
Russian Hacker, Wanted by F.B.I., Is Arrested in Prague, Czechs Say - r721
http://www.nytimes.com/2016/10/20/world/europe/prague-russian-hacker.html
======
tptacek
Czech Republic a member of European Union: Check!

Czech Republic a NATO Ally: Check!

Computer Crime Illegal In Czech Republic by Czech Law: Check!

Computer Crime Illegal In European Union: Check!

Bilateral Extradition Treaty Present Between US and Czech Republic: Check!

European Union Recognizes Validity Of Bilateral Extradition Treaties With The
US: Check!

I am not clear on the basis of Russia's expectation that they're going to get
their hacker back soon.

~~~
tomashertus
Czech Republic, is supposedly a base of Russia espionage for European
Union[1]. There are very close connections between our high-profile politics
to people around Putin.[2] My guess is that he will be returned to Russia.

I recommend to read the profile published by Guardian last year on Czech
president Milos Zeman.[3]

[1]
[http://www.telegraph.co.uk/news/worldnews/europe/czechrepubl...](http://www.telegraph.co.uk/news/worldnews/europe/czechrepublic/11190596/Extremely-
high-number-of-Russian-spies-in-Czech-Republic.html)

[2] [http://praguemonitor.com/2016/08/10/zeman-attend-
conference-...](http://praguemonitor.com/2016/08/10/zeman-attend-conference-
held-putins-friend-again)

[3]
[https://www.theguardian.com/commentisfree/2016/sep/15/milos-...](https://www.theguardian.com/commentisfree/2016/sep/15/milos-
zeman-czech-republic-president-populists-post-communist)

~~~
bduerst
Anecdotally, my wife grew up in Prague and has said it is a favorite for
Russian tourism, so it's probably fairly easy to enter the E.U. there.

~~~
tomashertus
Yup, Prague and especially Karlovy Vary are full of Russian tourists.

~~~
adamnemecek
Not just tourists, unfortunately they own a large part of that city.

------
CiPHPerCoder
No word on who was arrested or who their victims were.

All we have to confirm the story is political posturing from two global
superpowers over an arrest in a third country. This sounds like the opening
act of a cold war era political struggle. War by proxy, etc.

Can we please not repeat that chapter in history?

Or, if we're going to do so, at least not use hackers as the pawns in this
sick game? I'd appreciate at least that much.

~~~
dkopi
Which part do you consider an opening act of a cold war? Launching a cyber
attack in a foreign country - or arresting someone who launched a cyber
attack?

~~~
elsewhen
to be truly accurate, it is _allegedly_ launching a cyber attack.

------
dmix
2012 hack on a "west coast company" ... anyone know which hack this might be?

Linkedin maybe? This stirred up controversy in the US gov where they might
have invested resources in pursuing the attacker:
[https://en.wikipedia.org/wiki/2012_LinkedIn_hack](https://en.wikipedia.org/wiki/2012_LinkedIn_hack)

Yahoo's discovery of the big intrusion recently was from 2012 but that might
have been too recent?

Also Dropbox was hacked in 2012.

~~~
r721
>The indictment, unsealed today, alleges that Nikulin, accessed computers
belonging to LinkedIn, Dropbox and Formspring, each of which has its
headquarters in the San Francisco Bay Area. The indictment further alleges
that the defendant accessed the computers without authorization and that he
obtained information from the computers. According to the indictment, the
defendant also caused damage to computers belonging to a LinkedIn employee and
to Formspring by transmitting a program, information, code, or command.
Nikulin also is alleged to have used the credentials of LinkedIn and
Formspring employees in connection with the computer intrusions. Further,
Nikulin is alleged to have engaged in a conspiracy with unnamed co-
conspirators to traffic stolen Formspring user credentials. In all, Nikulin is
charged with three counts of computer intrusion; two counts of intentional
transmission of information, code, or command causing damage to a protected
computer; two counts of aggravated identity theft; one count of trafficking in
unauthorized access devices; and one count of conspiracy.

[https://www.justice.gov/opa/pr/yevgeniy-nikulin-indicted-
hac...](https://www.justice.gov/opa/pr/yevgeniy-nikulin-indicted-hacking-
linkedin-dropbox-and-formspring)

~~~
dmix
Oh interesting. So it was more than one. Thanks for the link.

------
codedokode
Isn't it wrong? A person that is not an US citizen, that has never been to US,
will be extradited to USA and will probably be convicted to a 10 or 20 years
in prison unless he can afford a lawyer that costs several hundreds dollars
per hour (because you have to pay for a "fair" trial in USA) for doing the
same things NSA does every day. Since when US courts have jurisdiction over
other countries?

Obviously this person's rights for a fair trial are violated.

If he is a Russian citizen, shouldn't he be judged in Russia?

Or should we apply the same rules to American citizens? For example, everyone
working is NSA or its contractors can probably be prosecuted for taking part
in a conspiracy to break into computer systems and intercepting private
communications. Should muslim countries arrest any US tourist that have
earlier posted pictures with Allah in Facebook and extradite them to Iran for
fair trial by Sharia law? And what about people who develop software to bypass
Great Chinese Firewall? Should they be extradited to China? US wanted to get
Julian Assange, should not China get its enemies too?

~~~
plugger
By your logic prosecuting international computer crime wouldn't be possible.
How do you expect that to work out in practice?

Also, he was arrested in the Czech Republic, not Russia. The Czech Republic
has an extradition treaty with the US that existed long before the Internet
did. This isn't rocket appliances, it's how our world's nation state system
works. Sure, he probably shouldn't get 20 years and should receive competent
legal representation. But to allow anyone to hack computer systems in the US
because that person is not a US citizen and not in the US is borderline
laughable.

~~~
codedokode
The current system is asymmetric. If US can extradite people from other
countries for something they do on the Internet, why Russia, China or Iran
cannot? US is showing a bad example here. Once some governments get more power
they will want to do this too. This is actually a display of power by US.

Maybe there should be some international agreements on how to deal with such
cross-border crimes but they should be discussed and agreed upon by many
countries.

And I don't like this anyway. I would rather prefer having american or russian
systems disconnected from other countries than extraditing people into a
foreign country to judge them by foreign laws.

~~~
plugger
> why Russia, China or Iran cannot?

But they can. They need preexisting extradition agreements and it's all good.
And the system isn't asymmetric. By their nature extradition agreements are
bilateral and therefore symmetric.

How has Russia handled extradition requests from the UK for Litvinenko's
accused murderers? That strikes me as a display of power by Russia. Would you
agree?

> Maybe there should be some international agreements on how to deal with such
> cross-border crimes but they should be discussed and agreed upon by many
> countries.

They're called bilateral extradition treaties. That's exactly what's being
leveraged here.

> I would rather prefer having american or russian systems disconnected from
> other countries than extraditing people into a foreign country to judge them
> by foreign laws.

And I would rather people not hack systems for financial gain. I'd also like
daily rainbows and a unicorn to ride to and from work.

~~~
codedokode
If you want to build an analogy the display of power by Russia would be if it
requested to extradite Litvinenko for trial and UK would comply (I don't know
if they tried to do it).

> But they can. They need preexisting extradition agreements and it's all
> good.

Then let's wait to see whether muslim countries can make such treaties and
start judging westerners posting inappropriate jokes about Allah on Facebook.
Such practice will just lead to a situation when international travel will
become too dangerous and you'll have to consult a lawyer before going abroad.

~~~
plugger
> If you want to build an analogy the display of power by Russia would be if
> it requested to extradite Litvinenko for trial and UK would comply (I don't
> know if they tried to do it).

If you don't know if they tried then why even bring it up, especially since
Litvinenko was killed by Russian Intelligence? Speaking of which, how do you
feel about a Russian citizen being murdered by other Russian citizens in a
foreign country? Does that concern you? Isn't THAT wrong? Obviously this
person's rights for a fair trial was violated. As he was a Russian citizen,
shouldn't he be judged in Russia instead of being murdered by the state?

~~~
codedokode
Of course that is wrong. Sadly if he was really murdered by government agents
and even if they were caught they probably would not serve the full sentence
and would be exchanged for some British spy.

------
at-fates-hands
This sounds a lot like a thinly veiled attempt to dump a story about a state
sponsored hacker being arrested and possibly extradited back to the US. All
we've heard for weeks now is how a group of state sponsored Russian hackers
were feeding DNC documents to Wikileaks.

The lack of details and the Russian response just sounds fishy to me.

~~~
eveningcoffee
_the Russian response_

History has taught us that it is very hard to pull the truth out of Russian
response. You have to observe what they are doing and not what they are
saying.

So this by itself does not conclude anything. Also not the opposite, or
nothing about the other state level actors.

~~~
trendia
Although, you should do the same for any State, including the American gov't.

You have to observer what the US does and not what they say.

~~~
linkregister
U.S. government officials frequently leak information more readily than
Russian officials. I get the impression that Russian officials practice much
better security with their public statements.

U.S. PR efforts strike me as ham-fisted and in reaction to current events.
Checkers vs chess is the metaphor I'm trying to express.

An observer can glean more information from a U.S. government press statement
than a Russian one.

------
r721
Police video here: [http://www.rferl.org/a/czech-police-detain-russian-hacker-
su...](http://www.rferl.org/a/czech-police-detain-russian-hacker-suspect-
fbi/28062592.html)

~~~
r721
His instagram:
[https://www.instagram.com/i.tak.soidet/](https://www.instagram.com/i.tak.soidet/)
(43.7K subscribers)

via [http://www.currenttime.tv/a/russian-hackers-
instagram/280642...](http://www.currenttime.tv/a/russian-hackers-
instagram/28064294.html) (in Russian)

------
transfire
Never mind that the material this (allegedly) hacker exposed indicates rampant
collusion and fraud that undermine the U.S. election system. Nope, that
doesn't matter. The important thing is to stop the dissemination of the truth.

------
hendzen
If I was Snowden I would be very worried. If the US gets a hold of this guy I
could see Putin offering Snowden up as a trade to get him back.

~~~
guelo
Doubt it, Snowden has much more propaganda value making Russia look like the
good guys protecting the world from evil USA.

------
epoxyhockey
The arrest happened 2 weeks ago, but is being reported just now? Interesting
timing..

------
rbanffy
Wether he ends up extradited or not is largely irrelevant. The US sent the
message Russian hackers who are suspects of engaging in cyber warfare better
not leave Russia. Russia is trying to counter it and assert its dominance in
the region and the Czech Republic is in the uncomfortable middle.

------
jMyles
> David Schön, a police spokesman, said on Wednesday that the arrest of the
> man, whose name has not been released, was not announced immediately “for
> tactical reasons.”

That's two high-profile "info criminals" in a row given the secret arrest
treatment.

I can't say I'm a fan.

~~~
tptacek
The kinds of "secret arrests" you're referring to are routine in organized
crime cases. I don't know what the procedure is in the Czech Republican, but
the info-criminals "secretly arrested" in the US had immediate access to their
attorneys; the arrests just weren't announced to the public.

There are so far as I know no secret _indictments_ , and "secrecy" does not
allow law enforcement to ignore Habeas in the US.

------
ommunist
Read to the end "It appears that the man arrested in Prague is not related to
the hackers Mr. Clapper described." Bravo. This should be the title.

~~~
linkregister
That is some incredible burying of the lede. Well spotted!

------
yread
> The Russian Embassy in Prague, however, called for the man to be released.

> “We insist that the detained Russian citizen should be transferred to
> Russia,”

Released or transferred to Russia? And why is the speculation from Janda there
- he is no security expert? Where do the suggestions there is a link to DNC
hack come from? He could easily be just running a botnet, blackmailing or a
thousand other things... Really RT-level article here

~~~
walshemj
Driving around in a luxury cars sounds more like a regular criminal than some
one working for the FSB etc.

~~~
trhway
>Driving around in a luxury cars sounds more like a regular criminal than some
one working for the FSB etc.

you probably doesn't know much about FSB and Russia in general.

just for fun, FSB academy "graduation ceremony" this year :

[https://www.youtube.com/watch?v=hOzZROaFk6Y&list=PLot6UgSr1s...](https://www.youtube.com/watch?v=hOzZROaFk6Y&list=PLot6UgSr1sjYWWed4oBiOGPdkOGCIKjeC&index=3)

~~~
walshemj
Shit opsec then ;-)

------
moon_of_moon
Dobry den. Don't forget to remove your binary from target.

------
gjolund
Guccifer2.0?

~~~
divbyzer0
Unlikely to be him, he tweeted last night. The person referred to in the
article was arrested a few days ago.

~~~
bduerst
They're not sure if Guccifer 2.0 is one person or a hacking group. Many
independent security firms have said it's associated with two Russian
intelligence agencies.

~~~
divbyzer0
Good point. I'm just not sure Russia would perform potentially delicate
operations from an EU and NATO member state.

Also, not sure if all of this recent hacking is in fact leaking by persons
within affected organisations. In the case of the DNC hack, I think it quite
plausible to be a disgruntled employee.

~~~
tptacek
We don't know that he performed operations from the Czech Republic, or if he
was just apprehended there on vacation.

------
usaphp
You comparing Stalin to Hitler? Are people mad these days?

~~~
palunon
Well, both are dictators responsible for the death of millions of people for
political and ethnic reasons.

They are perfectly comparable.

[http://www.nybooks.com/articles/2011/03/10/hitler-vs-
stalin-...](http://www.nybooks.com/articles/2011/03/10/hitler-vs-stalin-who-
killed-more/) [http://historyofrussia.org/stalin-killed-how-many-
people/](http://historyofrussia.org/stalin-killed-how-many-people/)

~~~
sangnoir
> Well, both are dictators responsible for the death of millions of people for
> political and ethnic reasons.

I guess that's Hitler, Stalin _and_ Churchill[1] then.

1\. The Bengal famine claimed between 1.5-4m lives

------
missbit
Is hacking really a crime? If your computer was secure, then the hacker could
not hack. So.. who's fault is it?

~~~
detaro
If your house were secure, the burglar couldn't have gotten in and stolen your
stuff. or stabbed you. So... who's fault is it?

(There is a whole other can of worms regarding what counts as "hacking" and
what doesn't, but without knowing what the "hacker" actually did we can't
really discuss it in this case)

