After the heralded breakthrough of this month’s arrest of alleged cyber crime masterminds in eastern Ukraine, the investigation is beginning to drag.
With the suspects yet to be charged, concerns are being raised that Ukraine’s history of failure in prosecuting cybercrime could repeat itself.
Insiders name Ukraine as a haven for hackers and blame the country’s notoriously corrupt legal system and weak laws for the failure to secure convictions. One Ukrainian man accused of hacking by the U.S. Federal Bureau of Investigation now heads the Internet Party of Ukraine.
The five alleged cyberthieves detained last week and later released by the Security Service of Ukraine (SBU) as part of an international operation into a $70 million scheme are free. An SBU spokesperson said criminal charges hadn’t been drafted yet, as experts need more time to study the evidence.
The scheme involved siphoning money from European and American bank accounts, and the suspects are expected to be charged with unauthorized interference into computer networks, dissemination of personal information and numerous counts of financial fraud, as well as organized crime. If found guilty, the suspects could be sentenced to up to 12 years in prison and have their assets seized.
Computer security experts praised the arrests in Ukraine as a breakthrough, but said the toughest work lies ahead. “The overall impact depends on how successful [Ukraine’s] justice system is in prosecuting the suspects,” said Don Jackson, director of threat intelligence for U.S.-based Internet security firm SecureWorks.
The Interior Ministry said it investigated 86 percent of 700 cyberscams reported in 2009, and 83 percent of those investigated were transferred to courts.
But that’s where the problems start, according to Yuriy Orlov, director of the cybercrime research center at Kyiv’s police academy. Prosecution, he said, remains the weakest link in fighting cyber crimes in Ukraine.
“Police operatives can spend months hunting for cyberthieves; they work hard to collect evidence and when the cases are brought to the court a judge simply lets them go,” Orlov said. He noted several reasons: vague legislation regulating cybercrime, the fact that this problem is relatively new to Ukraine and the desire to play down the dangers of this crime.
“While in the United States cyber criminals spend 20-30 years in prison and pay million-dollar fines, Ukrainian ones are left at large,” Orlov said. According to him, the toughest sentence a cyberthief ever got in Ukraine up to date was three years in jail.
Some cases have had even more complex and surprising conclusions. Dmytro Golubov, an alleged hacker accused of trading credit card details stolen from websites, was detained in 2005. U.S. investigators pushed hard to get him on trial, but when the case came to court, he was released.
Golubov told the Kyiv Post that the FBI had asked then-Ukrainian Interior Minister Yuriy Lutsenko to catch him, providing as evidence only a scanned copy of his passport and the phrase “I am a cool hacker; I am not afraid of anyone” found on a website.
“Fortunately the court didn’t take that evidence seriously,” Golubov added.
Golubov was eventually bailed out by two Party of Regions lawmakers – Volodymyr Demiokhin and Volodymyr Makeyenko.
Golubov said he was cleared due to lack of evidence. Lutsenko told the Kyiv Post he couldn’t comment as he didn’t have the exact details in front of him, but said: “The most probable [reason] is corruption and this atmosphere of criminal impunity that we see in the country. It’s so much like the ’90s when all the criminals who had political protection were released.”
The court that heard the case did not respond to questions.
In April, the Justice Ministry registered the Internet Party of Ukraine, headed by Golubov. He wouldn’t disclose the funding of his party and denied affiliation with any major political party.
Golubov said the party promotes universal Internet access. He has also supported a variety of other causes, including using his computer skills to help feminist group Femen in its struggle against websites that promote prostitution and pornography.
The greatest success in catching Ukrainian hackers has come abroad. In 2007, Turkish police detained Kharkiv resident Maksym Yastremsky while he was vacationing in the popular resort town of Kemer. Yastremsky was charged with stealing more than $11 million from Turkish, European and American bank accounts. The United States requested his extradition, but Turkish authorities denied the request and passed his case to a local court. The judges sentenced him to 30 years in prison. Yastremsky’s parents insist he was not guilty and appealed the court ruling, a process which is ongoing.
Ukrainian lawyers as well as law enforcement official suggest toughening legislation would be key to an efficient crack down on cybercrime. In 2001, Ukraine signed and later ratified the Council of Europe’s convention on cyber crime, which stipulates criminal liability for unauthorized access, selling or other illegal dissemination of passwords, account data and other personal information that might lead to a cybertheft.
Nevertheless, Orlov from Kyiv’s police academy said there is no specific article in the criminal code that deals directly with cybercrime. “Legislation should be toughened and there should be criminal liability for committing cyberscams,” Orlov said. “I can’t say what should be an adequate sentence for it; that’s a task for our lawmakers to decide.”
Kyiv Post staff writer Olesia Oleshko can be reached at [email protected] and James Marson at [email protected].
