Election System Hacking Prosecutions
1) United States v. 12 Russian GRU Officers (2018)
Facts: Twelve officers of Russia’s military intelligence agency (GRU) were indicted for cyber intrusions targeting U.S. political organizations during the 2016 election. They spear-phished emails of Democratic campaign staff, accessed voter databases in some states, and exfiltrated internal communications.
Charges: Conspiracy to commit computer intrusions (CFAA, 18 U.S.C. §1030), aggravated identity theft (18 U.S.C. §1028A), and money laundering.
Outcome: The defendants were in Russia, so no trial occurred in the U.S. However, the indictment documented state-sponsored hacking and served as a template for prosecuting large-scale election interference.
Significance: Shows prosecutors layering CFAA, identity theft, and fraud statutes to address both technical intrusion and misuse of stolen information.
2) United States v. Internet Research Agency (IRA) and affiliates (2018)
Facts: Russian nationals and the IRA were charged with a coordinated influence operation, creating fake social media accounts to manipulate U.S. voters. They purchased ads and posted disinformation to sow discord during the 2016 election.
Charges: Conspiracy to defraud the United States, wire fraud, and identity-document fraud.
Outcome: Like the GRU case, the defendants were outside the U.S., but the indictment established that deceptive online activity can be prosecuted under conspiracy and fraud statutes.
Significance: Demonstrates that election interference need not involve hacking infrastructure; coordinated disinformation and identity fraud are prosecutable.
3) United States v. Elena Khusyaynova (Project Lakhta, 2018)
Facts: Khusyaynova allegedly managed finances for Project Lakhta, a Russia-linked operation funding social media campaigns to influence U.S. elections (2014–2018).
Charges: Conspiracy to defraud the United States (18 U.S.C. §371).
Outcome: Charges focused on the financial support behind disinformation campaigns. Khusyaynova remained abroad and contested the charges publicly.
Significance: Shows prosecutors can target operational enablers of election interference, even without direct hacking, using conspiracy and fraud statutes.
4) Fulton County, Georgia RICO Indictment (2023)
Facts: Alleged attempt to subvert the 2020 election results in Georgia. Some defendants accessed election equipment in Coffee County, Georgia, copied voting-system data, and attempted to create fraudulent electors.
Charges: Georgia RICO (racketeering), criminal trespass, computer theft, conspiracy, and impersonation of public officers.
Outcome: Some guilty pleas and cooperation agreements; major defendants contesting charges. The local equipment breach was a key overt act in the larger conspiracy.
Significance: Demonstrates state-level prosecutions using RICO and computer-trespass laws to address unauthorized access to election systems.
5) Coffee County Equipment Access Pleas
Facts: Individuals accessed election machines and copied data.
Charges: State computer trespass and related misdemeanors.
Outcome: Several accepted reduced charges for cooperation; felony counts were sometimes dropped.
Significance: Illustrates prosecutorial strategy to secure cooperation while focusing on higher-level orchestrators.
6) Supreme Court Limitation — Van Buren v. United States (2021)
Facts: A police officer misused authorized database access for personal gain. The Court ruled that “exceeds authorized access” under CFAA does not cover misuse of credentials if access is technically permitted.
Significance: Limits federal CFAA-based prosecutions for insiders using legitimate access to election systems improperly. Prosecutors must use state trespass laws, fraud statutes, or prove truly unauthorized access.
7) State of Michigan — 2020 Election Equipment Intrusion (example)
Facts: An individual accessed tabulation software on election night to test vulnerabilities.
Charges: Unauthorized computer access and attempted election interference.
Outcome: The defendant pleaded guilty to misdemeanor computer trespass; no evidence of altering votes.
Significance: Highlights that even testing or probing election systems without permission can lead to criminal liability at the state level.
Summary of Trends Across Cases
Federal strategy: Layer CFAA, identity theft, fraud, conspiracy. Target foreign actors even if trial unlikely.
State strategy: Use computer-trespass, RICO, and local theft statutes for domestic actors.
Insider access limitations: Van Buren narrows CFAA applicability; prosecutors increasingly rely on state laws and fraud statutes.
Financial and operational enablers: People funding, organizing, or managing influence campaigns are prosecutable even without directly hacking systems.
RELATED Blog
0 comments