Sergey Pavlovich needed a fixer. The 32-year-old ex-con was living in Moscow in 2015 after serving nearly eight years behind bars in Belarus for his role with CarderPlanet.com, an internet forum where scammers bought and sold millions of credit and debit card numbers.
Upon his release from prison, Pavlovich relocated to Russia to explore new business opportunities, like promoting the memoir he wrote in his jail cell and trying to open a fish delivery service.
Before he could start fresh, though, Pavlovich had to clean up a big mess: He was still wanted in the United States on old charges accusing him of fraud and conspiracy in connection with CarderPlanet. More than ever, Pavlovich knew, the Department of Justice was leaning on foreign counterparts to extradite suspected cybercriminals to the U.S.
To promote the memoir, Pavlovich says he needed to leave Russia without worrying that the FBI would drag him out of bed during a publicity tour in far-flung locations.
“It’s f—ing double jeopardy and isn’t [an] honest thing,” Pavlovich told CyberScoop last year of the charges against him in the U.S. “Why should I have problems abroad? I’ve paid in full.”
So, roughly three years ago, Pavlovich asked his friend, Dmitry Naskavets, a fellow Belarusian who’d been in a similar jam, for help. Naskavets, who pleaded guilty in 2011 to aiding another credit card fraud ring, sent Pavlovich the contact information for his own lawyer.
Pavlovich knew the name: Arkady Bukh.
Bukh, from his offices in New York, had represented a who’s who of accused cybercriminals around the globe, including Vladislav Horohorin, a hacker and credit card trafficker known as “BadB” who helped build CarderPlanet.
Hopefully, the logic went, Bukh could help Pavlovich find a way to travel without looking over his shoulder. The lawyer introduced Pavlovich to a U.S. Secret Service official, and Pavlovich says he spoke with that person by phone. He says the official explained that the likeliest result would be for Pavlovich to be arrested by U.S. authorities, then spend two or three years helping investigators catch other scammers who picked up where CarderPlanet left off.
“[A] contract with no guarantee and with a big chance to get behind bars,” Pavlovich says now about the Secret Service’s offer. “It wasn’t helpful.”
Yet to this day, Pavlovich remains a free man. The former scammer is still wanted, but lives in Moscow without fear of joining the growing roster of digital criminals who have been nabbed by U.S. law enforcement and forced to stand trial before American juries. He says this likely would have been impossible without Bukh’s work.
When asked about this arrangement, Bukh failed to recall exactly what led to Pavlovich’s quasi-independence. He says he never officially represented the man and can’t remember who at the Secret Service was part of the conversation. Pavlovich says he also lost the name of the agent. (The Secret Service declined to comment for this story, though multiple former agents said such negotiations are not rare.)
The story is typical Arkady Bukh. His influence is clear even if the details are hazy.
The episode also epitomizes the work of a single defense attorney who, for a generation, has navigated international backchannels to become involved with a huge number of accused hackers from the former Soviet bloc who face charges in U.S. courts.
Like a Perry Mason for the digital age, Bukh has defended dozens of accused cybercriminals over a 10-year span in which hacking sprees have expanded from a corporate nuisance into an espionage tool deployed by governments aiming to influence geopolitics.
It’s a scene where international intelligence agencies mingle with freelance hackers, where large stacks of cash disappear from ATMs and where social media posts by accused scammers later appear as evidence in U.S. courtrooms. Bukh’s clients aren’t necessarily hoodie-wearing, basement-dwelling nerds. Sometimes they behave more like social media influencers, posting selfies while they drink champagne and pose with Lamborghinis in the middle of Moscow.
“In 100% of my cases, they are businessmen,” Bukh said. “They either didn’t know they were out of compliance with U.S. law, or they were marketing themselves more aggressively than they should have been.”
The ‘Godfather of cybercriminal defense’
Operating out of offices in Manhattan and Brighton Beach, the area of Brooklyn famed for its tight-knit community of Russians and other Eastern European immigrants, Bukh has become one of the best-known intermediaries in the world of international cybercrime, while witnessing first-hand how the game of cat-and-mouse between law enforcement and hackers has escalated over the past decade.
Bukh has represented defendants from outside of the hacking world, including Azamat Tazhayakov, a friend of Boston Marathon bomber Dzhokhar Tsarnaev. But the lawyer’s fluency in English and Russian, as well as his background in computers, has made him one of the few go-to lawyers in the U.S. for anyone from former Soviet Bloc nations who has been accused of criminal computer intrusions.
“He’s like the godfather of cybercriminal defense lawyers,” said Vadim Glozman, a Chicago-based attorney who has worked with Bukh on multiple cases. “He’s done more of these cases than anybody in this country, and that’s the kind of experience you can’t just teach to anyone.”
Visitors to Bukh’s office in midtown Manhattan enter through a black-and-gold door situated on Madison Avenue, hidden between high-end fashion stores like Alexander McQueen, Chanel and luxury jeweler Pomellato. Despite its location in the high-rent district, potential clients can find the office typically quiet, even before the coronavirus pandemic shut down the city, save for a few conference tables covered in beige folders bulging with papers.
Bukh himself is sociable and relaxed — two traits so rare among New York attorneys that it’s almost suspicious.
In fact, associates and former prosecutors suggested, Bukh’s gregarious nature disguises a shrewd legal mind. By appearing aloof, Bukh has tricked legal opponents into underestimating him, say former U.S. officials who faced him in court. The most obvious example of this approach is his propensity to dress in ostentatious outfits, including loud jackets, bowler caps, bow-ties and suspenders. He drives a silver Mercedes G-Class luxury SUV around Manhattan, Brooklyn and New Jersey.
“You guys in the media create a lot of traffic for me.”
It’s part of a strategy to attract attention from potential clients, Bukh said, even if it’s earned him the nickname “Willy Wonka” from some in the straight-laced world of American law enforcement.
“He comes off like a goofball,” says one former U.S. Secret Service agent. “But there’s always more to it.”
That nature was on display as he spoke with CyberScoop over several months in 2019 and 2020. In interviews, Bukh hints at tantalizing topics, then demurs without elaboration — like when he says some of his old classmates are working in Russian law enforcement, then tightens up. Sometimes he directs specific questions toward preferred topics, or ignores questions that could make his clients look bad, then moves the conversation to broad ideas like the future of cryptocurrency.
Asked why he first considered representing accused cybercriminals, Bukh responds succinctly with a smile: “I like technology.”
For all his coyness, Bukh seems to talk to any reporter who will listen, with quotes in NPR, CNN, NBC and a range of smaller publications. He’s particularly chatty with Sputnik, the Russian government-funded media outlet. It’s all part of his business strategy.
“You guys in the media create a lot of traffic for me because, where most lawyers say ‘no comment,’ I’ve been trying to see how far I can go,” he said in January. “It’s not disclosing confidential information, but I say what I can in the articles. And it’s been successful.”
From Azerbaijan with hustle
Bukh hails from Azerbaijan, a former Soviet republic situated between Russia, Iran and the Caspian Sea. His paternal grandfather was Boris Vannikov, a Soviet military general who survived Joseph Stalin’s purges to rise to an administrative position in the USSR’s atomic weapons project. By 1949, Vannikov was the head of the Soviet Ministry of Medium Machine Building, the agency responsible for overseeing the atomic program.
Despite his grandfather’s influence and deep family ties to the former Soviet Union, Bukh left Azerbaijan following the Baku pogrom in 1990, when nationalist mobs murdered an estimated 90 Armenians, injured roughly 700 people and warned others to leave the country.
After a stint living near family in Israel, Bukh arrived in New York City in 1992, soon enrolling in New York Law School, building on prior education that included studies in math and technology.
It was a good time for a young attorney to make his name in New York, which was in the midst of an influx of Russian-speaking immigrants a full century after people from Russia and Ukraine first established communities in the city. He graduated in 2002 and immediately started his own practice. (Bukh was married in 2004 and has two teenage children from the relationship.)
At first, Bukh mostly advertised his services in Rusrek, a Russian-language website aimed at immigrants, and represented clients accused of drunken driving and low-level drug offenses, he says. One of his early cases involved Michail Sorodsky, who billed patients — many of them immigrant women — up to $1,000 for what he claimed were “holistic” healing sessions during which the supposed medicine man would drug and rape them.
Soon after, court records show, Bukh was representing accused cybercriminals.
Bukh was retained in 2004 as the lead counsel for Aleksi Kolarov, who was charged in absentia with conspiracy to defraud the U.S. in connection with ShadowCrew, a pioneering black market internet forum where scammers crafted ways to grift Americans out of $4 million.
At that time, cybercriminals still were experimenting with many of the tools that would haunt victims for a generation. That year, industry analysts suggested phishing attacks were on the rise, while the number of malware strains grew by more than 50%, to more than 100,000. Those tools, combined with early botnets and the use of computer worms, represented a step up from the mass email spam campaigns that had been commonplace.
Kolarov, a Bulgarian, would have been a big fish for law enforcement to catch. He was accused of trafficking more than a million stolen credit card numbers at a time when prosecutors were learning how to charge “mobile hackers” with relatively low-level cybercrimes, like breaching a home improvement store’s network from a car parked outside.
Kolarov spent years as a fugitive. He was apprehended in Paraguay in 2011 and ultimately sentenced to 30 months in U.S. prison.
Another early client, Igor Klopov, was arrested in 2007 after using the Forbes 400 list to identify Americans who might make the easiest targets. The scam worked like this: Klopov would stalk his victims online, collect some banking details, discern their personal interests and even hire private investigators to help him create dossiers on rich Americans. He then created checkbooks in victims’ names, linked to their personal equity accounts.
Klopov, then 24, tried writing a $7 million check that appeared to be from Charles Wyly Jr., former CEO of craft store chain Michael’s and a major donor to Republican political causes. The check was made out to a gold dealer who grew suspicious and alerted the authorities. Klopov, thinking he was borrowing $7 million from Wyly to buy gold bullion, boarded a jet to the U.S. only to be arrested when he arrived.
He ultimately pleaded guilty to stealing $1.5 million and trying for another $10 million before he was sentenced to three and a half years in prison.
“I still remember his mom calling me in tears,” Bukh says of how he became involved in the case.
It was a watershed moment for Bukh. His firm not only embarked on an explicit legal strategy to cooperate with the government in order to receive a reduced sentence, he also told the media all about it.
“Our position is to assist the government and we are hoping to get a positive deal from the prosecutor,” told the New York Times for a 2007 article.
Flip first, or stand trial later
If the Klopov case was Bukh’s training ground, the case of Vladislav Horohorin marked his entry into the big leagues. Horohorin was one of the co-founders of CarderPlanet. Known as “BadB,” Horohorin created a network that the U.S. Secret Service said at the time of his arrest was somehow involved with “nearly every major intrusion of financial information reported to the law enforcement community.”
After being arrested in France in 2010 then extradited to the U.S. in 2012, Horohorin admitted trafficking more than 2.5 million credit and debit card numbers stolen from a card processor based near Atlanta. He used some of the data to withdraw more than $9 million from international accounts. In exchange for a guilty plea to two counts of “access device fraud” as well as conspiracy to commit wire fraud, prosecutors agreed to drop six counts against Horohorin, Bukh says.
Horohorin would be sentenced to seven years in U.S. prison before returning to Moscow. That was less than the 12 years and $500,000 fine he faced. The discrepancy has led to the obvious question: Did a pioneering credit card thief turn state’s evidence in exchange for less time in the slammer?
Reached via WhatsApp, Horohorin said, “I am grateful to Arkady for helping me during my case,” before ignoring specific questions. Bukh declined to confirm or deny his client had provided any useful information to U.S. authorities, citing attorney-client privilege.
A former law enforcement official involved in the case says Horohorin agreed to cooperate, though only to a limit.
“[Horohorin] overstated his importance to us, and to anyone in the government who would ask him about it,” said the source, who was not authorized to speak on the matter publicly. “Bukh is known for these kinds of deals. He’s built his reputation on this kind of thing.”
Working with the government typically is the best way for defendants to knock some time off their sentence and head home, Bukh says. If they won’t do it, or prosecutors aren’t impressed with what the client can offer, the plan is to go for a plea. A trial is the last resort, and Bukh estimates it may occur in fewer than 1% of his cases.
“He brokers deals in ways I don’t think most conventional lawyers would approve, but he gets these things approved,” said Nicholas Wooldridge, a criminal defense attorney who spent a decade working for Bukh before starting his own practice in Las Vegas. “It’s because he has the ability to cozy up to those people and make a pitch that makes sense.”
Bukh says he always assesses whether a defendant is willing to turn over control of their tools, such as a botnet, or provide their dark web credentials to the cops. In one case, he says, the client wrote code the government could use to collect evidence on scammers who trade stolen data online. Bukh says he then tried convincing prosecutors his client would make an effective cooperating witness, citing the creation of that software. Prosecutors ultimately declined the offer, he says.
“Sometimes we have to create a few business plans before the government is satisfied,” he said.
Clients with reservations about betraying their former associates may be more likely to change their minds when learning how much time they’re risking in an American jail cell, far from any visitors and with a language barrier to overcome. Therein lies an opportunity for pragmatic lawyers who don’t want to take their clients’ case to a judge, Wooldridge added.
As Bukh put it, “Going to trial is like sending a patient to surgery for an illness that has a 99% mortality rate.”
A motive to the hacking madness?
Throughout his cases, Bukh says a pattern has emerged with his clients. Since the fall of the Soviet Union, Bukh claims it’s difficult to find success as an entrepreneur in Russia or Eastern Europe without engaging in some kind of corruption. Men from the area are highly educated in math and the sciences, though they are dealing with a job market that’s often unwilling to meet their salary expectations, he says.
So they improvise.
The schemes only attract attention from U.S. law enforcement when scammers entangle Americans, or U.S. companies, in their efforts. The U.S. Department of Justice is charged with investigating and prosecuting these crimes, a mandate that leaves it to foreign police agencies to investigate incidents within their borders. (The Secret Service frequently investigates cybercrime, too, as part of its role in stopping global financial schemes.)
Rather than purposely stealing Americans’ credit information or selling malware, Bukh argues that his guilty clients, to a man, are only guilty of being a little too aggressive in marketing their services, or inadvertently skirting overly broad U.S. criminal laws.
“My argument is that it’s like prosecuting Mikhail Kalashnikov,” Bukh said, referencing the inventor of the AK-47 automatic weapon. “He knew it would be used in Russia and in Afghanistan by al-Qaeda terrorists, but he wasn’t the one firing the gun.”
Of course, Bukh’s peers on the other side of his cases don’t share that logic at all.
Bukh’s rise coincided with a more aggressive Justice Department stance against hackers and scammers throughout the world. In recent years, the U.S. has enhanced its cooperation with overseas authorities, convincing friendly foreign law enforcement agencies to apprehend defendants when they pass through town. It’s a tricky arrangement for authorities who have extradition treaties with the U.S.: Help out a powerful ally while being careful to avoid the impression at home of doing Washington’s bidding.
One former U.S. prosecutor official openly laughed at the idea that accused cybercriminals from around the world wouldn’t understand they were in violation of U.S. law.
“Of course the defense attorney is going to say that,” the prosecutor said. “But under U.S. law, ignorance of the law doesn’t give you permission to do whatever you want.”
Walking a tightrope with U.S. attorneys is hard enough, but lately, Bukh has the added challenge of dealing with Russian government officials in the U.S.
When accused cybercriminals arrive in New York under arrest, officials from their country’s consulate typically will visit them in jail, monitoring court appearances in Manhattan and Brooklyn to ensure fair treatment. Often, the only people sitting in the gallery at cyber-related hearings in the Southern District of New York or Eastern District of New York are foreign government representatives.
Sometimes, these officials take a more active role. Foreign consulate personnel sometimes pester defense attorneys to abandon a cooperative legal strategy if it means exposing other hackers from the same country, Bukh said. Russian officials, in particular, sometimes are especially keen to make their voices heard, according to former U.S. Justice Department officials.
American prosecutors have laid out charges against suspected Russian hackers who knowingly mingled with Russian security services, enjoying protection in exchange for providing intel to the Federal Security Service, better known as the FSB. It shouldn’t be a surprise, then, that representatives of the Kremlin working in the U.S. would try to convince a defense attorney to discourage his client from cooperating with the Justice Department, U.S. officials say.
Bukh has often been caught in the middle. For his part, he declines to be more specific about which countries’ consulate officials have pressured him to take a different approach, or in which cases.
“I have enough trouble from them as it is,” he said when pressed for details.
(The Russian consulate in New York did not respond to multiple requests for comment.)
Other attorneys like Igor Litvak, another Russian-speaking lawyer specializing in cybercrime in New York, denied ever receiving pressure from foreign officials about how to approach a case.
“I am only responsible to my client,” Litvak said.
Former U.S. officials say Bukh is known for his ability to balance demands from aggressive American cops with the expectations of clients who simply don’t have a realistic view of the world. At one point, the Secret Service was negotiating the terms of a possible arrest of Mikhail Rytikov, a Ukrainian accused of running a “bulletproof” web hosting service that provided larger cybercriminals with safe harbor. Through Bukh, Rytikov offered to cooperate with the U.S., just a long as he wasn’t arrested first, according to Erik Rasmussen, a former Secret Service agent.
“He wanted his cake and to eat it, too,” Rasmussen said of Rytikov. “He wanted to meet us in person in Syria or some war zone, which was totally unnecessary, so we didn’t do it. But Bukh was totally professional through the whole thing. He would talk with his client and then come to the government and essentially say, ‘Look, I know that what he wants is crazy, but can we meet in the middle somewhere?’”
Ukrainian authorities ultimately arrested Rytikov in 2019 at the behest of British and American law enforcement.
“He was not a popular person,” Rasmussen added of Rytikov.
But those same foreign government officials also rely on known defense attorneys like Bukh to handle big cases, or find local attorneys who can instead. And the gradual uptick in the number of accused cybercriminals arriving on U.S. soil means that, instead of needing to market himself as he once did, Bukh’s firm now is flooded with potential clients.
A different kind of payment plan
In 2019, Bukh & Associates was involved in no fewer than five major cybercrime cases in the U.S. criminal justice system. Clients range from the aforementioned Rytikov to Stanislav Lisov, who pleaded guilty to creating the NeverQuest banking malware. There’s also admitted advertising fraudster Sergey Ovsyannikov, convicted LinkedIn hacker Yevgeniy Nikulin and Fedir Hladyr, a 34-year-old Ukrainian who pleaded guilty to working with the FIN7 gang.
A current client, Maksim Boiko, stands charged with laundering money on behalf of a transnational organized crime group called QQAAZZ. While not overseeing a global bank-drops service, as the FBI put it, Boiko traveled the world as an amateur rapper under the name “PlinOfficial.” He also documented much of that lifestyle on Instagram.
The clients reflect the extent to which cybercrime has changed over the past decade. While Igor Klopov was accused of trying to steal $7 million when he was taken into custody in 2007, Ovsyannikov admitted he helped defraud U.S. companies of $29 million. If recent estimates are accurate, Hladyr’s FIN7 group has stolen $1 billion and counting.
Not everyone pays Bukh for his billable hours in the same way, though.
Sergey Pavlovich, the former scammer still hiding out in Russia, put it this way: He paid Bukh not with money, but “by my knowledges.”
By “knowledges,” he means his contributions to CyberSec, a “different kind of cyber security firm,” Bukh says, that he’s built with two men known for their roles in high-profile internet scams. Klopov, the former client who was convicted of targeting wealthy Americans, is listed as a co-founder. And then there’s Oleg Nikolaenko, a Russian national once known as the “King of Spam” who’s listed as a key consultant on the company’s website.
Exactly what CyberSec does, though, remains unclear.
The plan seems to be to rely on a stable of former (and perhaps current) clients to sell security services to small and medium-sized businesses in the U.S. Instead of hiring a Fortune 500 security firm, the pitch goes, you’d be smart to hire a small cadre of former hackers who have cut their teeth by doing the same things you’re trying to prevent.
CyberSec, according to its website, offers penetration testing, incident response services and the ability to untangle the Gordian Knot of international compliance regulations.
“There is no substitute for real experience on the front lines of the information theft industry,” reads the website. “The former hackers on our team have the type of real world practical backgrounds that mean we truly understand how vulnerabilities are found in system security. … Now, we can find the vulnerabilities in your system and fix them before they are exploited to cause your company harm.”
Reformed hackers have always been a crucial pillar of the cybersecurity industry, whether they become corporate executives or gain fame for white-hat activities — like Marcus Hutchins, the researcher who deactivated the WannaCry ransomware outbreak in 2017. The trouble with CyberSec, though, is that it’s just not clear if the company actually does anything.
When asked to provide more information or to identify prior clients, Bukh declines, then shifts the conversation to the way his associates have changed their lives or brings up his investments in bitcoin.
The CyberSec website is not protected with HTTPS, a standard form of internet encryption, and offers few details other than marketing information. Bukh insists his team works on a regular basis with clients. And while the service has received coverage from media outlets like CNN and MSN.com, those stories appear to rely almost entirely on information supplied by Bukh himself.
A phone number on the CyberSec website directs to Bukh’s Brighton Beach law office. Klopov did not respond to multiple requests for comment. Nikolaenko could not be reached.
When asked if he was a member of CyberSec, as Bukh had suggested, Vladislav “BadB” Horohorin said simply, “What cybersec? Bukh got nothing to do with cybersec. Except he invented the name, probably.” Exactly what that means is, again, just not clear, and Horohorin ignored follow-up questions via WhatsApp.
But the lawyer maintains that the arrangement, in which he represents clients in exchange for their consultancy services later, is a key part of how his firm makes money. After all, he says, none of his clients are the evil masterminds they’re made out to be by U.S. prosecutors, but, foreign businessmen who simply didn’t realize they were breaking American law.
“I’ve got more than a dozen ex-hackers who are helping, some of them here in the United States, some in Russia and some are even wanted,” he said. “Unfortunately the companies are absolutely refusing to work with criminals. Even though the criminals are people who have spent thousands of hours successfully breaching the companies.”
When the plan goes sideways
Bukh now has a team of six full-time attorneys and a handful of staffers working on clients’ cases. Often, those end with a guilty plea to lesser charges, while the Justice Department notches another win in the fight against cybercrime.
It’s an arrangement that seems to work for everyone. Except for in the case of Yevgeniy Nikulin.
It was 2018 when Bukh agreed to take the case of a St. Petersburg, Russia, native who was indicted in 2016 for allegedly stealing 117 million usernames and passwords from LinkedIn, Formspring and Dropbox. Nikulin was arrested in Prague at the behest of U.S. authorities, only for the Kremlin to file a competing extradition request in an attempt to bring him home.
The fight reached the upper echelons of the U.S. government. House Speaker Paul Ryan raised the issue during a 2018 meeting with government officials during a visit to Prague. Czech authorities ultimately agreed to send Nikulin to the U.S. later that year.
Upon his arrival in California, Nikulin appeared in shackles in a U.S. district court in San Francisco because, deputies said, the scrawny Russian with a tight trim of black hair had attempted to escape. Then, facing more than 30 years in prison and a $1 million fine if convicted, Nikulin tried attacking nearby U.S. Marshals, spitting at them between attempts to clog the vents in his jail cell.
Nikulin also directed bizarre behavior toward Bukh. The accused hacker proved willing to discuss innocuous topics like his girlfriend, sports or the weather, but would go silent when asked to cooperate in his own case. Sometimes he’d start trembling, or crying.
The behavior, and the silence, torpedoed any chance of Bukh deploying his usual defense strategy to help Nikulin avoid a decades-long prison sentence.
“The clients are often nice and great guys but from the personal characteristics … this one, in my opinion, had a mental condition,” Bukh said of their initial meeting.
Rather than being a simple open-and-shut matter, in which the defendant could have reacted to several terabytes of digital evidence against him by being proactive, Nikulin declined to cooperate even with his own attorneys.
So Bukh embarked on a novel plan.
The defense supported Judge William Alsup’s decision to order Nikulin to undergo a psychiatric evaluation to determine if the defendant was fit to stand trial. The idea, Bukh said at the time, was to prove to the court that Nikulin wasn’t mentally competent, then ask the U.S. government to extradite him back home to Russia. There Nikulin presumably would be given a slap on the wrist for unrelated fraud charges and then freed after serving a fraction of the 30 years he faces in the U.S.
During the process, Russian officials were meeting with Nikulin in jail without his attorneys present, Bukh says.
A court-appointed doctor ultimately determined that Nikulin exhibited symptoms of narcissistic personality disorder, which can display in the form of a need for constant admiration.
That diagnosis from Lesli Johnson, of the Bureau of Prisons, found that Nikulin was faking some of his symptoms, based on the notion that he would react in a difficult manner, such as staring at her with a menacing smile, only when questioned about issues he found objectionable.
Alexander Grinberg, a specialist hired by the defense team, spoke to Nikulin in Russian, and reported interviewing his mother, who said that Nikulin had been physically abused by his father and that the hacker did not speak until he was 6 years old. Nikulin only began experiencing his signs of mental stress while he was incarcerated in the Czech prison, Grinberg said.
Ultimately, the judge agreed with Johnson, who deemed Nikulin competent, and scheduled the trial for June 2019.
Not long after that, in a surprise court filing, Bukh revealed he had visited Nikulin behind bars, only to see how dramatically the defendant’s mental state had deteriorated since he learned he would be tried. After one mysterious incident, Nikulin acted in a way that would result in Bukh withdrawing from the criminal case. “Mr. Nikulin made bizarre requests,” the court filing states, adding later that the meeting was the “last straw” which convinced the attorney it would have been “a travesty of justice and a breach of ethical norms to continue representing Mr. Nikulin in this matter.”
More than six months later, Bukh still refuses to reveal what happened. When pressed if he actually abandoned the case because his legal strategy failed, or if he in fact witnessed behavior so unusual he had to no choice but to walk away from his client, the lawyer wouldn’t budge.
“I’ve been involved with [many] of the hackers brought into the U.S. and they’re bright guys who are normal and intelligent and understanding,” he says. “But this is the first time I’ve seen this.”
Whatever happened, this much is clear: It wasn’t that Bukh couldn’t help Nikulin. It was that Nikulin didn’t want it.
The Russian man was ultimately found guilty, with sentencing scheduled for Sept. 29.
During a recent phone call, Bukh said he followed the Nikulin trial by reading court filings from New York. Already, he said, the very notion of a federal criminal trial for the theft of a database of information feels like an antiquated approach at a time when scammers are shifting toward affiliate fraud, commercial sabotage and other emerging types of attacks.
Since February, Bukh has been working from home and only recently agreed to take on new clients during the coronavirus pandemic. In conversations with CyberScoop, he suggests the biggest change in the world of cybercrime is that it’s no longer only his domain.
Speaking by phone between meetings, Bukh looks back on his career without sentimentality. He brushes aside questions about a theory suggesting Russian involvement in the Nikulin case, and abandons a digression about the evolution of botnets.
He says he only started representing accused scammers, spammers and hackers because it was a pragmatic way to earn a living.
“When I began in cybercrime, I don’t know, 50 years ago, the other colleagues of mine looked at me like I was so unique,” he says now, pointing to the start of his education in Azerbaijan, where computers were rare. “Now, children are sitting at their computer using cheat codes on their video games, and everyone is trying to hack something.
“In most of my cases, I respect my clients and try to help their families,” he says. “But they often have problems, and I feel sorry for them. They often come from a tough economic situation, and are very bright but are not compensated after a good education. They feel they are much smarter than the rest of the world with nothing to show for it.”
Bukh sounds almost mystified with the idea that hackers are stereotyped as anything but talented young men looking for recognition or trying to make a quick buck.
“They feel this mental disconnect, especially against Americans,” he adds. “I sometimes ask them, ‘Why did you do that, when you are so bright that you could easily work in an American company, with a good salary?”
He implies it’s time to wrap up the call. There’s a client who is threatening to jump bail as the pandemic grips Europe.
“They become blinded by a willingness to get cash or to show off to their girlfriends. This is especially with the younger population,” Bukh says. “I don’t know. Young boys make mistakes. What else can I tell you?”
Photography by Jack Crosbie
Editing by Greg Otto and Joe Warminsky
Design by Maria Barreix, Danny McGarvey and Komi Akoumany