Russian President Says He’s Open to Cybercriminal Extraditions – If They Are Mutual
Russian President Vladimir Putin on Sunday indicated he would consider handing over Russian cybercriminals to the United States if the U.S. does the same for Moscow.
“If we agree to extradite criminals, then, of course, Russia will do that, we will do that, but only if the other side, in this case the United States, agrees to the same and will extradite the criminals in question to the Russian Federation,” Putin said, according to a Reuters report.
While speaking on state television on Sunday, Putin said he expects his meeting with U.S. President Joe Biden on Wednesday in Geneva will help establish bilateral dialogue and revive personal contacts.
“The question of cybersecurity is one of the most important at the moment because turning all kinds of systems off can lead to really difficult consequences,” Putin said.
Asked on Sunday about Putin’s comment that Moscow would be willing to hand over cybercriminals to the United States if Washington reciprocates, Biden described it as “potentially a good sign of progress,” USA Today reports. But national security adviser Jake Sullivan subsequently clarified that Biden was not saying he’s going to exchange such criminals with Russia, saying, “This is not about exchanges or swaps, or anything like that,” and that “cybercriminals will be held accountable in America, because they already are.”
Reacting to Putin’s comments, Sam Curry, chief security officer at Cybereason, says, “Overall, the good news is that Biden and Putin are having talks. How this plays out weeks, months and years later is what matters. But to President Putin, welcome to the community of responsible nations. This is what you should have been doing for years as there’s no sovereignty bigger than a nation. How we all behave is really, really important. Responsible nations work with other nations constantly on big issues such as trade, refugees and crime. One of the most important aspects of being responsible is enforcing laws.”
Curry added: “Later this week, will Biden and Putin work toward the creation of a cybercriminal extradition treaty? If not, then Putin pounding his chest is useless.”
When Putin was asked about extraditions in an interview with NBC in 2018, he said, “”Never. Russia does not extradite its citizens to anyone.” (See: Putin Offers Extradition Promise to US: ‘Never’).
Jake Williams, a former member of the National Security Agency’s elite hacking team who now runs the cybersecurity consultancy Rendition Infosec, notes that the U.S. has indicted Russian intelligence officers suspected of hacking American organizations.
As a result, any mutual extradition agreement could open the door to indictments of U.S. intelligence agencies, he says. “And even if we’re comfortable with allowing our intelligence officers to be indicted, the standard of evidence in Russia is entirely different. Charging foreign intelligence officers as cybercriminals set a bad precedent.”
Cybersecurity has moved up the agenda for the Biden-Putin meeting Wednesday in response to recent high-profile cyberattacks on critical U.S. infrastructure attributed to Russian hackers.
Major international meat processor JBS was hit by ransomware earlier this month, and the FBI issued a statement attributing the attack to ransomware-as-a-service operation REvil, which appears to be run from Russia.
The May Colonial Pipeline Co. attack, which disrupted U.S. fuel supplies, was conducted by the DarkSide ransomware gang, which is also believed to be Russia-based.
Recent Executive Action
The U.S. Congress has been investigating the JBS, Colonial Pipeline and other ransomware attacks. Meanwhile, the Biden administration has released a memo to corporate executives and business leaders, urging them to ensure they’re following cybersecurity best practices (see: White House Urges Businesses: Improve Ransomware Defenses).
The U.S. Justice Department has also issued new guidance for federal prosecutors to ensure that all cases they’re tracking – domestically and abroad – are coordinated with the government’s recently launched Ransomware and Digital Extortion Task Force.