Feeds

Russian hacking case can be heard in England, says judge

Servers based in London

Security for virtualized datacentres

A case claiming that two Russian companies hacked into a London computer system can be heard in English courts, a judge has ruled. The Russian companies involved had argued that English courts had no jurisdiction.

A bitter legal dispute ranging across a number of cases and jurisdictions is raging between three companies, one a state-owned company in Tajikstan, another the Russian firm which is the third biggest aluminium producer in the world and the last a Guernsey-based company.

The Guernsey company, Ansol, and its UK advisors, Ashton, claim that the Russian aluminium firm, Rusal, and the Tajikstan company, TadAZ, stole its business in assisting Tajikstan in producing aluminium.

The three companies are locked in a series of bitter legal battles over the situation and thousands of files and computers have been frozen and seized in the process.

Ashton's computer system in London was broken into from an internet address belonging to Rusal, as well as from a number of other addresses, including many in Russia. Ashton and Ansol claim that Rusal is behind the digital break-ins, and that it was trying to obtain information that would be of use in the court battles.

Rusal denies accessing Ashton's system and says that the IP address could have been used by someone outside of the company via the firm's Wi-Fi network, which at that time was not secure.

Rusal's legal team argued that there was no serious case to be tried because the claim that a Rusal employee had hacked into the system could not be sustained. In order for the court to try the case, there must be a 'serious case'.

Jonathan Hirst QC, sitting as a deputy judge of the High Court, said in his ruling that he disagreed. "The Claimants are making extremely serious allegations against the Defendants, involving conduct which would be criminal under sections 1 and 2 of the Computer Misuse Act 1990, and which would constitute an outrageous attempt to gain access to privileged information held by the other party to litigation, and will have to produce commensurate proof," he wrote. "I am satisfied that the Claimants have shown that there is a serious issue to be tried. They have done more than just scrape over the hurdle."

Hirst said that some of the evidence before the court, "on one interpretation, show an unhealthy interest on the part of Rusal in the documents held by the Claimants and on Ashton's server, and which could be seen as consistent with Rusal having obtained access".

The case was brought against two Rusal companies but also against its chairman and chief executive, Oleg Vladimirovich Deripaska and Alexander Stanislavovich Bulygin, respectively. Hirst ruled that only the companies, and not those individuals, could be parties to the case. "In my judgment, the case that the individual defendants were behind the hacking into Ashton's server goes beyond what might be a legitimate inference and enters the realms of conjecture. Rusal is a very large group with thousands of employees," he wrote.

A crucial question for the court was whether the acts took place in England or Russia, and therefore whose law and jurisdiction applies. Hirst said that the actions did take place in England.

"Ashton's computer server was in London. That is where the confidential and privileged information was stored," he wrote. "The attack emanated from Russia but it was directed at the server in London and that is where the hacking occurred. The fact that it was transmitted almost instantly to Russia does not mean that the damage occurred only in Russia. If a thief steals a confidential letter in London but does not read it until he is abroad, damage surely occurs in London."

"I also consider that substantial and efficacious acts occurred in London, as well as Russia. That is where the hacking occurred and access to the server was achieved. This may have been as a result of actions taken in Russia but they were designed to make things happen in London, and they did so," wrote Hirst. "Effectively the safe was opened from afar so that its contents could be removed. It would be artificial to say that the acts occurred only in Russia. On the contrary, substantial and effective acts occurred in London."

Though Rusal argued that Russia was the natural forum for the case, Hirst said that England was the right place for the trial to be heard, because the principal witnesses were there and because there were some technical difficulties in Russian law which would make a conviction difficult to obtain.

He said that an English court was also the right venue for the case because of the additional expense involved in a Russian action and the fact that "the most significant element of the events occurred in London – I regard the unauthorised access to the server as being by far and away the most significant element of the events which occurred".

The judgment

Copyright © 2006, OUT-LAW.com

OUT-LAW.COM is part of international law firm Pinsent Masons.

Reducing the cost and complexity of web vulnerability management

More from The Register

next story
Phones 4u slips into administration after EE cuts ties with Brit mobe retailer
More than 5,500 jobs could be axed if rescue mission fails
JINGS! Microsoft Bing called Scots indyref RIGHT!
Redmond sporran metrics get one in the ten ring
Driving with an Apple Watch could land you with a £100 FINE
Bad news for tech-addicted fanbois behind the wheel
Murdoch to Europe: Inflict MORE PAIN on Google, please
'Platform for piracy' must be punished, or it'll kill us in FIVE YEARS
Phones 4u website DIES as wounded mobe retailer struggles to stay above water
Founder blames 'ruthless network partners' for implosion
Found inside ISIS terror chap's laptop: CELINE DION tunes
REPORT: Stash of terrorist material found in Syria Dell box
Sony says year's losses will be FOUR TIMES DEEPER than thought
Losses of more than $2 BILLION loom over troubled Japanese corp
Show us your Five-Eyes SECRETS says Privacy International
Refusal to disclose GCHQ canteen menus and prices triggers Euro Human Rights Court action
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
Protecting users from Firesheep and other Sidejacking attacks with SSL
Discussing the vulnerabilities inherent in Wi-Fi networks, and how using TLS/SSL for your entire site will assure security.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.