In Russia, financial computer crime is the perfect criminal enterprise. While the Russian Criminal Code makes it illegal to hack into computer systems, the punishment is ridiculously weak. If prosecuted, the maximum prison sentence is 6 months if the perpetrator returns the stolen money to the victim. In comparison to financial-motivated crimes, if your crime is categorized as 'hooliganism', then you can receive a sentence up to two years. So, steal $5 million and get 6 months prison. Hack in to a twitter account and get 2 years.
Under this legal code one could build a successful and sustainable criminal enterprise. Let's conservatively estimate that there is a 25% chance of being caught perpetrating a financial hack (it is probably much lower than this). The criminal pulls off his first hack without getting caught and banks $100,000. The criminal pulls off a second successful hack and banks another $100,000. In the third, the criminal is caught stealing another $100,000. He pays the $100,000 with proceeds from his first two crimes and goes to jail for six months. Out of prison, he pulls off two more successful hacks and again gets caught in the third. At a minimum, he is up $200,000. With the capital he has built up, he invests in people and infrastructure to expand the enterprise, banking proceeds and paying restitution and time as necessary.
Viktor Pleshchuk, one of the perpetrators of the RBS World Pay hack, was pinned as being responsible for $318,000 of the $10 million stolen from RBS. He reimbursed RBS for $318,000 and served a six month sentence.
Time for an update of the Russian Criminal Code.