Case Study 4 (Hacker "Kolypto" extradited from Norway)
Mark Vartanyan, also known as "Kolypto", a Russian national, was charged with developing and
maintaining the "Citadel" malware toolkit. He was extradited to the USA from Norway and
charged with computer fraud in March 2016. According to information presented in court,
Citadel was a malware toolkit designed to infect computer systems and steal financial account
credentials and personally identifiable information from victim computer networks. Citadel was
offered for sale on invite-only through Russian-language internet forums frequented by
cybercriminals. Users of Citadel targeted and exploited the computer networks of major financial
and government institutions around the world. According to estimates, Citadel infected
approximately 11 million computers worldwide and is responsible for over USD 500 million in
losses.
Vartanyan lived first in Ukraine and then Norway. He allegedly engaged in the development and
distribution of Citadel and uploaded numerous electronic files that consisted of Citadel malware,
components, updates and patches, as well as customer information, all with the intent of
improving Citadel's illicit functionality. The case led to Vartanyan's guilty sentence and a
punishment of five years in prison.
Case-related files
U.S. Department of Justice. (2017). Press Release: Russian Hacker "Kolypto" Extradited from
Norway. March 14.
U.S. Department of Justice. (2017). Press Release: Russian Citizen who Helped Develop the
"Citadel" Malware Toolkit is Sentenced. July 19.
Discussion questions
On what grounds did the United States made an extradition request of Mark Vartanyan from
Norway?
What other countries might have reasons to make extradition requests for this suspect?
What kind of evidence needed to be collected from outside the United States? Is seizure and
sharing of computer hardware and data included in mutual legal assistance agreements between
the United States and Norway?
