Last month, the Justice Department reversed its two-year effort to prosecute two Russian companies indicted in the investigation by special counsel Robert S. Mueller III. Prosecutors said they were dropping the charges against two companies, Concord Management and Consulting and sister firm Concord Catering, despite having accused both firms of organizing and financing social media influence operations at the Internet Research Agency (IRA).
Mueller had indicted IRA and the Concord companies in February 2018, alleging they used fake social media campaigns to interfere in the 2016 presidential election. So is Attorney General William P. Barr’s Justice Department now trying to overturn Mueller’s findings?
In this case, the story is more complicated. This development shows how foreign organizations are fighting back against U.S. efforts to “name and shame” hackers linked to other governments.
What’s the strategy of Russia’s Internet trolls? We analyzed their tweets to find out.
Dropping the charges was probably not a political decision
Some analysts may suspect that cutting off the prosecution, just weeks before the case was set to go to trial, was yet another instance of Barr undoing Mueller’s work — and seeking to please President Trump. After all, Yevgeniy Prigozhin owns both of these companies. He’s the Russian oligarch whose work on behalf of the Kremlin has earned him the moniker “Putin’s chef.”
However, it makes little sense to drop charges against just these two companies and not the other Russians, including Prigozhin, that Mueller charged. In fact, the real reasons for the reversal point more to operational than political concerns in the case.
The motion to dismiss that prosecutors filed gives two reasons for forgoing trial. First, it argues that Concord tried to employ aggressive courtroom tactics in an effort to “discredit the investigation” while remaining out of reach of real legal consequences. Second, the motion mentions a “change in the balance of the government’s proof due to a classification determination.” This means information prosecutors previously believed they could use in court would no longer be available because an intelligence authority determined it to be classified.
In our recently published research on the use of criminal charges against government-sponsored hackers, we identify this issue — the potential disclosure of classified information — as a key trade-off that prosecutors and intelligence officials have to negotiate in their decisions to bring charges.
Last month’s case provides further confirmation of our arguments about the potential downsides of indictments against foreign hackers. However, despite what some analysts argue, that doesn’t mean these types of indictments don’t serve an important function.
Indictments can call out foreign hacking attempts
Why would the Justice Department announce an indictment of a foreign hacker when there is often little chance the case would ever result in a conviction? Based on our analysis of the 24 cases and 195 criminal counts the Justice Department has leveled against hackers linked to foreign governments since 2013, we argue that criminal charges serve multiple, sometimes overlapping purposes.
For instance, like the IRA indictment, formal U.S. charges can “attribute” or explicitly identify a foreign government as responsible for a cyber incident. The charges against the IRA were not the first attribution of social media trolling to the Russian government, but they did buttress the U.S. intelligence community’s January 2017 assessment that Russia interfered in the 2016 election.
Charges also are responsive to domestic pressure to take action in response to high-profile hacks. One might see the primary goal of Mueller’s indictment through this lens. In fulfilling his mandate as special counsel, he had to bring charges against those most responsible for interfering in the election — and that meant indicting Russians, regardless of whether he could ultimately prosecute them.
Yet in other cases, indictments have led to arrests. Consider the case of Su Bin, a Chinese national indicted and arrested for stealing valuable aerospace trade secrets. In instances where the United States brought charges against foreign companies, these investigations have often helped identify targets for further actions, like economic sanctions.
The coronavirus is expanding the surveillance state. How will this play out?
What makes the Concord case stand out is that it is the first time someone has decided to challenge the charges. In previous cases, the arrested individuals have all pleaded guilty, but Concord hired an aggressive U.S. law firm to contest the indictment.
It is unclear whether Concord consciously sought to reveal classified U.S. government information through its litigation, but the case shows that the classified information issue is a real barrier to more timely and widespread use of indictments.
Although some U.S. officials have worried that adversaries could respond by indicting hackers working for U.S. Cyber Command or the National Security Agency, that wasn’t the case. Instead, Concord’s tactics point to a different kind of a blowback risk: that the accused entities could use the U.S. legal system to their advantage.
Effectively combating government-linked hacking will require many tools
Going forward, this case is likely to inspire more caution, as prosecutors may be wary of bringing an indictment only to have to drop it once the defendant fights back. We have already seen policymakers opt for a different tool to protect the 2018 midterm elections — using U.S. military cyber-operators to disrupt the IRA’s Internet connection on Election Day.
Yet there is no silver bullet for stopping adversaries from engaging in cyber-interference. Neither indictments nor military operations will be sufficient on their own. An effective approach would use indictments in combination with other tools, such as sanctions, diplomacy and even military cyberoperations to impose costs and barriers to adversaries’ cyber-campaigns. And, as we are now witnessing, those identified and formally accused of hacking against the United States may be more likely to fight back against those efforts.
The TMC newsletter is changing shape! Sign up here to keep receiving our smart analysis.
Garrett Hinck is a research assistant with the Cyber Policy Initiative and the Nuclear Policy Program at the Carnegie Endowment for International Peace.
Tim Maurer (@maurertim) is co-director of the Cyber Policy Initiative and a senior fellow at the Carnegie Endowment for International Peace, and author of Cyber Mercenaries: The State, Hackers, and Power (Cambridge University Press, 2018).