“Inside the FBI, Russia, and Ukraine’s failed cybercrime investigation”
MIT Technology Review, July 8, 2021
by Patrick Howell O’Neill
“Russia and Ukraine promised to cooperate and help catch the world’s most successful hackers. But things didn’t quite go to plan..”
The American cops took the slower, cheaper train from Kyiv to Donetsk.
After repeatedly traveling between Ukraine and the United States, there were more comfortable ways to make this final, 400-mile journey. But the five FBI agents felt like luxury tourists compared to most travelers onboard. They could afford spacious private rooms while locals were sleeping 10 to a cabin. The train moved haltingly, past empty country and villages that, to the Americans at least, looked as if they’d been frozen in the Cold War.
The overnight trek was set to take 12 hours, but it had truly begun two years earlier, in 2008, at the FBI offices in Omaha, Nebraska. That’s where the agents had started trying to understand a cybercrime explosion that was targeting Americans and pulling in millions of dollars from victims. At that point, with at least $79 million stolen, it was by far the biggest cybercrime case the FBI had ever seen. Even today, there are few to match its scale.
Bit by bit, the American investigators began to sketch a picture of the culprits. Soon Operation Trident Breach, as they called it, homed in on a highly advanced organized-crime operation that was based in Eastern Europe but had global reach. As evidence came in from around the world, the Bureau and its international partners slowly put names and faces to the gang and started plotting the next step.
As the train made its way across Ukraine, Jim Craig, who was leading his very first case with the FBI, couldn’t sleep. He passed the time moving between his cabin and the drinks car, a baroque affair with velvet curtains. Craig stayed awake for the entire trip, staring out the window into the darkness as the country passed by.
For more than a year, Craig had traveled all over Ukraine to build a relationship between the American, Ukrainian, and Russian governments. It had been an unprecedented effort to work together and knock down the rapidly metastasizing cybercrime underworld. US agents exchanged intelligence with their Ukrainian and Russian counterparts, they drank together, and they planned a sweeping international law enforcement action.
That moment of unity is worth remembering today.
It would be a wild understatement to say that in the decade since Craig took that trip to Ukraine, cybercrime has grown dramatically. Last month, Joe Biden and Vladimir Putin made the ransomware crisis—which has struck governments, hospitals, and even a major American oil pipeline—a centerpiece of their first face-to-face summit. Now that critical infrastructure is being hit, the Americans are calling on Moscow to control the criminals within Russia’s borders. During that meeting, in response to new pressure from Washington, Putin talked to Biden about doing more to track down cybercriminals.
“Criminal activity rising to the level of international summits shows you the degree to which the threat has grown,” says Michael Daniel, the former White House cybersecurity coordinator for Barack Obama. “It also shows that the current international situation is not at equilibrium. It’s not sustainable.”
Days later, the head of Russia’s FSB intelligence agency said the country would work with the United States to find and prosecute cybercriminals. Inside the White House, top American officials are figuring out what to do next. Some are deeply skeptical and think that Moscow would rather turn requests for help on cybercrime into recruiting opportunities than aid an American investigation.
To begin to understand why they are so concerned, we have to go back to the investigation that put Jim Craig on that train in Ukraine in 2010, and to the case that had him meeting Russian agents and planning raids in Moscow and other cities across multiple countries.
The operation was a unique chance to disrupt one of the world’s most successful cybercrime gangs. It was an opportunity to put away some of the most important operators in the vast underground hacking economy operating in Russia and Ukraine. It was so important, in fact, that the agents began referring to September 29, 2010—the day of planned coordinated police raids in Ukraine, Russia, the United Kingdom, and the United States—as D-Day.
That was also the day when things went sideways.
About the Author:
Patrick Howell O’Neill is the cybersecurity senior editor for MIT Technology Review. He covers national security, election security and integrity, geopolitics, and personal security: How is cyber changing the world? Before joining the publication, he worked at the Aspen Institute and CyberScoop covering cybersecurity from Silicon Valley and Washington DC.