SPONSORED:

Feds find some foreign hackers are out of reach

Feds find some foreign hackers are out of reach
© Getty Images

Federal officials are increasingly finding it difficult to prosecute foreign hackers who target U.S. businesses, with some suspects evading apprehension long after charges are filed.

Two recent cases underscore the difficulty of prosecuting and bringing hackers to justice in an age when cyber criminals and state-sponsored hackers are increasingly targeting institutions for financial and other gains. 

This week, U.S. prosecutors in Pittsburgh announced charges against three Chinese nationals who allegedly stole confidential business information from two U.S. companies, Moody’s Analytics and Trimble Inc., and the German manufacturing giant Siemens AG to gain commercial advantage.

ADVERTISEMENT

The defendants worked for a purported Chinese cybersecurity firm called Boyusec, which cyber threat researchers have previously linked to China’s Ministry of State Security.

 

U.S. officials tried in October 2015 to secure Beijing’s cooperation in apprehending the hackers, keeping in line with a 2015 agreement intended to bolster cyber crime cooperation with China. But the U.S. “received no meaningful response,” a Justice Department spokesman told The Hill.

The indictment against the Chinese nationals was filed in late September and kept under seal until Monday.

“We have pursued every available avenue to hold the actors accountable in this case and have determined that there is no longer a law enforcement justification to keep the charges under seal,” Justice Department spokesman Wyn Hornbuckle said.

“We will continue to press the Chinese government to take steps to prevent this kind of behavior in the future and to hold the actors accountable under Chinese law,” he said.

The announcement came less than a week after U.S. prosecutors in New York speedily and publicly charged an Iranian hacker for breaching networks belonging to HBO. The hacker allegedly stole unaired episodes of popular programs and then demanded $6 million in bitcoin payments from the company while threatening to release the data.

The individual charged, Behzad Mesri, is said to have worked for the Iranian military. Like the Chinese hackers, he remains out of the reach of U.S. law enforcement.

“These indictments are more to make a political statement to China, Iran and other countries which either protect or sponsor hackers,” said Hanley Chew, a former federal prosecutor specializing in cyber crime.

“It’s both a warning to the individual hacker and, to the extent that the hacker is state-sponsored, also to the country, that says that we take these matters very seriously,” Chew added.

Law enforcement officials have long faced an uphill battle in bringing hackers to justice, given the difficulty of attributing attacks and gathering enough evidence to successfully prosecute them.

The feat becomes trickier when the perpetrators cross national boundaries and officials are forced to rely on “mutual legal assistance treaties” with other countries to obtain the necessary information to investigate and prosecute crimes. The Justice Department is currently engaging with Congress to reform the process by which officials gain access to electronic evidence overseas.

“This is definitely a growing problem both domestically and internationally,” said Chew, who is now a lawyer at Fenwick & West. “As more and more personal data is being stored online … there are likely to be more unauthorized intrusions as the targets become more tempting and the potential rewards for this activity becomes much greater.”

Typically, an indictment targeting a foreigner is kept under seal and the arrest warrant circulated to other countries via Interpol, so that if the defendant travels overseas, he can be apprehended by an allied country and extradited to the United States. 

In both recent cases, officials signaled that they concluded it was unlikely they would apprehend the hackers through such means.

“We had to make an assessment whether there was a realistic chance of actually getting him or luring him to a place where we could get him and then we weighed that against the importance of sending a message that we can and will, even when you are immediately beyond our reach, charge you and make a public statement like this,” Joon H. Kim, acting U.S. attorney for the Southern District of New York, said of the Mesri indictment last Tuesday.

“And that was the balancing that we did, and we decided this was the right time to do it,” he said.

Officials do see some successes in cyber crime cases. On Tuesday, a Canadian man pleaded guilty to charges related to the 2014 Yahoo hacking campaign that affected 500 million people. The individual, Karim Baratov, was arrested in Canada in March and extradited to the United States.

However, his alleged accomplices — two Russian security service officers charged by the Justice Department in March — remain at large.

Officials can also apply pressure by imposing sanctions.

Before U.S. officials announced the charges against Mesri, The Washington Post reported that the Justice Department was prepared to announce several investigations involving Iranians, spurring concerns among some in law enforcement that the Trump administration was planning to go public with the cases in order to urge Congress to impose fresh sanctions against Tehran. 

In September, the Treasury Department sanctioned seven Iranian nationals and an Iran-based computer security company for their role in distributed denial of service attacks targeting U.S. financial organizations. The Justice Department under the Obama administration had announced charges against the hackers in March 2016.

Officials say that all options are on the table to punish foreign and state-sponsored hackers.

“Our overall goal is to diminish the threat and send messages that will change behavior. We are looking to impose costs wherever we can,” said William Sweeney Jr., assistant director-in-charge of the New York Office of the FBI, when announcing the charges against Mesri last week.

“That means we will look to publicly identify operators like this with indictments. We will seek civil actions to seize their computers and we will pursue sanctions with the Treasury Department,” he said.