Challenges in Investigating and Prosecuting Cybercrimes: Insights from the International Target and Lauri Love Data Breach Cases


Investigating and prosecuting cyber crimes presents unique challenges due to the borderless nature of the internet and the complexity of digital evidence. These difficulties are exacerbated by varying international laws and the need for extensive technical expertise to prosecute cyber crimes. Two notable real-world examples, the 2013 Target Data Breach and the 2012 Lauri Love FBI Breach, vividly illustrate these challenges.

2013 Target Data Breach. Red River Security identifies the 2013 Target Data Breach as a real-world case example of the difficulties involved in investigating and prosecuting cyber crimes: “The Target data breach was one of the biggest security breaches in history. Target was required to pay an $18.5 million settlement after hackers stole 40 million credit and debit records. But as with many unprecedented security attacks, Target’s data breach came with both warnings and lessons — which are still valid today” (Jones, 2021). It suggests that we can still learn lessons from the data breach long after the case is closed, because of the intricate nature of prosecuting cyber crimes. 

While two cybercriminals, Dmitriy Smilianets and Jerome B. Simandle were identified and prosecuted in the United States, they both pled guilty to conspiracy to commit unauthorized access of protected computers and one count of conspiracy to commit wire fraud resulting in 144 months for Drinkman and 51 months and 21 days for Smilianets for stealing and distributing more than 160 million credit card numbers in the black market (U.S. Attorney's Office, 2018). 

Cyber Threat Intelligence discusses the HVAC electric billing system that provided an entry point to steal Target’s credentials through a password stealing trojan (2023). According to the press releases, it took three years to extradite Vladimir Drinkman to the United States for prosecution. Before the United States prosecuted Vladimir Drinkman, he had the right to deny the extradition in the Netherlands courts. The three year extradition highlights a common difficulty in prosecuting cyber crime across jurisdictions. While Drinkman was eventually extradited, these legal processes depend highly on negotiations between countries that work together. When countries do not work well together, this process becomes more challenging when one country does not believe the legal rights of the extradited party will be protected in the other country. If they were not caught traveling in the Netherlands, it is likely that Drinkman would not have been extradited by Russia due to opposing diplomatic relations. While this case included substantial evidence from the U.S. Attorney’s Office through logs that identified his behavior, the technical complexity requires substantial resources to obtain expert testimony to gain an advantage in court. 

2012 Lauri Love FBI Breach. The U.S. Attorney’s Office Southern District of New York identifies a case where the hacker was not extradited by the UK due to an autism diagnosis creating a challenge to his legal rights in the UK and ability to stand trial and quality of life in prison in the US: “LOVE is a sophisticated computer hacker who resides in the United Kingdom. From October 2012 through February 2013, LOVE worked with other computer hackers around the world to secretly gain access to the Federal Reserve’s computer servers in order to steal and then publicly disseminate confidential information found on those servers, including personal identification information of people using the Federal Reserve network” (2014). Even though Love stole confidential information from the Federal Reserve through an Adobe ColdFusion vulnerability and posted it publicly online, England’s legislation to charge him for the international crime under their laws in their country stated in the 2013 Crime and Courts Act protected him from any punishment in the United States (Campbell, 2017). According to Chartwell Speakers, “Lauri now works in the design, development, testing and oversight of cybersecurity systems along with many other ventures” (2024). As an activist, he often speaks out against forced decryption laws to expose governments on cybersecurity, surveillance, and privacy issues. While he claimed his actions were motivated by activism and not malicious intent, his actions exposed Social Security numbers and credit card information for thousands of Americans causing significant financial loss to the United States government. 

The Target breach and Lauri Love FBI breach demonstrate that even when hackers are identified, bringing them to justice is often a complex process in a borderless cyber world where hacking teams reside internationally. Our ability to prosecute cyber crime remains heavily dependent on international legal frameworks and cooperation.

Reference:

Campbell, D. (2017, January 9). Lauri Love wouldn’t get justice in the US. UK courts must try his hacking case. The Guardian. https://www.theguardian.com/commentisfree/2017/jan/09/lauri-love-justice-us-uk-courts-hacking-case-extradition

Chartwell Speakers. (2024). Lauri Love. https://www.chartwellspeakers.com/speaker/lauri-love/?event=eyJldmVudE5hbWUiOiJDbGlja2VkIiwiaW5kZXgiOiJ3cF9wb3N0c19zcGVha2VyIiwib2JqZWN0SURzIjpbIjQzMzc4LTAiXSwicG9zaXRpb25zIjpbMV0sInF1ZXJ5SUQiOiIxYjM5Y2MxZjM5NjMxMWI1YWQ1M2FjNzdmMGI2YWU3MiJ9

High Court of Justice. (2018). Lauri Love v. The Government of the United States of America. Neutral Citation Number: [2018] EWHC 172 (Admin). https://www.judiciary.uk/wp-content/uploads/2018/02/lauri-love-v-usa.pdf

Jones, C. (2021, October 26). WARNINGS (& LESSONS) OF THE 2013 TARGET DATA BREACH. Red River. https://redriver.com/security/target-data-breach

Lee, M. (2023). Cyber Threat Intelligence. Wiley. 

United States Attorney’s Office, District of New Jersey. (2018, February 14). Two Russian Nationals Sentenced to Prison for Massive Data Breach Conspiracy. Justice.gov. https://www.justice.gov/usao-nj/pr/two-russian-nationals-sentenced-prison-massive-data-breach-conspiracy

United States Attorney’s Office, District of New York. (2014, February, 27). U.K. Computer Hacker Charged In Manhattan Federal Court With Hacking Into Federal Reserve Computer System. Justice.gov. https://www.justice.gov/usao-sdny/pr/uk-computer-hacker-charged-manhattan-federal-court-hacking-federal-reserve-computer


Comments

Post a Comment

Popular posts from this blog

SalonAboutBeauty: Less Integration for Consistent Styling Across Components

Ensuring Consistent Variables Less provides several advantages for organizing CSS to ensure consistency across a website. The variables.less file defines reusable properties that allow a developer to easily communicate and maintain styles according to a style guide or theme.  The Less Web Development Cookbook describes properties in the variables.less file in relation to other programming languages: “Variables in Less are defined as the equivalent to statics in other programming languages. You assign a value to a variable once and use it everywhere in your code” (Meyghani & Jobsen, 2015, p. 50). It suggests that less allows a developer to set properties, such as colors and length, to variable names that retain their meaning and can be used everywhere in the code. Examples: @base-color: red, @primary: green.  By providing these definitions in a central location, developers create code consistency in all areas of the website. Creating an Organized File St...
Read more

Why “Human Error” Is Usually a System Design Problem

In complex systems, failure rarely comes from a single bad decision. It comes from problems that evolve slowly, cross boundaries, and remain unresolved while everyone involved behaves reasonably. Managing risk in these environments means managing trajectories, not just incidents. When ownership is divided strictly by role, function, or severity threshold, gaps are inevitable. Those gaps are where issues linger, age, and quietly accumulate risk, not because they were ignored, but because no one was responsible for carrying them forward end to end. This is common in healthcare, where delay is often necessary. A patient may require observation, referrals, or time to clarify diagnosis. The failure is not that care takes time; it is that the trajectory of care becomes fragmented. Each clinician escalates correctly within scope, yet no one owns the evolving picture across visits, domains, and decisions. The patient is evaluated repeatedly, reassured locally, and sent away without continuity ...
Read more

Challenges in Prosecuting Deep Web and Darknet Crimes: The Case of Ross Ulbricht and the Silk Road

  The deep web represents online information that is not easily accessible through search engines. Prosecuting crimes on the deep web is no more challenging than prosecuting crimes for any standard website because law enforcement can still track the user's location through a domain or IP address. Alternately, the darknet poses a challenge for law enforcement to address illicit activity because while the darknet is a web-based system, it is accessible only through the Tor protocol that encapsulates HTTP and HTTPS traffic, much like a VPN that hides a user’s location and identity. The Tor protocol, often called the Onion Router, contains methods for encrypting and routing traffic between peers. The purpose of the Tor protocol is to make web browsing anonymous by routing each request through multiple peers and altering encryption at various steps until the request reaches its destination. Subsequent requests may hop through different peers, making traffic appear random, unpredictable,...
Read more