I never realized it was that involved. Ie that there are specialty roles in ransomware where people simply provide the access for a fee, and sell that to someone else to actually do the ransoming.
The other question of course is - can this be considered Russian sponsored if they choose not to ever prosecute? How does this end? It becomes a major career in Russia?
>The other question of course is - can this be considered Russian sponsored if they choose not to ever prosecute?
Here Russian police is lazy - if no one files a complaint, they won't do anything. Since he avoids targetting Russian organizations, law enforcement is probably completely unaware of him. Something can happen if American law enforcement contacts Russian law enforcement directly but it looks there's little cooperation there because of the mutual political animosity between USA & Russia (US/Russian embassies getting closed, ties being cut etc) I wonder what will happen if Interpol gets involved
Russia is an Interpol nation, so they should be able to operate there. It's amazing to me that someone this high profile and careless hasn't already been arrested, though. Perhaps there is some kind of protection in place.
>It's amazing to me that someone this high profile and careless hasn't already been arrested
A decade ago my town used to have a gang which operated the largest mail order bride scam in the country, all victims in US and Europe, too (i.e. none in Russia), for the same reasons. Many people in the town knew what they did and who they were (I personally knew 1 guy from there) but no one reported them to police because no one would benefit from fighting them and being labeled a snitch, and the general attitude (excuse) was that Americans and Europeans are supposedly very rich (at least, by Russian standards) so them losing $1000 here or there wasn't considered a serious problem or some moral dilemma. Police didn't care because formally no one filed an official complaint.
However, there was some foreign victim who really valued his lost money. He somehow managed to contact Russian police and thanks to his efforts the gang was eventually busted red-handed, I remember there was a TV report about the raid. As it turned out, basically it was 20-30 students spread across several rented commieblock appartments full of PC's. They made many mistakes leaving traces of their real identities (just like the guy in the OP), the one guy I knew from there was also ~18 yo, a pretty inexperienced kid, even before the raid I had suspected it's not a serious mafia cell protected by the government or anything, just a bunch of opportunistic scumbags who abuse the inertia of our police and the legal/political/linguistic barriers between our countries. To scam people or spread ransomware, all you need is programming/social engineering skills and a PC. If you are lucky and/or determined, you can earn a lot of money by just having that, no government sponsorship is required. The fact that the hacker in the OP's post also lives in Siberia in a provincial town reminds me of that student gang from my town; you wouldn't expect high-profile hackers sponsored by the federal government to use the same password for all sites they visit.
I think we can see if they are protected by authorities if Interpol requests will be flat-out rejected.
I wonder if he's ever stolen from a powerful drug dealer, who could afford to send someone to Russia to get revenge - not necessarily show up at the hacker's door, but to rent some locals who'd do that
To me it sounds gullible and one-dimensional to use the name of some far-away place with a different language system, to blame for every criminal or autocratic problem. Mafia in the USA runs health care and show girls -- poor idiots far away sell hijack tools.
There are smart people in every country, of every color and language.
I wouldn't be surprised if devices typically become compromised via automation - the ones responsible may not have the expertise & manpower needed to develop & deploy viable ransomware payloads, negotiating ransoms, providing "tech support" to "customers" who choose to pay the ransom and need help decrypting, etc. So they'd rather resell the access for a flat fee and leave it to others to milk out the actual targets for potentially more money. The low but steady stream of money they get might also be easier to launder than ransoms worth hundreds of thousands.
I doubt this is limited to ransomware - I bet customers of a "network access broker" would involve conventional malware such as spam/DoS bots, ad fraud, etc as well.
The other question of course is - can this be considered Russian sponsored if they choose not to ever prosecute? How does this end? It becomes a major career in Russia?