Cyberattacks across the world have grown ever-larger in scale, inflicting billions of dollars of damage – and the US is spearheading the quest to make hackers pay, wherever they are, sometimes with exceedingly tough jail terms.
The US government is pulling no punches when it comes to prosecuting cyber criminals, often seeking extradition orders and, in most cases, dedicating countless man hours and hundreds of thousands of dollars relentlessly pursuing some of the world’s most notorious hackers.
Its latest catch, though, is a reputed white hat hacker — that is, a ‘good’ security expert whose hacking bears no ill intent. He helped stop a global cyberattack in its tracks, potentially saving the global economy millions of dollars in the process – and is now charged in a separate malware-related case.
Read more about him and others in RT’s list of some of the most notable hackers the US has pursued and attempted to extradite since 2000, with varying degrees of success.
Marcus Hutchins aka ‘MalwareTech’ (2017)
Marcus Hutchins, 23, the young British cybersecurity expert who discovered the kill switch that stopped the global WannaCry ransomware attack, was arrested on August 2 by the FBI at Las Vegas International Airport as he was about to board a flight back to his home in London.
He has been charged in connection with “creating and distributing the Kronos banking trojan,” first discovered in 2014, which targets banking systems and harvests credit card data and private customer information once an email attachment has been opened on a target computer.
“He admitted he was the author of the code of Kronos malware and indicated he sold it,” prosecutor Dan Cowhig told the federal court.
Hutchins is accused of collaborating with an unnamed co-defendant who maintained and advertised the malware on the now defunct AlphaBay marketplace on the Dark Web. The Malware was sold for $3,000 according to the indictment, though IBM researchers saw it advertised with a $7,000 price tag.
READ MORE: Hacker who stopped WannaCry gets $30,000 bail
Hutchins has posted the $30,000 bail but Judge Nancy Koppe ordered him to surrender his passport and he has been banned from using devices with internet access upon his release on August 7, according to his attorney, Adrian Lobo, as cited by Reuters.
Lauri Love (2013 - present)
Lauri Love, 32, of dual Finnish-British citizenship is alleged to have hacked the US Federal Reserve Bank, NASA, the US Army, the FBI, and the Environmental Protection Agency, and faces extradition to the US with multiple indictments for arrest spanning three different court districts in three different states.
Love was initially arrested on October 25, 2013 and again on July 15 2015. The UK's National Crime Agency (NCA) tried to force Love to hand over his passwords and encryption keys so it could access his computers that were seized following his initial arrest.
READ MORE: Hacking suspect Laurie Love willing to work with US to find intel ‘vulnerabilities’
He is currently appealing his extradition, granted by Westminster Magistrates' Court in September 2016, with a hearing scheduled for November of this year.
Love faces up to 99 years in prison, and would be the first British citizen to be extradited to the US for cyber crimes.
Russian Roman Seleznev aka ‘Track2’/’2pac’/’nCuX’ (2009 - 2013)
The son of a Russian member of parliament, Seleznev, 32, was sentenced to 27 years in prison, a US record for cybercrime, for his role in hacking thousands of US businesses and operating an identity theft ring based in southeast Asia.
He was arrested by the US Secret Service in the Maldives in July 2014.
Seleznev was convicted of hacking into point-of-sale computers to steal credit card information which resulted in up to $169 million losses for the 500 businesses that were successfully hacked, Reuters reported.
Moscow viewed Seleznev’s arrest and extradition as ‘kidnapping.’ A Foreign Ministry statement at the time said there had been no contacts with the Russian authorities normally required when a Russian citizen is being extradited. The Maldives don’t have an extradition agreement with the US, but local police helped the Secret Service get him anyway.
“This message the United States sent today is not the right way to show Vladimir Putin, Russia or any other government in this world how justice works in a democracy,” Seleznev wrote in a statement following his sentencing.
Seleznev also faces separate federal charges which are pending in both Nevada and Georgia.
Vladimir Drinkman (2005 - 2012)
Vladimir Drinkman, 34, of Syktyvkar, Russia and four co-conspirators allegedly stole more than 160 million credit card numbers in what US authorities described at the time as the “largest known data breach conspiracy ever prosecuted.”
He and his crew hacked into the databases of companies such as NASDAQ, 7-Eleven, Carrefour, JCP, Hannaford, Heartland, Wet Seal, Commidea, Dexia, JetBlue, Dow Jones, Euronet, Visa Jordan, Global Payment, Diners Singapore, and Ingenicard, among others.
READ MORE: Russian hackers charged in 'biggest' data breach case, 160mn credit card numbers stolen
Drinkman was arrested in the Netherlands on June 28, 2012 and extradited to New Jersey in 2015.
“This hacking ring’s widespread attacks on American companies caused serious harm and more than $300 million in losses to people and businesses in the United States,” said Assistant Attorney General Caldwell.
Drinkman faces up to 30 years in federal prison. He was originally due to be sentenced in June but the verdict has been delayed until September 22.
Gary McKinnon aka ‘Solo’ (2001 - 2002)
McKinnon, 51, from Scotland was accused of hacking almost 100 US military and NASA computers over 13 months between 2001 and 2002.
He is perhaps most famous for his brazen taunt of the US military following a hack which shut down the Army’s network of 2,000 computers for a 24-hour period. A message that read “Your security is crap” was displayed on the military’s website. US authorities estimated the cost of the hack at $700,000.
READ MORE: UK hacker warned of US-extradition risk if he visits sick father in Scotland
In 2012, then-UK Home Secretary Theresa May ruled that McKinnon would not be extradited to the US given that he, like Lauri Love would be later, had been diagnosed with Asperger’s syndrome and was at risk of committing suicide.
McKinnon also claimed to have uncovered evidence of a secret US Navy Space program during his hacks.
In addition, McKinnon says he unearthed a massive government conspiracy to photoshop proof of aliens here on Earth out of images and video, as well as a major cover-up of alien technology such as antigravity and zero-point (read: free) energy.
“A NASA photographic expert said that there was a Building 8 at Johnson Space Center where they regularly airbrushed out images of UFOs from the high-resolution satellite imaging,” McKinnon told Wired in a 2006 interview.
Marcel Lehel aka ‘Guccifer’/‘Small Fume’ (2012 - 2014)
Marcel Lehel, 44, was indicted on nine counts including three counts of accessing protected computers. He was arrested in Bucharest in January 2014 and an 18-month temporary extradition order to the US was approved by Romania's top court, Reuters reported.
He posted unofficial emails sent to former US Secretary of State Hillary Clinton as well as artwork produced by former US President George W. Bush, including self-portraits in the bathtub, online.
READ MORE:New analysis suggests Guccifer 2.0 files copied locally, not hacked by Russia
He stands accused of hacking “into the email and social media accounts of high-profile victims, including a family member of two former U.S. presidents, a former U.S. Cabinet member, a former member of the U.S. Joint Chiefs of Staff and a former presidential advisor,” according to a federal indictment.
It is unclear what kind of punishment awaits Lehel if found guilty.