Abstract:
In October of 2018, the U.S. Justice Department indicted seven members of the Russian Military Intelligence Directorate (GRU) for cybercrimes. It provides three takeaways:
1) The actions discussed in the indictment are both attacks on critical infrastructure (e.g., Westinghouse Electric), entities that check bad Russian behavior (e.g., Organization for the Prohibition of Chemical Weapons), and attacks on athletic organizations in response to the banning of Russian athletes due to doping in the 2014 Olympics.
2) Russia is very capable at influence and disinformation campaigns. Due to their relative weakness on the global stage (but accounting for their regional – not global – ambitions), Russia continues to use hybrid warfare to disrupt U.S. focus, practicing its techniques on states such as Ukraine.
3) While talented, the Russian hackers are imperfect and can be traced and identified. Three of the GRU officers indicted in this case had already been indicted in the Mueller investigation.
This case also demonstrates that there are multiple levels of national power that the United States and its allies can pull in order to counter bad behavior in the cyber realm. Previously, the United States had been hesitant to move too far in a direction. Over the last few years, however, indicting hackers from adversarial nations has been growing in popularity as a response tool.