The U.S.-Russian deal that traded eight Russian criminals, spies, and assassins for hostages Evan Gershkovich, Paul Whelan, and others on Thursday was the first known prisoner exchange to include international cybercriminals.
Two of the eight Russians released on Thursday were world-class cybercriminals: Vladislav Klyushin and Roman Seleznev. Prosecutors said it was important for them to serve hard sentences as a message to other cybercriminals around the world, but now both are walking free.
Klyushin hacked into the databases of major American corporations and stole information that helped his criminal gang commit securities fraud on a massive scale. A federal court in Boston found that his scheme netted about $93 million in illicit profits. Klyushin personally walked away with over $34 million in his pockets, which the court ordered him to pay back.
Acting U.S. Attorney Joshua S. Levy said in September 2023 that Klyushin “thought he could get away with his crimes by perpetrating them from a foreign base, hidden behind layers of fake domain names, virtual private networks, and computer servers rented under pseudonyms and paid for with cryptocurrency.”
“He found out otherwise, and will now spend nearly a decade of his life in a U.S. prison,” Levy said — incorrectly, as it turns out.
Klyushin was a successful tech entrepreneur in Russia before launching one of the biggest insider trading schemes in U.S. history. His resume included working for the office of President Putin. CNBC produced a documentary about him, scheduled to be released on August 15, called The Crimes of Putin’s Trader.
“He was wealthy. He had a very nice house. He had very nice cars. He had a country house. But he wanted more, like so many of our defendants do, and he found a way to get access to easy money. And he took it,” federal prosecutor Steven Frank told CNBC.
Another awkward detail about Klyushin is that one of his hackers is believed to have been involved in Russia’s effort to compromise the Democratic National Committee (DNC) servers during the 2016 presidential election. Klyushin’s arrest in Switzerland in March 2021 was seen as a major blow to Russian cyberespionage, so his release is a comparable victory for President Vladimir Putin.
Roman Seleznev’s release is arguably even more troubling, because his cybercrimes victimized countless American citizens by stealing their identities for credit card and bank fraud.
When Seleznev was arrested in 2014 by U.S. Secret Service (USSS) agents, his laptop was stuffed with 1.7 million stolen credit card numbers. He was considered one of the biggest worldwide traffickers in stolen credit card data at the time of his arrest.
Seleznev, 40, is the son of Russian oligarch and lawmaker Valery Seleznev, a close Putin ally. He lived a life of incredible luxury with the proceeds from his credit card theft, treating himself to fancy cars and lavish parties.
Russia accused the U.S. government of “kidnapping” Seleznev because it persuaded the government of the Maldives to expel him when he attempted to check into a luxury resort. He was forced to fly to Guam instead, where USSS agents were waiting for him.
“This is a monstrous lie and a provocative act,” Valery Seleznev said upon learning of his son’s arrest.
“This is not the first time the U.S. side, ignoring a bilateral treaty … on mutual assistance in criminal matters, has gone ahead with what amounts to the kidnapping of a Russian citizen,” the Russian Foreign Ministry fumed in 2014.
Troubled cybercrime experts pointed out on Thursday that high-profile hackers are hard to arrest or prosecute, since they often hide in different countries and are very good at covering their tracks. Some of their schemes are so arcane and complex that convicting them is difficult even when U.S. law enforcement manages to take them into custody.
Russian cybercriminals are harder to catch than most since their own country will not expedite them. Klyushin was caught in Switzerland, while the U.S. had to pull strings with the Maldives to force Seleznev into a position where American agents could arrest him.
“It’s not only international cooperation, but it’s the extradition, it’s the legalities, the filings, etc., etc., etc. And then to get your hands actually on somebody and bring them into the United States or bring them to justice in another country? It’s incredibly complex,” CyberAngel information security officer and former FBI agent Todd Carroll told NBC News.
“I don’t want to undercut getting two U.S. citizens back that were wrongly held over there. I’m just not happy about the extremes we have to go to for this to be done,” Carroll said.
Institute for Security and Technology CEO Philip Reiner noted that Russia’s star cybercriminals haul in a huge amount of money, which “goes back into an ecosystem where folks get paid, and get paid off.”
“It’s not lost on anybody that when Russia may not necessarily want to engage in certain types of activities themselves, they’ve got this syndicate of actors who will do it,” he said.
Foreign policy experts told Newsweek on Thursday that the prisoner swap was an “all-around success” for Vladimir Putin that will “likely be mimicked in the future.”
In one stroke, Putin vindicated his strategy of taking American and European hostages for political gain, humiliated the U.S. government by forcing a lopsided exchange of hardcore criminals for innocent people kidnapped by the Putin regime, and undermined two of the very few successful prosecutions of high-profile cybercriminals.