Feds face extreme barriers in their push to prosecute foreign hackers targeting US industry, with many suspects evading prosecution for years after charges are even filed.
This week U.S. prosecutors in Pittsburgh ha announced charges against three Chinese nationals who had stolen highly confidential business information from two U.S. companies, Moody’s Analytics, and the German manufacturing giant Siemens AG. These high-profile corporate espionage, and hacking cases can inflict serious economic damage.
The defendants had worked for a Chinese cybersecurity firm called Boyusec, which has ties to China’s Ministry of State Security. U.S. officials tried in October 2015 to secure the Beijing’s cooperation in apprehending all the hackers, keeping in line with a 2015 agreement that was intended to bolster the cyber crime cooperation with China. But the U.S. “received no meaningful response,” as a Justice Department spokesman told the news source.
The accusation against the Chinese nationals was filed late September, and were recently unsealed.
“We have pursued every available avenue to hold the actors accountable in this case and have determined that there is no longer a law enforcement justification to keep the charges under seal,” the Justice Department spokesman, Wyn Hornbuckle had said.
“We will continue to press the Chinese government to take steps to prevent this kind of behavior in the future and to hold the actors accountable under Chinese law,” he further said.
The announcement that came after less than a week, the U.S. prosecutors in New York speedily and publicly charged an Iranian hacker for breaching into the networks belonging to HBO. The hacker had allegedly stolen unaired episodes of the popular programs and then demanded $6 million in bitcoin payments from the company while threatening to release the data they stole.
The individual charged, Behzad Mesri, is said to have worked for the Iranian military. Like the Chinese hackers, he remains to be out of the reach of the U.S. law enforcement authorities.
“These indictments are more to make a political statement to China, Iran and other countries which either protect or sponsor hackers,” said Hanley Chew, a former federal prosecutor who specializes in cyber crime.
“It’s both a warning to the individual hacker and, to the extent that the hacker is state-sponsored, also to the country, that says that we take these matters very seriously,” Chew had added.
The Law enforcement officials have long faced an ongoing struggle in bringing the hackers to justice, given the difficulty of attributing these attacks and gathering enough evidence to successfully prosecute them.
“This is definitely a growing problem both domestically and internationally,” said Chew, who is currently a lawyer at Fenwick & West. “As more and more personal data is being stored online … there are likely to be more unauthorized intrusions as the targets become more tempting and the potential rewards for this activity becomes much greater.”
In both of the recent cases, officials had signaled that they concluded it was highly unlikely that they would apprehend the hackers through such means.
“We had to make an assessment whether there was a realistic chance of actually getting him or luring him to a place where we could get him and then we weighed that against the importance of sending a message that we can and will, even when you are immediately beyond our reach, charge you and make a public statement like this,” Joon H. Kim, the acting U.S. attorney for the Southern District of New York, had said of the Mesri indictment last week on Tuesday.
“And that was the balancing that we did, and we decided this was the right time to do it,” he had said.