Published by The Lawfare Institute
in Cooperation With
Some notable points about this indictment:
- It required cooperation with a number of other countries including, surprisingly, Ukraine. According to the Washington Post report, over the weekend, Ukrainian authorities seized servers in Donetsk, which as readers of this blog know is contested territory. If so, this seems a remarkable commitment from an unstable government.
- As with the Chinese indictments this case was bought in Pittsburgh (WDPA) which is an odd location to choose. Apparently, the office is developing an expertise in cyber crime. The indictment alleges that some of the victims were in the district, but it seems as though most of them were outside. I guess if you have a good place, and a good opportunity, you choose your venue strategically.
- The indictment was brought in a parallel with an ex parte civil complaint that sought authority for the government to engage in a malware disruption plan. Though nobody is in a position to challenge this type of action, I have my doubts as to its lawfullness. It requires acceptance of novel theories of law both relating to the jurisdiction of the court and to the court’s authority to order equitable relief of the sort needed to destroy the botnet. Most notably, the government sought (and received) authority to send software commands to computers owned by private individuals that had, unknowingly, been infected. As support for this action, the government relied on two statutes, 18 USC 1345 and 2531, that broadly spoke to its authority to enjoin fraudulent activity but did not specifically speak to the applicability of the law to computer networks.
- As with the Chinese, we may well doubt that Bogachev will ever see the inside of a courtroom -- though he is more likely to do so, in my judgment, than the Chinese PLA defendants.