Generic hacker stock photo

The US has won four legal battles with Russian authorities for the extradition of five highly valued suspects, all Russian nationals, for their involvement with various cyber-crime related activities.

The four are part of five highly mediatized arrests of Russian cyber-criminals the US has orchestrated in the past twelve months.

In all cases, Russia has responded by accusing the US of breaking international laws, kidnapping its citizens, and by lodging similar extradition complaints in the same countries the hackers were arrested.

After months of deliberation, the US appears to be winning the extradition battles, after courts in Latvia, Spain, and Greece decided to send four of the five suspects to the US to face charges, denying extradition for Russian authorities.

Kelihos botnet operator heading to the US

One of the positive extradition rulings for the US was for Pyotr Levashov, a Russian national that was arrested in April in Barcelona on accusations of running the Kelihos botnet.

Spanish authorities arrested the hacker while on vacation, and soon after his arrest activity from the Kelihos botnet started to dwindle, semi-confirming that authorities got the right man.

At the time of his arrest, Russian media quoted Levashov's wife who said that her husband was a mere programmer and that US authorities were trying to pin him as one of the hackers who meddled with the US election process.

Levashov's lawyers built their defense around this theory, claiming the US was going after Levashov because he used to be in the Russian Army and also worked for Putin's political party. They argued US authorities might want to coerce Levashov into handing over sensitive documents.

In a decision earlier this week, a Spanish judge decided to send the hacker to the US to face charges brought forward by the FBI, ignoring the conspiracy theories put forward by Levashov's lawyer. Levashov said he'll appeal.

BTC-e owner also headed to the US

A similar decision was also put forward by Greek courts, also this week, when they agreed to send Alexander Vinnik to the US.

Vinnik was arrested in a Greek seaside village at the end of July, on charges of operating the BTC-e, an unlicensed Bitcoin exchange, and for laundering Bitcoin stolen from the Mt.Gox cryptocurrency exchange in 2014.

In addition, authorities said that BTC-e was also the primary exchange used to cash out ransomware payments. A Google one-year experiment confirmed that 95% of all ransomware payments were, indeed, laundered and cashed into fiat currency via BTC-e, operated out of Moscow.

As soon as Vinnik's arrest became public, Russian authorities filed an extradition claim of their own, claiming that Vinnik was also sought in Russia from a €9,500 fraud charge.

The Greek court decided Vinnik should face the music in the US first. Vinnik's side said he'd appeal.

One Russian carder already sent to the US

While Levashov and Vinnik are still fighting their extradition in appeals, a third suspect is already in the US, after being arrested in Latvia while on a train coming from Russia.

Named Yury Martyshev, he stands accused of stealing credit card and other financial information from various US companies.

Martyshev's arrest and extradition were lighting fast, and the hacker was already in the US before Russian authorities could realize what happened.

The Russian Embassy in Washington skewered US authorities for their handling of the arrest, calling it in a Facebook post as "another case of kidnapping of a Russian citizen by the US authorities."

NeverQuest banking trojan operator approved for extradition

A fourth suspect, also sought by both countries, is Stanislav Lisov, the author of the NeverQuest banking trojan.

Just like Levashov, Lisov was arrested in Barcelona, Spain, while on holiday. He was arrested in January 2017, and a Spanish court approved his extradition to the US in early August. Lisov is currently in the middle of his appeal.

One more to go

Despite these successes, the US is still seeking extradition of another suspected hacker, and probably the most important one.

The alleged hacker is Yevgeniy Nikulin, the suspect behind the LinkedIn, Dropbox, and Formspring data breaches that took place in 2012 and came to light in early 2016.

Just like Levashov, Nikulin was arrested while on holiday, at a time when political relations between Russia and the US were at all-time highs. Nikulin was detained in Prague, the Czech Republic, where he's still fighting his extradition.

Russian authorities also lodged an extradition request, accusing him of smaller hacks that he carried out while in Russia, and issued similar inflamatory statements, accusing the US of trying to play the role of world police.