American hackers are no less careful to avoid running services or communicating through American datacenters. Everyone knows that Google, Apple, Facebook, Amazon etc. are more than happy to turn over the IP address logs and any unencrypted data whenever law enforcement brings a valid search warrant, and sometimes they'll offer a dragnet of all their data when law enforcement just asks nicely.
The problem is that law enforcement is listening to local victims: Hack Colonial Pipeline and ask them to bring you a bag of cash in the parking lot, and you won't be meeting with their CFO - that guy in a suit is from the FBI. Hack Nord Stream, and you'll make some Russians angry, but they're going to have a hard time bringing that complaint to the FBI.
To make this more sensible, we need a paradigm shift. With a global Internet separating victims and hackers, while national governments only look for domestic victims of domestic perpetrators, you're going to end up with a lot of useless fist-shaking across the borders. I'm not suggesting that the answer is extradition of scapegoats at the whims of foreign powers, either, but our small, modern world has a lot of growing up to do before this makes sense.
Actually a Russian being hacked by an American will find a very interested FBI - who will promptly send all the needed evidence to whoever in the government deals with overseas issues. In turn this will lead to the Americans proposing an exchange of criminals with the Russians. It might or might not happen depending on details, but the proposal will be made.
Note, the above assumes you are not a target of a US military operation. If the US military is hacking you, then don't waste your time with the FBI (but if that is the case you already have access to "other" means to respond)
The problem is that law enforcement is listening to local victims: Hack Colonial Pipeline and ask them to bring you a bag of cash in the parking lot, and you won't be meeting with their CFO - that guy in a suit is from the FBI. Hack Nord Stream, and you'll make some Russians angry, but they're going to have a hard time bringing that complaint to the FBI.
To make this more sensible, we need a paradigm shift. With a global Internet separating victims and hackers, while national governments only look for domestic victims of domestic perpetrators, you're going to end up with a lot of useless fist-shaking across the borders. I'm not suggesting that the answer is extradition of scapegoats at the whims of foreign powers, either, but our small, modern world has a lot of growing up to do before this makes sense.