Feeds

Russian hacking case can be heard in England, says judge

Servers based in London

The essential guide to IT transformation

A case claiming that two Russian companies hacked into a London computer system can be heard in English courts, a judge has ruled. The Russian companies involved had argued that English courts had no jurisdiction.

A bitter legal dispute ranging across a number of cases and jurisdictions is raging between three companies, one a state-owned company in Tajikstan, another the Russian firm which is the third biggest aluminium producer in the world and the last a Guernsey-based company.

The Guernsey company, Ansol, and its UK advisors, Ashton, claim that the Russian aluminium firm, Rusal, and the Tajikstan company, TadAZ, stole its business in assisting Tajikstan in producing aluminium.

The three companies are locked in a series of bitter legal battles over the situation and thousands of files and computers have been frozen and seized in the process.

Ashton's computer system in London was broken into from an internet address belonging to Rusal, as well as from a number of other addresses, including many in Russia. Ashton and Ansol claim that Rusal is behind the digital break-ins, and that it was trying to obtain information that would be of use in the court battles.

Rusal denies accessing Ashton's system and says that the IP address could have been used by someone outside of the company via the firm's Wi-Fi network, which at that time was not secure.

Rusal's legal team argued that there was no serious case to be tried because the claim that a Rusal employee had hacked into the system could not be sustained. In order for the court to try the case, there must be a 'serious case'.

Jonathan Hirst QC, sitting as a deputy judge of the High Court, said in his ruling that he disagreed. "The Claimants are making extremely serious allegations against the Defendants, involving conduct which would be criminal under sections 1 and 2 of the Computer Misuse Act 1990, and which would constitute an outrageous attempt to gain access to privileged information held by the other party to litigation, and will have to produce commensurate proof," he wrote. "I am satisfied that the Claimants have shown that there is a serious issue to be tried. They have done more than just scrape over the hurdle."

Hirst said that some of the evidence before the court, "on one interpretation, show an unhealthy interest on the part of Rusal in the documents held by the Claimants and on Ashton's server, and which could be seen as consistent with Rusal having obtained access".

The case was brought against two Rusal companies but also against its chairman and chief executive, Oleg Vladimirovich Deripaska and Alexander Stanislavovich Bulygin, respectively. Hirst ruled that only the companies, and not those individuals, could be parties to the case. "In my judgment, the case that the individual defendants were behind the hacking into Ashton's server goes beyond what might be a legitimate inference and enters the realms of conjecture. Rusal is a very large group with thousands of employees," he wrote.

A crucial question for the court was whether the acts took place in England or Russia, and therefore whose law and jurisdiction applies. Hirst said that the actions did take place in England.

"Ashton's computer server was in London. That is where the confidential and privileged information was stored," he wrote. "The attack emanated from Russia but it was directed at the server in London and that is where the hacking occurred. The fact that it was transmitted almost instantly to Russia does not mean that the damage occurred only in Russia. If a thief steals a confidential letter in London but does not read it until he is abroad, damage surely occurs in London."

"I also consider that substantial and efficacious acts occurred in London, as well as Russia. That is where the hacking occurred and access to the server was achieved. This may have been as a result of actions taken in Russia but they were designed to make things happen in London, and they did so," wrote Hirst. "Effectively the safe was opened from afar so that its contents could be removed. It would be artificial to say that the acts occurred only in Russia. On the contrary, substantial and effective acts occurred in London."

Though Rusal argued that Russia was the natural forum for the case, Hirst said that England was the right place for the trial to be heard, because the principal witnesses were there and because there were some technical difficulties in Russian law which would make a conviction difficult to obtain.

He said that an English court was also the right venue for the case because of the additional expense involved in a Russian action and the fact that "the most significant element of the events occurred in London – I regard the unauthorised access to the server as being by far and away the most significant element of the events which occurred".

The judgment

Copyright © 2006, OUT-LAW.com

OUT-LAW.COM is part of international law firm Pinsent Masons.

Secure remote control for conventional and virtual desktops

More from The Register

next story
6 Obvious Reasons Why Facebook Will Ban This Article (Thank God)
Clampdown on clickbait ... and El Reg is OK with this
Banking apps: Handy, can grab all your money... and RIDDLED with coding flaws
Yep, that one place you'd hoped you wouldn't find 'em
No, thank you. I will not code for the Caliphate
Some assignments, even the Bongster decline must
Caught red-handed: UK cops, PCSOs, specials behaving badly… on social media
No Mr Fuzz, don't ask a crime victim to be your pal on Facebook
Barnes & Noble: Swallow a Samsung Nook tablet, please ... pretty please
Novelslab finally on sale with ($199 - $20) price tag
Ballmer leaves Microsoft board to spend more time with his b-balls
From Clippy to Clippers: Hi, I see you're running an NBA team now ...
Video of US journalist 'beheading' pulled from social media
Yanked footage featured British-accented attacker and US journo James Foley
Call of Duty daddy considers launching own movie studio
Activision Blizzard might like quality control of a CoD film
Primetime precrime? Minority Report TV series 'being developed'
I have to know. I have to find out what happened to my life
prev story

Whitepapers

A new approach to endpoint data protection
What is the best way to ensure comprehensive visibility, management, and control of information on both company-owned and employee-owned devices?
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Maximize storage efficiency across the enterprise
The HP StoreOnce backup solution offers highly flexible, centrally managed, and highly efficient data protection for any enterprise.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.