Russia's Priorities in Prisoner Swap Suggest Cyber FocusRussia's Priorities in Prisoner Swap Suggest Cyber Focus
At least two Russian nationals serving prison sentences for cybercrime offenses, Vladislav Klyushin and Roman Seleznev, were released as part of the landmark prisoner swap.
August 6, 2024
A convicted dealer of credit card accounts and identity documents and a hacker who helped steal sensitive data from companies to inform stock trades were among the eight Russian nationals traded last week to that country's government in exchange for 16 imprisoned Americans and Europeans.
In the most extensive prisoner exchange since the Cold War, the United States and its allies traded eight convicted Russian nationals — including cybercriminals Vladislav Klyushin and Roman Valeryevich Seleznev — for the release of four Americans, five Germans, and seven Russian political prisoners. Since 2017, Seleznev has been serving a 14-year sentence for participating in a massive cyber-fraud ring that stole more than $9 million from banks and $50 million in consumer losses. Klyushin was sentenced in September 2023 to nine years in prison for taking part in a hack-and-trade scheme.
The fact that the two cybercriminals were included in the exchange shows the importance that the Russian government puts on cyber operations, says Waithera Junghae, associate on the incident response team at S-RM, a global corporate intelligence and cyber security consultancy.
"Cyber activity aligns closely with real-world events such as conflict in Russia-Ukraine, and therefore it's perhaps not unsurprising that we see individuals engaged in this activity feature in negotiations and resulting releases," she says.
The massive exchange involved US diplomacy as well as the cooperation of at least five allies: Germany, Norway, Poland, Slovenia, and Turkey. The United States and its allies gained the release of three American citizens, an American green card holder, five German citizens, and seven Russian political prisoners, according to the White House. In addition to the two cybercriminals, Russia freed Vadim Krasikov, previously held by Germany after being convicted of assassinating a Chechen separatist in Berlin, news reports stated.
In remarks on Aug. 1, President Joe Biden stressed that the five countries who helped make the deal possible — either by releasing prisoners or in helping with logistics — showed the importance of the United States' alliance partners.
"They all stepped up, and they stood with us," Biden said. "They stood with us, and they made bold and brave decisions, released prisoners being held in their countries who were justifiably being held, and provided logistical support to get the Americans home. So, for anyone who questions whether allies matter, they do. They matter."
Cybercriminals Pursued Unique Approaches
The two cybercriminals released by US authorities included Klyushin, 42, who monetized hacks in an uncommon — if not unique — way. The Russian businessman, who owned the Moscow-based IT-security firm M-13, worked with four other co-conspirators to steal information on corporate earnings from publicly traded businesses, making trades around more than 2,000 "earnings events," according to a statement by the US Attorney's Office for the District of Massachusetts. The scheme netted the group around $93 million.
The "hack-to-trade" scheme is not unique, but it is a rare way for financially motivated cybercriminals to make money, Junghae says.
"Financially motivated cybercriminals typically opt for the quickest and easiest routes to make money, including encrypting and exfiltrating data or engaging in payment diversion schemes," she says. "However, in this particular case, Klyushin's strategy involved hacking companies to obtain confidential information for trading purposes."
Meanwhile, Seleznev — as part of the credit-card theft ring, Carder.su — created an automated portal for selling credit card data, allowing members to log in, search for specific types of account holders and card information, and then purchase the data by checking out. Seleznev, who used the handles Track2, Bulba, and Ncux, was sentenced to 14 years in prison in 2017, following a guilty plea. Law enforcement charged more than 55 individuals related to Carder.su as part of a concerted investigation dubbed Operation Open Market.
The scale and ease of the cybercriminal operation made Selznev, a pioneer at the time, Junghae says.
"High-profile cases like Seleznev's can embolden other cybercriminals, encouraging them to pursue similar activities under the belief that they too can evade detection and prosecution," she says. "The techniques and methods Seleznev employed can be adapted and refined by other criminals, thereby enhancing their capabilities."
Not a Major Factor for Law Enforcement
Some international policy experts have argued that the successful negotiated release of legitimately convicted Russian criminals poses a risk: Rogue governments could be incentivized to trump up charges and arrest other nations' citizens. Since 2021, the Biden administration has negotiated the release of prisoners from Russia, Iran, and Venezuela, according to Reuters.
"While it is or would be great to have these individuals released, it underscores how hostage-taking has become a prominent and frequent — if not growing — element of Russian strategy toward the U.S. and the West," Ian Brzezinski, a former US defense official, told Reuters.
Yet, the prisoner exchange will not change how law enforcement agencies pursue and prosecute cybercriminals, S-RM's Junghae says.
"This was an historic move, years in the making, that likely won't be repeated for some time," she says. "So, it would be remiss for countries and their government administrations to base future activity around further negotiated releases."
About the Author
You May Also Like
Transform Your Security Operations And Move Beyond Legacy SIEM
Nov 6, 2024Unleashing AI to Assess Cyber Security Risk
Nov 12, 2024Securing Tomorrow, Today: How to Navigate Zero Trust
Nov 13, 2024The State of Attack Surface Management (ASM), Featuring Forrester
Nov 15, 2024Applying the Principle of Least Privilege to the Cloud
Nov 18, 2024