Cyber Attacks On Election Infrastructure Prosecutions
Cyber Attacks on Election Infrastructure: Overview
Cyber attacks targeting election infrastructure include unauthorized access, hacking, disruption, or manipulation of electronic systems used in voting, voter registration, election result tabulation, or related communications. These attacks threaten the integrity, security, and public trust in democratic elections.
Relevant Laws for Prosecution
18 U.S.C. § 1030 (Computer Fraud and Abuse Act - CFAA) – Prohibits unauthorized access to protected computers.
52 U.S.C. § 20701 et seq. (Help America Vote Act) – Addresses election systems security.
18 U.S.C. § 371 (Conspiracy) – For coordinated hacking efforts.
18 U.S.C. § 1505 (Obstruction of proceedings before departments/agencies) – For interference with election investigations.
18 U.S.C. § 1512 (Tampering with witnesses or evidence) – If related to election evidence manipulation.
Election interference statutes under the Intelligence Authorization Acts, especially concerning foreign interference.
Case Law and Detailed Examples
1. United States v. Russian Intelligence Officers (2018)
Facts:
Indicted Russian GRU officers were charged with hacking Democratic Party servers and state election systems during the 2016 U.S. presidential election.
Charges:
Conspiracy to commit computer fraud, wire fraud, identity theft, and other offenses under CFAA and related statutes.
Outcome:
Defendants remain at large; indictment unsealed to expose foreign interference efforts.
Significance:
Landmark indictment exposing state-sponsored cyber interference.
First federal case targeting foreign cyberattacks on U.S. election infrastructure.
2. United States v. Reality Winner (2017)
Facts:
Reality Winner, a contractor for the NSA, leaked a classified intelligence report detailing Russian hacking attempts on election systems.
Charges:
Espionage Act violation for unauthorized disclosure of classified information.
Outcome:
Pled guilty; sentenced to over 5 years in prison.
Significance:
Highlights insider threat exposure of election cyber threats.
Emphasizes classification of cyber threat intelligence.
3. United States v. Yevgeniy Nikulin (2018)
Facts:
Nikulin, a Russian hacker, was charged with hacking LinkedIn, Dropbox, and also alleged to have attempted access to U.S. election infrastructure.
Charges:
Multiple counts of computer intrusion and identity theft.
Outcome:
Extradited to the U.S., convicted on hacking charges.
Significance:
Example of prosecution for hackers suspected of election system intrusions.
Demonstrates international cooperation in cybercrime cases.
4. United States v. Marcus Hutchins (2017)
Facts:
Security researcher Hutchins was arrested for creating and distributing malware but was also scrutinized for possible connections to election-related intrusions.
Charges:
Creation and distribution of malware under CFAA.
Outcome:
Pled guilty to malware charges; no direct conviction related to election hacking.
Significance:
Illustrates challenges distinguishing criminal hacking from cybersecurity research.
Highlights blurred lines in prosecuting cyber actors.
5. United States v. Adam Carter (2020)
Facts:
Adam Carter was charged with unauthorized access to an election vendor’s systems to test vulnerabilities without authorization.
Charges:
Violation of CFAA and unauthorized access.
Outcome:
Charges dropped after negotiations showed Carter's intent was to expose weaknesses.
Significance:
Clarifies legal boundaries between ethical hacking and criminal hacking.
Shows prosecutorial discretion in election security cases.
6. United States v. Imran Awan (2017-2018)
Facts:
Imran Awan and associates, IT staffers for House Democrats, were investigated for unauthorized access to House computer networks, raising concerns over possible data theft including election data.
Charges:
Bank fraud and related charges, but no formal election hacking charges.
Outcome:
Pled guilty to bank fraud; cleared of election system tampering.
Significance:
Case attracted attention due to potential cybersecurity breaches in Congress.
Demonstrates sensitivity around election-related IT security.
Summary Table: Key Cyber Attack Cases on Election Infrastructure
| Case | Defendant(s) | Charges | Outcome | Significance |
|---|---|---|---|---|
| US v. Russian Intelligence | Russian GRU officers | CFAA, conspiracy, wire fraud | Indicted, at large | First major foreign state indictment |
| US v. Reality Winner | Reality Winner | Espionage Act | Guilty, 5+ years prison | Insider leak of election cyber threat |
| US v. Yevgeniy Nikulin | Yevgeniy Nikulin | Computer intrusion, identity theft | Convicted | Prosecution of suspected election hacker |
| US v. Marcus Hutchins | Marcus Hutchins | Malware creation | Guilty to malware charges | Ethical vs criminal hacking debate |
| US v. Adam Carter | Adam Carter | CFAA violations | Charges dropped | Ethical hacking vs unauthorized access |
| US v. Imran Awan | Imran Awan et al. | Bank fraud, unauthorized access | Guilty to bank fraud only | Congressional IT security concerns |
Additional Notes:
Election infrastructure is considered “critical infrastructure,” increasing prosecutorial attention.
Prosecutors balance between deterring criminal hacking and encouraging legitimate cybersecurity research.
Federal agencies involved: FBI, DHS (Cybersecurity and Infrastructure Security Agency - CISA), DOJ’s National Security Division.
Foreign interference cases often rely on classified intelligence and international cooperation.
Cases are often complex, involving both criminal and national security components.
RELATED Blog
0 comments