Feeds

Russian hacking case can be heard in England, says judge

Servers based in London

The essential guide to IT transformation

A case claiming that two Russian companies hacked into a London computer system can be heard in English courts, a judge has ruled. The Russian companies involved had argued that English courts had no jurisdiction.

A bitter legal dispute ranging across a number of cases and jurisdictions is raging between three companies, one a state-owned company in Tajikstan, another the Russian firm which is the third biggest aluminium producer in the world and the last a Guernsey-based company.

The Guernsey company, Ansol, and its UK advisors, Ashton, claim that the Russian aluminium firm, Rusal, and the Tajikstan company, TadAZ, stole its business in assisting Tajikstan in producing aluminium.

The three companies are locked in a series of bitter legal battles over the situation and thousands of files and computers have been frozen and seized in the process.

Ashton's computer system in London was broken into from an internet address belonging to Rusal, as well as from a number of other addresses, including many in Russia. Ashton and Ansol claim that Rusal is behind the digital break-ins, and that it was trying to obtain information that would be of use in the court battles.

Rusal denies accessing Ashton's system and says that the IP address could have been used by someone outside of the company via the firm's Wi-Fi network, which at that time was not secure.

Rusal's legal team argued that there was no serious case to be tried because the claim that a Rusal employee had hacked into the system could not be sustained. In order for the court to try the case, there must be a 'serious case'.

Jonathan Hirst QC, sitting as a deputy judge of the High Court, said in his ruling that he disagreed. "The Claimants are making extremely serious allegations against the Defendants, involving conduct which would be criminal under sections 1 and 2 of the Computer Misuse Act 1990, and which would constitute an outrageous attempt to gain access to privileged information held by the other party to litigation, and will have to produce commensurate proof," he wrote. "I am satisfied that the Claimants have shown that there is a serious issue to be tried. They have done more than just scrape over the hurdle."

Hirst said that some of the evidence before the court, "on one interpretation, show an unhealthy interest on the part of Rusal in the documents held by the Claimants and on Ashton's server, and which could be seen as consistent with Rusal having obtained access".

The case was brought against two Rusal companies but also against its chairman and chief executive, Oleg Vladimirovich Deripaska and Alexander Stanislavovich Bulygin, respectively. Hirst ruled that only the companies, and not those individuals, could be parties to the case. "In my judgment, the case that the individual defendants were behind the hacking into Ashton's server goes beyond what might be a legitimate inference and enters the realms of conjecture. Rusal is a very large group with thousands of employees," he wrote.

A crucial question for the court was whether the acts took place in England or Russia, and therefore whose law and jurisdiction applies. Hirst said that the actions did take place in England.

"Ashton's computer server was in London. That is where the confidential and privileged information was stored," he wrote. "The attack emanated from Russia but it was directed at the server in London and that is where the hacking occurred. The fact that it was transmitted almost instantly to Russia does not mean that the damage occurred only in Russia. If a thief steals a confidential letter in London but does not read it until he is abroad, damage surely occurs in London."

"I also consider that substantial and efficacious acts occurred in London, as well as Russia. That is where the hacking occurred and access to the server was achieved. This may have been as a result of actions taken in Russia but they were designed to make things happen in London, and they did so," wrote Hirst. "Effectively the safe was opened from afar so that its contents could be removed. It would be artificial to say that the acts occurred only in Russia. On the contrary, substantial and effective acts occurred in London."

Though Rusal argued that Russia was the natural forum for the case, Hirst said that England was the right place for the trial to be heard, because the principal witnesses were there and because there were some technical difficulties in Russian law which would make a conviction difficult to obtain.

He said that an English court was also the right venue for the case because of the additional expense involved in a Russian action and the fact that "the most significant element of the events occurred in London – I regard the unauthorised access to the server as being by far and away the most significant element of the events which occurred".

The judgment

Copyright © 2006, OUT-LAW.com

OUT-LAW.COM is part of international law firm Pinsent Masons.

Gartner critical capabilities for enterprise endpoint backup

More from The Register

next story
6 Obvious Reasons Why Facebook Will Ban This Article (Thank God)
Clampdown on clickbait ... and El Reg is OK with this
No, thank you. I will not code for the Caliphate
Some assignments, even the Bongster decline must
Barnes & Noble: Swallow a Samsung Nook tablet, please ... pretty please
Novelslab finally on sale with ($199 - $20) price tag
Banking apps: Handy, can grab all your money... and RIDDLED with coding flaws
Yep, that one place you'd hoped you wouldn't find 'em
Video of US journalist 'beheading' pulled from social media
Yanked footage featured British-accented attacker and US journo James Foley
Primetime precrime? Minority Report TV series 'being developed'
I have to know. I have to find out what happened to my life
Netflix swallows yet another bitter pill, inks peering deal with TWC
Net neutrality crusader once again pays up for priority access
Judge nixes HP deal for director amnesty after $8.8bn Autonomy snafu
Lawyers will have to earn their keep the hard way, says court
Ex-IBM CEO John Akers dies at 79
An era disrupted by the advent of the PC
prev story

Whitepapers

Top 10 endpoint backup mistakes
Avoid the ten endpoint backup mistakes to ensure that your critical corporate data is protected and end user productivity is improved.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Backing up distributed data
Eliminating the redundant use of bandwidth and storage capacity and application consolidation in the modern data center.
The essential guide to IT transformation
ServiceNow discusses three IT transformations that can help CIOs automate IT services to transform IT and the enterprise
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.