Hackers take holidays, too

Attacks on companies and sites dip in the summer months, researchers have repeatedly found, and the reason isn't hard to decode: Hackers take summer vacations, too.

The big picture: Cybercriminals love to flaunt their cash and take lavish vacations after successful hacks and online scams — giving U.S. law enforcement a ripe opportunity to arrest or extradite them, experts tell Axios.

• Criminal hackers slow down operations between July and early August, as well as around the end-of-year holidays, says Allan Liska, a ransomware analyst at Recorded Future.
• The number of attacks on public sector entities, including schools and local governments, also tends to slow down in the summer months, says Emsisoft threat analyst Brett Callow.

Between the lines: When criminal hackers leave safe-haven countries, like Russia, U.S. law enforcement gets a rare opportunity to arrest and extradite suspects.

• A Russian entrepreneur believed to be laundering money for the Ryuk ransomware gang was detained while vacationing in Mexico in November.
• In 2017, the U.S. Department of Justice arrested at least five Russian hackers while they were on vacation in Barcelona, Prague and Greece.
• Czech police arrested and extradited a Russian hacker in 2016 while he was eating dinner at a hotel in Prague. (His October jaunt, however, did not fit the summer-vacation pattern.)

Cybercriminals have long been known to share their vacations on social media — often jet-setting to places like Cyprus, Greece and Romania.

• Ramon Abbas, a Nigerian internet scammer known as “Hushpuppi,” spent years boasting about his private jets, designer clothes and dream vacations on Instagram — amassing more than 2 million followers before his arrest in 2020.
• Two Russian hackers were arrested during a vacation in the Netherlands in 2012 after posting several photos on Facebook during the trip.

Details: Hackers who live in countries that don’t have extradition agreements with the U.S. — including Russia, China, Iran and North Korea — take on a bigger risk whenever they leave their country.

• Because hackers who target U.S. businesses are usually located overseas, the government relies heavily on extradition agreements — and law enforcement partnerships with allied countries — to catch suspects behind high-profile hacks.
• Many of the countries that don’t have extradition agreements with the U.S. are safe havens for cybercriminals. For example, Russia tends to turn a blind eye to cybercriminals’ actions as long as they don’t go after Russian companies.

Yes, but: Because of increased awareness about the risk of international travel, many criminal hackers seem to have been traveling less in recent years, Liska tells Axios.

• Fewer Russians have been traveling internationally during the war in Ukraine.
• Nation-state hackers behind espionage campaigns targeting the U.S. also tend to keep such a low profile online that they’re difficult to track — and unlikely to leave their home country.
• "It's not a good idea anymore to leave, and they've been aware of that for a while," Liska says.