WASHINGTON — When a suspected Russian cybercriminal named Dmitry Ukrainsky was arrested in a Thai resort town last summer, the American authorities hoped they could whisk him back to New York for trial and put at least a temporary dent in Russia’s arsenal of computer hackers.
But the Russian authorities moved quickly to persuade Thailand not to extradite him, saying that he should be prosecuted at home. American officials knew what that meant. If Mr. Ukrainsky got on a plane to Moscow, they concluded, he would soon be back at work in front of a computer.
“The American authorities continue the unacceptable practice of ‘hunting’ for Russians all over the world, ignoring the norms of international laws and twisting other states’ arms,” the Russian Foreign Ministry said.
The dispute over Mr. Ukrainsky, whose case remains in limbo, highlights the difficulties — and at times impossibilities — that the United States faces in combating Russian hackers, including those behind the recent attacks on the Democratic National Committee. That hack influenced the course, if not the outcome, of a presidential campaign and was the culmination of years of increasingly brazen digital assaults on American infrastructure.
The United States has few options for responding to such hacks. Russia does not extradite its citizens and has shown that it will not easily be deterred through public shaming. At times, the American authorities have enlisted local police officials to arrest suspects when they leave Russia — for vacation in the Maldives, for example.
But more often than not, the F.B.I. and Justice Department investigate and compile accusations and evidence against people who will almost certainly never stand trial.
“You can indict 400 people. They don’t care,” said Robert E. Anderson Jr., who until last year served as the F.B.I.’s most senior executive overseeing computer investigations.