Evgeniy M. Bogachev is in his early thirties and lives a comfortable life among his collection of luxury cars in a small resort city on the shores of the Black Sea. He is the most-wanted cybercriminal in the world, and the FBI is offering 3 million dollars for his capture.

The US accuses Bogachev of having created a global botnet composed of infected computers with the attention of winnowing millions of dollars from bank accounts all over the world. According to reporting from The New York Times, the cybercriminal’s victims included everyone from private users to public organizations such as, for example, a pest control company in North Carolina or a police precinct in Massachusetts.

However, Bogachev is seemingly much more than your common cybercrook. The FBI suspects that although he probably got into the business for the same reason as most cybercriminals (money), his activities have grown more complex with time. In fact, he is also suspected of controlling more than a million computers around the world, with access to photographs, documents, and all kinds of confidential personal and corporate information. So what began as a way of draining bank accounts all over the world for huge financial gain has become a unique window of opportunity for Russian intelligence agencies to carry out wide-reaching espionage.

While Bogachev perpetrated his cyber-heists, the Russian authorities appear to have not only turned a blind eye, but also shown their appreciation of his work. Given the extent of Bogachev’s access to computers from all over the globe, the Russian agency allegedly obtained, among other things, information from military services with ties to the conflicts in Ukraine and Syria. According to the Times, they also appear to have accessed information from US intelligence agencies.

At the moment, the attacks carried out by Bogachev under pseudonyms like slavik, lucky12345 or pollingsoon are going unpunished. Russia has no extradition treaty with the United States, and Russian officials have stated that as long as Bogachev does not commit any crime in Russian territory, there would be no reason to stop him.

The logical conclusion of this stance toward international cybercrime is troubling. It implies that the sale of malware by Russian cybercriminals in the dark corners of the internet, or even the theft of money, could be given a pass by Russian agencies.

If confirmed, the situation would prove that black hats could be recruited as mercenaries in cyber-conflicts between the world’s major powers. In such a scenario, the victims (i.e., individuals and businesses) are mere pawns in a game of cyberwar. The loss of things that are of great value to you, such as your privacy, confidential data, even the money in your bank accounts, is seen as mere collateral damage caught up in the forces of conflict between rival nations. It is now more indispensable than ever to have the necessary security tools to protect yourself and guarantee the safety of your digital assets.