The same week the European Union called out Russia for its "unacceptable" hacking campaigns targeting nation-states and politicians, the United States decided to return a convicted cybercriminal back to his home country of Russia.
Alexei Burkov, the criminal in this case, was arrested in Israel, then extradited to, and sentenced in the United States.
He was sentenced to nine years in prison in June 2020, and SecureWorld News covered the story. He admitted to operating two websites dedicated to the facilitation of payment card fraud, computer hacking, and other crimes.
Now, suddenly, he is gone. Why?
Mystery: why did the U.S. send a convicted cybercriminal to Russia?
The Russians now have Alexei Burkov after he was detained at the Moscow airport, and he faces charges there, Reuters reports Russia's Interior Ministry as saying.
But these types of prisoner returns are a rare occurrence, and the U.S. and Russia do not have an extradition treaty. So why did this happen?
We asked SecureWorld keynote speaker and CNN analyst, Col. Cedric Leighton, for help answering this question. Leighton said:
"The Burkov case is a puzzling one. Burkov clearly admitted he was guilty in a U.S. court. The U.S. government had an opportunity to set an example to similar cybercriminals, but by sending him back to Russia they may have squandered that chance."
The U.S. has been proclaiming stepped-up efforts to bring Russian hackers to justice. So why did we imprison one of them and then send him back home?
Leighton says there is at least a possibility that this could be a test case for Russia.
"The Biden Administration could be testing Russia's commitment to prosecuting cybercriminals," he says.
However, he wonders if anything will come of it.
"Certainly, by taking Burkov into custody when he landed in Moscow, the Russian government is making a show of cracking down on cybercriminals. The crimes he is accused of in Russia are not insignificant, but they seem to pale in comparison to the crimes he committed against US citizens.
It would be welcome news if the Russians did prosecute Burkov for the crimes he's alleged to have committed there, but if deterrence of criminal cyber activity is to work, both the U.S. and Russia must get tough on cybercriminals like Burkov.
I'm skeptical that that will happen."
Some wondered if this was a kind of secret swap. However, it looks like we may be able to cross that possibility off the list.
CNN managed to get one brief response from a U.S. government official thus far:
"This was not a [prisoner] exchange," Justice Department spokesperson Nicole Navas Oxman said in a statement to CNN. She declined to comment on the details of the case, referring questions to ICE.
ICE, or U.S. Customs and Immigration Enforcement, because the United States officially deported Burkov back to Russia.
Crimes of a convicted Russian cybercriminal
While the question remains as to why the U.S. would return a convicted hacker who was set to spend the next several years behind bars, there is no question about the crimes he committed—he admitted to them.
The U.S. Department of Justice (DOJ) says Burkov operated a website called "Cardplanet," where he sold stolen payment card information that victimized hundreds of thousands of innocent people, most of them being U.S. citizens. Over $20 million in fraudulent purchases were made as a result of this website.
But that was only one of the websites he operated. Here is how the DOJ describes the second website:
"Burkov also ran another website that served as an invite-only club where elite cybercriminals could advertise stolen goods, such as personal identifying information and malicious software, and criminal services, such as money laundering and hacking services.
To obtain membership in Burkov's cybercrime forum, prospective members needed three existing members to 'vouch' for their good reputation among cybercriminals and to provide a sum of money, normally $5,000, as insurance. These measures were designed to keep law enforcement from accessing Burkov's cybercrime forum and to ensure that members of the forum honored any deals made while conducting business on the forum."
Burkov was originally arrested in Tel Aviv in 2015 and extradited to the U.S. in 2017. In January 2020, he pleaded guilty and SecureWorld News covered his admission.
[RELATED] Listen to SecureWorld keynote speaker and CNN military analyst Col. Cedric Leighton discuss nation-state cyber threats on a recent podcast episode: