In a March 15 indictment, the US Department of Justice alleged that two Russian spies working with two criminal conspirators were behind a massive hack that stole data on 500 million Yahoo accounts in 2014. According to the charges, the defendants used some of that stolen information to access to the contents of email accounts of Russian journalists, US and Russian government officials, and employees of financial, transportation, and other companies. One defendant, the indictment alleges, obtained credit card and gift card numbers from the Yahoo data and exploited it for his personal financial gain. The New York Times reports that this is the first case in which the Justice Department has brought cybercrime charges against Russian intelligence officials.
Zachary Goldman, executive director of NYU Law's Center on Law and Security and co-founder of NYU's Center for Cybersecurity, had these initial thoughts on the indictment:
-
“This indictment is part of a broader sustained effort on the part of the US government to deter Russia from committing cyberattacks by prosecuting Russian cybercriminals, imposing sanctions, and taking other measures like expelling Russian diplomats and spies. While prosecutorial judgments are independent of the White House, deterrence efforts are embedded in a larger policy context, and it is not clear how the policy of raising the cost to Russia of committing these kinds of attacks will fare in the Trump administration.”
-
“The hackers in this case also acted for a broad spectrum of reasons—they stole data to make money and also committed acts of politically motivated espionage. The distinctions we make between public and private sector activity in the United States do not map cleanly onto adversaries like Russia.”
-
“The indictments also illustrate that tying specific cyber intrusions to named suspects, while difficult, is not impossible.”
Posted March 16, 2017