuters was unable to reach BTC-e or a lawyer representing Vinnik for comment.
Vinnik is now one of seven Russians arrested or indicted on U.S. cyber crime charges this year. On average, just two Russian cyber criminals were extradited to the United States each year between 2010 and the start of this year, according to a Reuters review of U.S. Justice Department filings, Russian government statements and sources briefed on the matter.
The increase to a record level shows that although President Donald Trump is trying to improve relations with Moscow, the United States has not shied away from pursuing Russians suspected of cyber crime.
The prosecutions coincide with intensified scrutiny of Russian hackers since U.S. intelligence officials determined that Russia interfered in the 2016 U.S. presidential election using cyber warfare methods to help Trump.
The Kremlin has denied accusations it interfered in elections in the United States or elsewhere.
But U.S. opposition lawmakers have questioned whether Trump is willing to respond forcefully to Moscow over its actions in cyberspace, and the White House has avoided publicly accusing Russia over recent politically-motivated hacking attacks..
Alarmed by Trump’s proposal to create a joint U.S.-Russia cyber security unit, U.S. lawmakers have also drawn up a draft bill that would require him to notify lawmakers before he does so.
Four U.S. federal law enforcement officials, who discussed the recent arrests with Reuters on condition of anonymity, said there had been no centralized effort to step up action against Russian cyber criminals under Trump.
The increase in the number of arrests stemmed from breakthroughs made in investigations before last year’s election, two of them said.
The FBI referred all questions to the U.S. Justice Department. The Justice Department said it did not track arrests or indictments by nationality and declined further comment.
RUSSIAN HACKERS RATTLED
Some U.S. officials, however, acknowledged that individual agents may now be more motivated to move against Russian cyber criminals following the election hacking scandal.
Russian hackers are active at all levels of cyber crime, from small-time thefts of online banking details, to taking down the computer networks of multi-national companies and government departments.
John Carlin, who until last October ran the national security division of the U.S. Justice Department as assistant attorney general, said resources had already been moving towards pursuing Russian nationals before the 2016 election.
But he added: “Their outrageous activity to undermine the integrity of our election, like they did in western Europe before and have done since, can only have added fuel to the fire.”
According to interviews with five people who knew the men arrested this year — all of whom declined to be named for fear of prosecution — the arrests have shaken the Russian cyber crime community.
“Now they are arresting even those who had a super indirect, not even direct connection to what they call influencing their election,” said one who knew Vinnik by his online moniker WME.
Used to operating across borders with relative impunity, Russian cyber criminals are now worried the prosecutions will lead to further arrests or harm their operations.
They are cutting back on trips abroad that were once seen as a calculated risk because of the risk of arrest and extradition, but are now viewed as increasingly foolhardy.
“We have monitored criminals discussing the aftermath (of the arrests) … and it is clear they are concerned about two things,” said Ilya Sachkov, head of cyber security firm Group-IB, whose Threat Intelligence unit specializes in monitoring and tracking the Russian-speaking cyber crime community.
“First, what the arrested members potentially know about them, but second and more importantly, a disruption in their ability to make money.”
One of those arrested this year was Peter Levashov, charged by U.S. prosecutors with operating one of the world’s largest botnets, or networks, of infected computers used by cyber criminals. He denies the charges.
Levashov allegedly used the botnet to pump out spam emails for a multitude of criminal schemes, such as stock fraud, online credential phishing attempts and the distribution of malware, including ransomware.
A person who knew Levashov by his online identity Severa said his arrest in particular had rattled underground cyber criminal circles because he was so well known.
“People read the news of course and see guys they know getting busted,” the person said. “Once is bad, this many times is scary.”
(Additional reporting by Dustin Volz in SAN FRANCISCO, Eric Auchard in FRANKFURT, and Karolina Tagaris in ATHENS; Editing by Timothy Heritage)