To quote a political figure from the past, “this is a big f*****g deal” — in part. The Department of Justice accused Russia of conducting “the most disruptive and destructive series of computer attacks ever attributed to a single group” in an indictment unsealed against six members of their military intelligence agency, the GRU. In a press conference immediately afterward, assistant Attorney General John Demers noted that it cost two American corporations and a Pennsylvania hospital hundreds of millions of dollars in damage.
Those weren’t the only targets of the GRU, either:
"We announce criminal charges against the conspiracy of Russian military intelligence officers who stand accused of conducting the most disruptive and destructive series of computer attacks ever attributed to a single group," says assistant AG John Demers. https://t.co/cD4Pwdln3L pic.twitter.com/S2xbYY9eqW
— ABC News (@ABC) October 19, 2020
The indictment also accuses the defendants, all alleged officers in the Russian military agency known as the GRU, in destructive attacks on Ukraine’s power grid and in a hack-and-leak effort directed at the political party of French President Emmanuel Macron during the 2017 election.
The indictment does not charge the defendants in connection with interference in American elections, focusing instead on attacks that prosecutors said were aimed at promoting Russian’s own geopolitical interests. Those include cyberattacks that targeted the 2018 Winter Olympics in South Korea, where Russian athletes were banned because of a state-sponsored doping effort.
“No country has weaponized its cyber capabilities as maliciously or irresponsibly as Russia, wantonly causing unprecedented damage to pursue small tactical advantages and to satisfy fits of spite,” said Assistant Attorney General John Demers, the Justice Department’s top national security official.
How costly was this conspiracy? The DoJ estimates global damage at ten billion dollars, with over three hundred people and entities targeted. Not all of the targets were American, but by charging this as a conspiracy, the DoJ can include all of the hacks in its charges, regardless of jurisdiction.
Despite the rhetoric about Russia’s government, the DoJ took pains to emphasize that the indictments apply to the individuals, not to the Russian government or the GRU as organizations. The statements during the presser emphasized that the indictments have nothing to do with this election or the 2016 election, for which a Mueller team indictment on GRU members remains in force. Still, this provides a rather forceful pushback, at least rhetorically, against the Russians for their malicious cyberwarfare ahead of this election.
So how is this not a big deal? Just as with the earlier indictment, it’s not going to result in an active prosecution — not unless one of the six is dumb enough to travel to a country that has an extradition treaty with the US. That was also true of Robert Mueller’s indictment against other GRU members. As long as they stay in Russia, there’s not much the US can do to touch them, except apply sanctions to keep them from using normal financial institutions. We can expect talk of even more punitive sanctions against Moscow too, or perhaps payback will come more covertly. Whatever we’ve done up to this point has clearly not disincentivized Russia from conducting these attacks.