The Justice Department Has Made Clear Its Indictments of Foreign Hackers Are Only for Show
By Josephine Wolff, Associate Professor at The Fletcher School at Tufts University
Usually when the Justice Department files charges against hackers linked to foreign governments, the defendants just issue blanket denials and then ignore the indictments, knowing they’re safely out of reach of the U.S. legal system. But not this time. In 2018, when Robert Mueller filed charges against a group of Russian individuals and three Russian companies for interfering in the 2016 U.S. elections, two of those companies decided to respond in U.S. court—and, incredibly, they now seem to have won.
This week, in a story you would be forgiven for having missed given the ubiquity of coronavirus coverage, the Justice Department announced its intentions to drop the charges filed by Robert Mueller in 2018 against two Russian shell companies allegedly involved in 2016 election interference efforts.
Those charges were already a not-entirely-satisfying response to Russia’s manipulation of the 2016 U.S. presidential election through social media campaigns and data breaches. But they at least provided a dose of “naming and shaming” online adversaries and a sense that the U.S. government could investigate what was happening on the internet. Now, the government wants to drop charges against two of the companies named in that indictment—Concord Management and Concord Consulting, both owned by Russian catering magnate Yevgeniy Prigozhin—because they have tried to fight those charges in court, instead of ignoring them completely.
“Upon careful consideration of all the circumstances, and particularly in light of recent events and a change in the balance of the government’s proof due to a classification determination … the government has concluded that further proceedings as to Concord, a Russian company with no presence in the United States and no exposure to meaningful punishment in the event of a conviction, promotes neither the interests of justice nor the nation’s security,” the government wrote Monday in a motion to dismiss.
The motion made reference to Concord’s attempts to access sensitive evidence for the purposes of its defense, something the United States was apparently unwilling to provide in light of a “classification determination.” On Dec. 20, 2018, Concord filed a motion to request that sensitive discovery related to the charges be released to it so it could prepare for the trial. The United States filed a response to that motion in January 2019, arguing that it would be damaging to release that sensitive discovery, which included “information describing the government’s investigative techniques, identities of cooperating individuals and companies, and personal identifying information related to U.S. persons who were victims of identity theft.” The U.S. government feared that if these materials were made available to the defendants, then Concord would share them with others, and perhaps even use them for further misinformation campaigns online aimed at “discrediting ongoing investigations into Russian interference in the U.S. political system.”
That’s not an unfounded fear—it stemmed at least in part from what the government believed the defendants had already done with the nonsensitive materials given to them as part of the case. The government response to Concord’s motion highlights a tweet sent by (now-suspended) Twitter user @HackingRedstone on Oct. 22, 2018: “We’ve got access to the Special Counsel Mueller’s probe database as we hacked Russian server with info from the Russian troll case Concord LLC v. Mueller. You can view all the files Mueller had about the IRA and Russian collusion. Enjoy the reading!” The government noted that the tweet “included a link to a webpage located on an online file-sharing portal. This webpage contained file folders with names and folder structures that are unique to the names and structures of materials (including tracking numbers assigned by the special counsel’s office) produced by the government in discovery.”
It makes perfect sense to worry that Russia would release the information disclosed to it as part of this case—of course it would! But it doesn’t make sense to let that fear stop this case in its tracks. Why should we be afraid of Russia releasing the evidence—or even doctored evidence—when publicizing this information was a crucial reason for filing charges in the first place? The whole point of the charges filed against Concord—in addition to the Internet Research Agency and the 13 Russians also named as defendants in the indictment—was to make more information about the election interference efforts publicly known. Far from fearing that the defendants will make this information publicly available, the United States should be doing that themselves. Perhaps some of the evidence involved in this case is highly classified and cannot be released, but we know that much of it is not based on the initial, public indictment. Moreover, former Facebook chief security officer Alex Stamos told the Washington Post that Facebook had provided unclassified evidence relevant to the investigation to the Department of Justice in 2017.
When the Trump administration announced its new National Cyber Strategy in 2018, it looked like we were on the verge of an era of more aggressive cyber conflict based on a philosophy of persistent engagement. I was wary of that approach at the time for fear it could needlessly escalate things, but it seems this administration’s idea of persistent engagement is more like tentative retreat. Indeed, the Trump White House seems even more reluctant than the Obama administration to go after the perpetrators of cyberattacks or try to hold them accountable for their actions.
By dropping these charges, the United States is signaling to all other defendants—not just in this case but in many others related to overseas cyberattacks and cyberespionage—that the Justice Department indictments are only for show. It says that the DOJ is not willing to actually use the full arsenal of legal tools at its disposal to even try to hold perpetrators accountable. It’s a baffling act of retreat that signals just how half-hearted the U.S. government’s efforts to tackle cybersecurity incidents truly are. And other defendants facing similar charges now know the easiest way to get those charges dropped: show up in court and demand all the evidence the United States has gathered against them.
Given that there appears to be plenty of unclassified evidence in this case, it’s hard to guess what the government’s real motivations for dropping the charges are. Perhaps it’s a sign that this administration is not really all that interested in investigating or publicizing election interference operations, which is bad news for all of us, as we head into yet another election.
This piece was republished from Slate.