Aug 26, 2022 - Technology

Hackers take holidays, too

Illustration of a vintage tropical postcard with the words “Phish you were here!”.
Illustration: Shoshana Gordon/Axios

Attacks on companies and sites dip in the summer months, researchers have repeatedly found, and the reason isn't hard to decode: Hackers take summer vacations, too.

The big picture: Cybercriminals love to flaunt their cash and take lavish vacations after successful hacks and online scams — giving U.S. law enforcement a ripe opportunity to arrest or extradite them, experts tell Axios.

  • Criminal hackers slow down operations between July and early August, as well as around the end-of-year holidays, says Allan Liska, a ransomware analyst at Recorded Future.
  • The number of attacks on public sector entities, including schools and local governments, also tends to slow down in the summer months, says Emsisoft threat analyst Brett Callow.

Between the lines: When criminal hackers leave safe-haven countries, like Russia, U.S. law enforcement gets a rare opportunity to arrest and extradite suspects.

Cybercriminals have long been known to share their vacations on social media — often jet-setting to places like Cyprus, Greece and Romania.

Details: Hackers who live in countries that don’t have extradition agreements with the U.S. — including Russia, China, Iran and North Korea — take on a bigger risk whenever they leave their country.

  • Because hackers who target U.S. businesses are usually located overseas, the government relies heavily on extradition agreements — and law enforcement partnerships with allied countries — to catch suspects behind high-profile hacks.
  • Many of the countries that don’t have extradition agreements with the U.S. are safe havens for cybercriminals. For example, Russia tends to turn a blind eye to cybercriminals’ actions as long as they don’t go after Russian companies.

Yes, but: Because of increased awareness about the risk of international travel, many criminal hackers seem to have been traveling less in recent years, Liska tells Axios.

  • Fewer Russians have been traveling internationally during the war in Ukraine.
  • Nation-state hackers behind espionage campaigns targeting the U.S. also tend to keep such a low profile online that they’re difficult to track — and unlikely to leave their home country.
  • "It's not a good idea anymore to leave, and they've been aware of that for a while," Liska says.
Go deeper