The Most Comprehensive Data Protection Solution

Discover, classify, and protect your data from all threats with the only Gartner Magic Quadrant DLP and Forrester Wave EDR Leader.

First and Only Solution to Converge:

  • Data Loss Prevention
  • Endpoint Detection and Response
  • User and Entity Behavior Analytics
DATAINSIDER

Digital Guardian's Blog

Cyber Needs More Perp Walks



The arrest of a 29-year-old man in Prague for suspected involvement in the 2012 hack of LinkedIn is a big victory for law enforcement. Even more important: viral video of the arrest.

The arrest of a 29-year-old man in Prague for suspected involvement in the 2012 hack of LinkedIn earlier this month was a big victory for law enforcement. The release this week of video footage of his arrest and subsequent “perp walk” may be even more important.

Czech authorities disclosed on Tuesday that they had taken an individual identified as “Yevgeniy N” into custody on October 5 at a restaurant in Prague. Reports on U.S. news outlets including CBS, citing unnamed sources, say the man was wanted for his involvement in the hack and theft of data from LinkedIn, the social networking web site, in 2012.

Judging from information released by Czech authorities, the arrest was a model of the kinds of cross border cooperation that authorities and information security professionals have long been calling for. Specifically: the U.S. used Interpol’s Red Notice system to issue the equivalent of an international arrest warrant for the individual, who resides in Russia.

Acting on intelligence that “Yevgeniy” would be leaving Russia to vacation in the Czech Republic with his girlfriend, the FBI in the U.S. contacted Czech authorities who located and detained him at a central Prague hotel within 12 hours of being contacted by the FBI.

Importantly: the arrest was captured on videotape. A clip shared by Czech authorities with news outlets shows Yeveniy with a companion at what appears to be an upscale restaurant speaking with Czech police. He is later shown being cuffed and led out of the restaurant to a waiting police cruiser. The Czech authorities said he was surprised by the arrest and offered no resistance, though he later collapsed and had to be hospitalized and given First Aid.

The arrest is a victory in a long war on cybercrime and cybercriminals who have, for too long, operated with impunity from within the border of Russia and former Soviet satellite states, as well as from developing nations like China and elsewhere.

But the video is just as important. It sends a powerful message to cybercriminals and would-be cybercriminals. Namely: that there will be consequences for your actions. You may benefit materially from your crime (Yevgeniy and his girlfriend were, reportedly, traveling in a luxury automobile). You will also be an international pariah: a wanted criminal whose movements outside of whatever safe haven you inhabit will be watched. Traveling abroad, you will carry the knowledge that you could be subject to sudden and humiliating arrest at any moment. You are a wanted (wo)man. And, let’s face it, no matter what car you drive, being led away in cuffs and sticking your girlfriend with the tab is definitely not cool.

In the U.S., the perp walk has long been used to send a message to the powerful –whether mobsters or crooked politicians or white collar criminals. The message? Nobody is above the law.

Looking at Yevgeniy’s perp walk on the streets of Prague, other cybercriminals can no longer kid themselves that they’re white collar professionals – cubicle jockeys who work in office parks but just happen to commit online crime for a living. They must confront the fact that their status, in the eyes of the law, is no different from that of other criminals: drug dealers, illegal arms dealers or human traffickers.

Attention now shifts to the question of whether the Czech authorities will extradite the man to the U.S., as is expected, to stand trial for his alleged involvement in the LinkedIn hack. Successful prosecution of Yevgeniy may bring some measure of comfort to the millions of victims of the LinkedIn hack.

In the long term, however, we need many more arrests like Yevgeniy’s and, preferably, many more perp walks caught on camera before we’ll begin to make a dent in cybercriminal activity. Of course, perp walks themselves won’t end cybercrime, but they will send a clear message that cybercriminals enjoy no special status – no courtesy not accorded to other criminals. Hopefully that, in itself, may convince a few talented engineers, entrepreneurs or would-be grifters to find another line of work.

Paul Roberts

ANALYST REPORTS

Gartner 2017 Magic Quadrant for Enterprise Data Loss Prevention (DLP)

Paul Roberts

Paul Roberts is the editor in chief of The Security Ledger and founder of the Security of Things Forum. A seasoned reporter, Paul has more than a decade of experience covering the IT security space. His writing has appeared in publications including The Christian Science Monitor, MIT Technology Review and The Economist Intelligence Unit. He's appeared on news outlets including Al Jazeera America, NPR's Marketplace Tech Report and The Oprah Show.