Cybersecurity Partner Quoted in Law360 Article
According to the article, the U.S. Department of Justice unsealed an indictment charging seven individuals with purported ties to the Iranian government with orchestrating cyberattacks against banks, stock exchanges and a New York dam. The individuals were employed by two private security companies that conducted work for the Iranian government. The alleged attacks took place between December 2011 and May 2013.
Mr. Hall commented on the release of the indictment:
While he agreed that the public disclosure of new facts that could help the public gain a better sense of the facts surrounding the attacks and help decrease the likelihood of future incidents was a clear benefit of the indictment, David Hall, a Wiggin and Dana LLP partner and former assistant U.S. attorney, flagged the fact that no arrests were made as particularly troubling.
"This 'blame and shame' approach seems to be a new strategy of the DOJ," Hall said, noting that the indictment of the Chinese hackers nearly two years ago also was not accompanied by any arrests. "While I understand the degree of difficulty with making such arrests, it seems to me that a better approach across the board would be to actually follow through with the prosecution."
As evidence that it is possible for prosecutors to overcome the distance and foreign relations barriers to apprehending suspects in countries such as Iran and China, Hall cited a pair of cases from his more than 20-year career as a federal prosecutor: the apprehension of Chinese software pirate Xiang Li in 2011, and the arrest of Iranian military arms smuggler Amir Hossein Ardebili, who was lured to and captured in the Republic of Georgia in 2007.
"If deterrence were the ultimate point, then what they would really want to do is increase the cost to the hackers of undertaking this kind of illegal activity, and the way to do that is to arrest people and punishing them according to the law," Hall said.
To read the full article, please click here.