Feeds

Russian hacking case can be heard in England, says judge

Servers based in London

New hybrid storage solutions

A case claiming that two Russian companies hacked into a London computer system can be heard in English courts, a judge has ruled. The Russian companies involved had argued that English courts had no jurisdiction.

A bitter legal dispute ranging across a number of cases and jurisdictions is raging between three companies, one a state-owned company in Tajikstan, another the Russian firm which is the third biggest aluminium producer in the world and the last a Guernsey-based company.

The Guernsey company, Ansol, and its UK advisors, Ashton, claim that the Russian aluminium firm, Rusal, and the Tajikstan company, TadAZ, stole its business in assisting Tajikstan in producing aluminium.

The three companies are locked in a series of bitter legal battles over the situation and thousands of files and computers have been frozen and seized in the process.

Ashton's computer system in London was broken into from an internet address belonging to Rusal, as well as from a number of other addresses, including many in Russia. Ashton and Ansol claim that Rusal is behind the digital break-ins, and that it was trying to obtain information that would be of use in the court battles.

Rusal denies accessing Ashton's system and says that the IP address could have been used by someone outside of the company via the firm's Wi-Fi network, which at that time was not secure.

Rusal's legal team argued that there was no serious case to be tried because the claim that a Rusal employee had hacked into the system could not be sustained. In order for the court to try the case, there must be a 'serious case'.

Jonathan Hirst QC, sitting as a deputy judge of the High Court, said in his ruling that he disagreed. "The Claimants are making extremely serious allegations against the Defendants, involving conduct which would be criminal under sections 1 and 2 of the Computer Misuse Act 1990, and which would constitute an outrageous attempt to gain access to privileged information held by the other party to litigation, and will have to produce commensurate proof," he wrote. "I am satisfied that the Claimants have shown that there is a serious issue to be tried. They have done more than just scrape over the hurdle."

Hirst said that some of the evidence before the court, "on one interpretation, show an unhealthy interest on the part of Rusal in the documents held by the Claimants and on Ashton's server, and which could be seen as consistent with Rusal having obtained access".

The case was brought against two Rusal companies but also against its chairman and chief executive, Oleg Vladimirovich Deripaska and Alexander Stanislavovich Bulygin, respectively. Hirst ruled that only the companies, and not those individuals, could be parties to the case. "In my judgment, the case that the individual defendants were behind the hacking into Ashton's server goes beyond what might be a legitimate inference and enters the realms of conjecture. Rusal is a very large group with thousands of employees," he wrote.

A crucial question for the court was whether the acts took place in England or Russia, and therefore whose law and jurisdiction applies. Hirst said that the actions did take place in England.

"Ashton's computer server was in London. That is where the confidential and privileged information was stored," he wrote. "The attack emanated from Russia but it was directed at the server in London and that is where the hacking occurred. The fact that it was transmitted almost instantly to Russia does not mean that the damage occurred only in Russia. If a thief steals a confidential letter in London but does not read it until he is abroad, damage surely occurs in London."

"I also consider that substantial and efficacious acts occurred in London, as well as Russia. That is where the hacking occurred and access to the server was achieved. This may have been as a result of actions taken in Russia but they were designed to make things happen in London, and they did so," wrote Hirst. "Effectively the safe was opened from afar so that its contents could be removed. It would be artificial to say that the acts occurred only in Russia. On the contrary, substantial and effective acts occurred in London."

Though Rusal argued that Russia was the natural forum for the case, Hirst said that England was the right place for the trial to be heard, because the principal witnesses were there and because there were some technical difficulties in Russian law which would make a conviction difficult to obtain.

He said that an English court was also the right venue for the case because of the additional expense involved in a Russian action and the fact that "the most significant element of the events occurred in London – I regard the unauthorised access to the server as being by far and away the most significant element of the events which occurred".

The judgment

Copyright © 2006, OUT-LAW.com

OUT-LAW.COM is part of international law firm Pinsent Masons.

Security for virtualized datacentres

More from The Register

next story
Phones 4u slips into administration after EE cuts ties with Brit mobe retailer
More than 5,500 jobs could be axed if rescue mission fails
JINGS! Microsoft Bing called Scots indyref RIGHT!
Redmond sporran metrics get one in the ten ring
Driving with an Apple Watch could land you with a £100 FINE
Bad news for tech-addicted fanbois behind the wheel
Murdoch to Europe: Inflict MORE PAIN on Google, please
'Platform for piracy' must be punished, or it'll kill us in FIVE YEARS
Phones 4u website DIES as wounded mobe retailer struggles to stay above water
Founder blames 'ruthless network partners' for implosion
Sony says year's losses will be FOUR TIMES DEEPER than thought
Losses of more than $2 BILLION loom over troubled Japanese corp
Radio hams can encrypt, in emergencies, says Ofcom
Consultation promises new spectrum and hints at relaxed licence conditions
Why Oracle CEO Larry Ellison had to go ... Except he hasn't
Silicon Valley's veteran seadog in piratical Putin impression
Big Content Australia just blew a big hole in its credibility
AHEDA's research on average content prices did not expose methodology, so appears less than rigourous
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
The next step in data security
With recent increased privacy concerns and computers becoming more powerful, the chance of hackers being able to crack smaller-sized RSA keys increases.