A federal grand jury in Pittsburgh has indicted six members of the GRU for a huge number of cyberattacks on the 2017 French elections, the 2018 Winter Olympics, and other targets.
The indictments, announced by the Department of Justice, also charged the six intelligence officers with attacking Ukrainian infrastructure, including the country’s electric grid, in 2015 and 2016 and with distributing the destructive NotPetya malware, which affected United States medical facilities, a U.S. pharmaceutical manufacturer, and other U.S. businesses. The damage from the NotPetya attacks in the U.S. alone was close to $1 billion, the DOJ said.
“No country has weaponized its cyber capabilities as maliciously or irresponsibly as Russia, wantonly causing unprecedented damage to pursue small tactical advantages and to satisfy fits of spite,” John Demers, assistant attorney general for national security, said in a statement. “The department has charged these Russian officers with conducting the most disruptive and destructive series of computer attacks ever attributed to a single group, including by unleashing the NotPetya malware.”
The six defendants are all charged with conspiracy to conduct computer fraud and abuse, conspiracy to commit wire fraud, wire fraud, damaging protected computers, and aggravated identity theft. Some cybersecurity experts praised the indictments, but others warned that the DOJ’s actions aren’t likely to make a major dent in cyberattacks from Russia and other countries.
The indicted hackers aren’t likely to face justice in the U.S., said Matt Pinsker, a homeland security and criminal justice professor at Virginia Commonwealth University.
“Russia won’t extradite their own, so for them to be arrested and go to trial, they’d first have to voluntarily travel to the U.S. or another country for which there is an agreement with the U.S. to extradite,” he told the Washington Examiner. “It is unlikely the hackers would ever do that.”
The indictments are more of a foreign policy tool, said Pinsker, a former federal prosecutor. The DOJ is “sending a warning to Russia, but beyond that, it doesn’t do much.”
Adam Levin, founder and chairman of cybersecurity firm CyberScout, agreed that the defendants aren’t likely to appear in a U.S. court. However, the indictments may be a “diplomatic way” to signal that retaliation is coming, he told the Washington Examiner.
“The indictments matter because were the government to say — or do — nothing, it would signal to Russia a tacit acceptance or even approval of the activity,” he said. “But on the surface, the indictment has no teeth and will not stop Russian interference.”
There may be other ways that the U.S. is responding, however, he added. “If the U.S. is taking other approaches to solving the problem of Russian interference, it will not be making any of its efforts public,” he said. “We are and have been engaged in an entrenched cyberwar for years. It is the new Cold War.”
The indictments of the Russian hacking group, sometimes called Sandworm, is an effort to rein in this type of hacking activity, said Chester Wisniewski, principal research scientist at cybersecurity firm Sophos.
“Sandworm has operated for more than 10 years and has played nearly every card in the attacker playbook,” he told the Washington Examiner. “They have been a noisy operation, and many of us have been expecting this day to come for some time.”
The group’s activities have popularized sophisticated nation-state tactics, and everyday criminals have copied the hacking campaigns, he added.
“While they did not pioneer all these methods, they certainly perfected them and exposed their usefulness in breaching organizations’ defenses,” he said. He agreed that the accused hackers are unlikely to ever be arrested. Three of the six have been previously indicted for other crimes, and he added, “These indictments might prove to embolden them rather than curb their behavior.”
Wisniewski called on organizations to pump up their cyber defenses.
“We’re no safer than we were yesterday,” he said. “Were they to be arrested, their replacements are already in training, and the relentless thirst of nation-states to compromise and interfere with their adversaries goes undeterred.”
