The U.S. government has a hard time bringing any foreign hacker to justice, and that likely includes some, if not all, of those who might be identified in the FBI-led investigation of Russia’s plot to interfere with the U.S. presidential election.
The tallest hurdle might be how to prosecute a hacker without revealing information about U.S. intelligence sources and methods that enabled investigators to build their case, especially if the hackers live abroad and out of prosecutors’ grasp.
“Once we know that this guy is a hacker, the foreign intelligence agency is going to try to figure out how we know,” said Peter Harrell, a former deputy assistant secretary of state who was a key figure in the U.S. sanctions on foreign governments during President Barack Obama’s administration.
“Taking down one of those guys at the expense of not being able to take down (those) that might come after him or her is problematic,” said Richard Nephew, a former deputy coordinator for sanctions policy at the State Department. “Then there’s the issue of, you charge them, can you actually arrest them?”
So far, no one has been arrested, indicted or fingered as a Russian-financed operative assigned to help Donald Trump win. Several law enforcement and intelligence agencies have been collaborating in the inquiry into Russia’s attempts to interfere with America’s election since last spring.
The lack of prosecutions may just be a reflection of the complexity of the investigation into alleged cyber scheming by one of the most powerful nations on earth.
But there’s an open question as to how far the inquiry can go, given that some of the alleged hackers are believed to live in Eastern Europe or Russia, where they could be out of the Justice Department’s reach. And then there’s the problem of protecting intelligence sources and methods.
The investigation is now being overseen by new Attorney General Jeffrey Sessions, a former adviser to Trump’s presidential campaign. FBI Director James Comey will make any prosecution recommendations resulting from the investigation to Sessions or those who report to him.
Sessions has yet to respond to calls from more than 50 Democratic members of Congress for him to withdraw from involvement in the inquiry because of the appearance of being partial to Trump. A Justice Department spokesman declined to comment on that issue.
The FBI, the CIA and the National Security Agency left little room for doubt last month in a declassified report concluding that Russia hacked and arranged for the public release of embarrassing Democratic Party emails in a scheme ultimately aimed at boosting Trump’s chances. It was carried out on the orders of President Vladimir Putin, the intelligence agencies said.
One U.S. government official with knowledge of the multi-faceted inquiry said the FBI and intelligence agencies still are investigating. The official, who spoke on condition of anonymity because of the sensitivity of the matter, declined to discuss details.
A former British intelligence officer’s mostly uncorroborated reports for political critics of Trump indicated that one or more Russian hackers were working inside the United States.
The reports by ex-spy Christopher Steele said Russia paid its U.S.-based operatives, mainly immigrants from Russia, through a system for distributing pension benefits.
Harrell said, however, that his biggest question has been why Russia would use U.S.-based hackers, when the Moscow government has plenty of its own.
The Reuters news agency reported over the weekend that FBI field offices in Pittsburgh and San Francisco are playing leading roles respectively in the hunt for those who hacked the emails of Democratic National Committee officials and John Podesta, who chaired Hillary Clinton’s presidential campaign.
Nephew and Harrell said it wouldn’t be surprising if none of the actual hackers is prosecuted.
They pointed to a 2014 federal indictment charging five Chinese officers in the People’s Liberation Army with economic espionage in the hacking of a half-dozen U.S. companies — a prosecution stemming from an investigation by the Pittsburgh FBI field office.
All five defendants were active duty military officers in China, beyond the Justice Department’s reach.
“State actors engaged in cyber espionage for economic advantage are not immune from the law just because they hack under the shadow of their country’s flag,” John Carlin, assistant attorney general for national security, said in announcing the May 2014 indictments.
By bringing the indictment, Harrell said, the U.S. government was publicly saying it knows who perpetrated the crime and attempting to shame the culprits and perhaps their government.
The Chinese case contributed to former President Obama’s decision to issue an executive order in 2015 authorizing the Treasury Department to impose sanctions against countries harboring hackers whose crimes threaten America’s national security, said Nephew, who was involved in the decision.
Attorney General Loretta Lynch also indicted seven Iranians who the U.S. claimed were sponsored by Iran’s Islamic Revolutionary Guard Corps. They were accused of conducting denial-of-service attacks against 46 major companies, primarily in the U.S. financial sector, from late 2011 through mid-2013.
Nephew said that with cyber hacking proliferating worldwide, federal law enforcement officials “were kind of out of ideas.”
“They knew they had a sources and methods issue. They knew they had a prosecution ability issue. So they were kind of stuck with, what do we do to impose costs on these guys, to make life harder on them for engaging in these bad acts?
“That is the primary reason I don’t think you’ve had any of these (2016 Russian hackers) charged.”
Tim Johnson of the Washington bureau contributed.
Greg Gordon: 202-383-6152, @greggordon2
Kevin G. Hall: 202-383-6038, @KevinGHall