Latvia blocking extradition of Gozi writer thanks to "disproportionate" US sentencing

Filed Under: Botnet, Featured, Law & order, Security threats, Web Browsers

Federal Bureau of Prisons - DENIEDOne of three men indicted in the US earlier this year in connection with the Gozi banking trojan remains in his native Latvia, after courts there twice blocked US requests for extradition.

The Latvian foreign minister has added his weight to the battle to resist the extradition, arguing that the potential 67 year prison sentence cited in the indictment is "disproportionate" to the crime the man is accused of.

27-year-old Deniss Čalovskis is named in the January 2013 indictment, along with Russian Nikita Kuzmin, already held in the US, and Romanian national Mihai Ionut Paunescu, also currently fighting extradition.

The trio are charged with running a crime syndicate using the Gozi malware in a campaign compared to a "modern-day bank robbery ring", which may have infected over 1 million PCs worldwide, with as many as 40,000 in the US hit by the malware.

Gozi used HTML injection to doctor banking web pages and harvest login data, which was then used to siphon off funds. The botnet of compromised systems could be hired out and attacks tuned to target specific banks or user groups. Čalovskis is thought to have been the technical expert creating the HTML injection code.

All three men are accused of a range of conspiracy charges in the US, with the potential sentences ranging from 60 years for suspected Romanian hosting organiser Paunescu, through Čalovskis' 67 years to a massive 95 years for alleged chief arranger Kuzmin, should he be found guilty and receive the maximum sentence for all charges.

These numbers are of course the maximum possible sentences, actual jail terms are extremely unlikely to come anywhere close to these figures. However, the exorbitant numbers have been enough to delay and possibly prevent extradition.

Prison sentences in the US are extremely high, as are all figures connected to the US' sprawling corrections industry.

Over two million people are behind bars in the USA and close to 3% of the population is either locked up, on parole or on probation. The turnover of the prison system runs into many billions of dollars and the long-standing use of cheap prison labour has added billions to the output of several major US companies.

Chart showing the number of incarcerated Americans

The sharp increase in prison population over the last 30 years or so has been fed by ever-stricter sentencing, heavily influenced by the "war on drugs" and the "three strikes" rule, to the extent that sentencing structures are now well out of line with the rest of the civilized world.

Cybercrime is a global problem that requires worldwide co-operation and collaboration by diverse justice and law enforcement agencies.

With the bad guys operating in cross-national and even inter-continental teams, coordinated global scoops are needed to round up crooks detected by complex international, inter-agency investigations.

Once the perps are all safely in custody they need to be brought to book under somebody's jurisdiction. In most cases this involves an extradition process.

As most countries' extradition rules prevent the deportation of citizens to countries where they might face penalties that local judges would find insane, the US risks upsetting the delicate balance required to ensure these worldwide prosecutions can be effectively completed.

I have no problem with tough sentences for cybercriminals, but they should remain within the bounds of sanity.

Threatening crazily hefty punishments may seem like a way to create a strong deterrent against new starters joining the malware underworld. They will fail to provide that deterrent, though, if they are seen to be no more than empty threats which cannot be enforced.


, , ,

You might like

15 Responses to Latvia blocking extradition of Gozi writer thanks to "disproportionate" US sentencing

  1. freedie · 409 days ago

    You say 2 million. Your chart says 200,00.

    • markstockley · 408 days ago

      Thank you for pointing this out - it's now fixed.

      The original chart showed just the federal prison population but its shape shows the same sudden change of angle. I've now embedded a chart showing the whole incarcerated population.

  2. Gary Warner · 409 days ago

    John,

    Is this an extended commentary on the US corrections system? or an article about the fact that yet another bad guy steals millions from Americans and doesn't go to jail? The focus of the story seems to be more on the former than the latter. If malware perpetrators were regularly jailed in Eastern European countries it may be about the sentence, but taken in context of the miserable failure to lock up cyber criminals in Eastern Europe, I think you may be off target making this about failures in US sentencing guidelines.

    Thanks for sharing!

    Gary Warner

    • Martijn Grooten · 408 days ago

      Hi Gary,

      I think the problem has two sides. On the one hand, there is the belief held in Europe that sentences in the US are unduly harsh and on the other hand there is the believe that cybercriminals in (Eastern) Europe regularly escape jail sentences because of failures in the legal system. I think a significant part of this problem has to do with perception - from both sides.

      Just my 2 cents :-)

      Martijn Grooten

    • John Hawes · 408 days ago

      Hey Gary,

      I'd have to agree with m'colleague, there are clearly two sides here - the aim of the article was to appeal for better balance rather than bashing one side. Ideally people would meet somewhere in the middle and agree on a common frame of reference (although I'd admit I think the "middle" would probably be a little further from the current US position and a little closer to everyone else's).

      If people are wildly different in their approaches, it's hard to work together.

      John

  3. Jones · 408 days ago

    "to the extent that sentencing structures are now well out of line with the rest of the civilized world."

    You mean, to the extent that sentencing structures are now well out of line with the civilized world.

  4. Jack · 408 days ago

    Typical of the US. Our people need to open their eyes to other countries and what is good and fair globally. I have no doubt that the 'war on drugs' is outlandish on any scale and the $ 1 Million a day to prosecute, state legal Medical Marijuana users, by the Federal Government is insane, unjust and unconscionable.

    Jack

  5. Machin Shin · 408 days ago

    How very far we have fallen. The USA used to be proud of the fact that we were at least trying hard to be fare in our legal system. Now it has reached the point that we are being viewed as one of the worst countries for violating peoples rights.

    I really look forward to the day our government is brought back in line. Hopefully it will be soon and I really hope it will be peaceful.

  6. WatchmanDave · 408 days ago

    I'm waiting for the day that Bad Code writters and programers are prosecuted. It 's so interesting to me the amount of International Corporate & Government hypocrisy to allow the whole lot of the world to lie to the customer base that they have a safe software based product that isn't. The tuth is...If Man made it man can break it. But there's no prosecution to the banking system that still uses an inferior product that they know is inferior. Might as well put the safe in the parking lot and leave the combination printed on the door....I could go on... :)

  7. brianc6234 · 408 days ago

    I guess Latvia is stupid. If it was up to me these idiots would get life sentences. Only 67 years? Big deal. Treat these criminals the way they deserve.

  8. Andrew · 408 days ago

    YES this is a good situation, it is time the US realised other countries laws apply to their own people. It is time the US were told they are not the police of the world and countries such as Latvia will deny them access to their citizens. well done Latvia. I am sure the person can serve his punishment in his own country.

    with no disrespect to you people in the US your government needs to learn on how to behave with other countries and accept the laws of those countries without question.

  9. Lou · 408 days ago

    This is also an indication of the way the corrections institutions having been privatized now have a perverse incentive to incarcerate as many people as possible and get paid a fee for each head they have in their jails. They also now lobby legislatures to help write laws to create in effect harsher sentences in the name of getting tough on crime. Since that is a very easy sell.

  10. good read · 408 days ago

    So, if it were up to the US, a thief should essentially get life in prison, but a murderer, rapist, or pedophile can escape with under 15 years? Even less for good behavior?

    Good job Latvia!

  11. No longer blocking extradition.

  12. Gil Favor · 405 days ago

    Meanwhile, the State of California is fixing to release nearly 10,000 convicted felons because of prison overcrowding. They call it the "Department of Corrections and Rehabilitation". It corrects nothing, and rehabilitates no one. Instead, it manufactures criminals at taxpayer expense.

    It's a fraud, just as the idiotic presumption that locking criminals away represents any kind of solution is a fraud. The whole system would be a joke if it weren't as criminal as the people it incarcerates.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

John Hawes is Chief of Operations at Virus Bulletin, running independent anti-malware testing there since 2006. With over a decade of experience testing security products, John was elected to the board of directors of the Anti-Malware Testing Standards Organisation (AMTSO) in 2011.