Georgetown Law
Technology Review

The Indictment

On October 15, 2020, a federal grand jury brought charges against six Russian intelligence officials in the Western District of Pennsylvania for conducting several prominent cyberattacks. The defendants, Yuriy Andrienko, Sergey Detistov, Pavel Frolov, Anatoliy Kovalev, Artem Ochichenko, and Petr Pliskin, allegedly serve as officers in the Russian Main Intelligence Directorate (“GRU”), one of the Russian Federation’s three military intelligence agencies.

The indictment charges the officials with conspiracy, wire fraud, aggravated identity theft, and damage to computers used in critical infrastructure. The Department of Justice (“DOJ”) specifically accuses the defendants of orchestrating several of the world’s most destructive cyberattacks in recent years. The DOJ claims that the officials, acting on behalf of the Russian government, initiated the NotPetya malware attack, which cost U.S. and global businesses billions of dollars in lost sales and data recovery expenses. The indictment also blames the defendants for deploying destructive malware to destabilize Ukraine’s power grid, undermine French elections, stymie the Novichok poisoning investigations, and attack critical infrastructure around the world.

The Likelihood of a Conviction

Convincing a grand jury to indict foreign hackers is one matter; managing to convict foreign hackers is another matter entirely.

The DOJ faces several formidable obstacles in its quest to successfully prosecute the six Russian defendants. For example, prosecutors must gather sufficient evidence to attribute the cyberattacks to the named defendants, not just to the Russian government, yet such evidence often exists overseas. Complications arise when the information needed to successfully prosecute cybercrimes can only be found in countries that do not cooperate with U.S. law enforcement. The Russian Federation has not agreed to cooperate with the U.S. on prosecutions nor extradition of its citizens, which limits the DOJ’s ability to collect much-needed information.

Further complicating the road to conviction, prosecutions of state-sponsored hackers often involve classified information. Thus, even if the DOJ can meet its burden of proof, prosecutors may not be able to admit some evidence at trial due to national security concerns. The DOJ recently dismissed a case tied to two Russian companies’ alleged attempts to interfere in the 2016 presidential election, after the defense sought classified information about the U.S. government’s investigative techniques and the identities of cooperating witnesses. Unwilling or unable to reveal the classified information, federal prosecutors chose to abandon the case after nearly four years of investigative and trial work.

Possible Alternatives

Given the challenges associated with obtaining an arrest and a conviction, it is worth considering alternative measures to hold state-sponsored hackers accountable. First, federal prosecutors can pursue civil actions against the defendants to seize their computer hardware and seek court-ordered sanctions. Despite the lower burden of proof, civil cases pose many of the same evidentiary and logistical challenges as criminal cases. Second, the U.S. government can employ a targeted diplomatic approach to isolate the six defendants outside of Russia’s borders. Such a diplomatic strategy would require significant law enforcement coordination with allies. To buttress a diplomatic approach, the U.S. can unilaterally impose asset freezes and travel sanctions against the Russian officials. Finally, the U.S. military could retaliate against the individual perpetrators as well as the Russian Federation more broadly by deploying disruptive cyber operations via the U.S. Cyber Command.

These alternative measures represent a more robust, multi-faceted approach to countering the Russian Federation’s malicious cyber operations. When deployed simultaneously, these diplomatic, economic, and military tools can impose considerable political costs on the Russian government and incapacitate individual hackers. While none of the alternatives can guarantee an end to Russian cyber aggression, they at least provide the U.S. government with mechanisms beyond that of a highly constrained, resource-heavy prosecution to hold state-sponsored hackers accountable.