The man has been in Norwegian custody since October last year after he was arrested for his alleged links to the sale and development of Citadel, a Trojan virus used for stealing personal information such as passwords and bank details.
Citadel is a version of the botnet Zeus that has infected millions of computers world wide, mainly through spam e-mails and phishing messages. Cybercriminals can then gain access to a powerful web of computers, a botnet, undetected by to the owners of the infected computers, which they can use for illicit bank transfers or other criminal activities.
The Russian software specialist, who is in his 20s, moved to Østfold in Norway about a year ago, where he worked for a local IT company.
Both the FBI and its Norwegian counterpart Kripos have interrogated the man, who has denied all charges.
“My client is very relieved by the court’s decision, and that they have found insufficient grounds for suspicion,” defence lawyer Frode Sulland told Norway's Aftenposten newspaper. “The ruling shows that Norwegian police have relied overly what was given to them by the FBI and have not made a sufficiently independent assessment of the evidence.”
The FBI believes that the Russian programmer has distributed around 50 files which have then been used to install Citadel, and have found links to his IP address in both Norway and in the Ukraine, where he previously worked.
Josef Noll, Professor of Wireless Networks and Security at the University of Oslo, told the court that the most likely explanation for the links to his IP address is that the Russian man’s computer was itself infected with viruses.
He added that any computer literate person can easily hide their IP-address, while the man had never tried to conceal his identity online.
According to Russian newswire TASS, the prosecution has appealed the verdict and the accused hacker remains in custody pending a decision on the appeal.