Skip to main content Accessibility help

Attribution by Indictment

  • Chimène I. Keitner (a1)


The challenges of attributing malicious cyber activity—that is, identifying its authors and provenance with a sufficient degree of certainty—are well documented. This essay focuses on a phenomenon that I call “attribution by indictment.” Since 2014, the United States has issued more than a dozen indictments that implicate four foreign states in malicious cyber activity: China, Iran, Russia, and North Korea. Ten of these indictments were issued in 2018, suggesting that this practice is likely to continue and even intensify in the near term. Attribution by indictment uses domestic criminal law, enforced transnationally, to define and enforce certain norms of state behavior in cyberspace. This essay analyzes the U.S. practice of attribution by indictment as a response to malicious cyber activity.

  • View HTML
    • Send article to Kindle

      To send this article to your Kindle, first ensure is added to your Approved Personal Document E-mail List under your Personal Document Settings on the Manage Your Content and Devices page of your Amazon account. Then enter the ‘name’ part of your Kindle email address below. Find out more about sending to your Kindle. Find out more about sending to your Kindle.

      Note you can select to send to either the or variations. ‘’ emails are free but can only be sent to your device when it is connected to wi-fi. ‘’ emails can be delivered even when you are not connected to wi-fi, but note that service fees apply.

      Find out more about the Kindle Personal Document Service.

      Attribution by Indictment
      Available formats

      Send article to Dropbox

      To send this article to your Dropbox account, please select one or more formats and confirm that you agree to abide by our usage policies. If this is the first time you use this feature, you will be asked to authorise Cambridge Core to connect with your <service> account. Find out more about sending content to Dropbox.

      Attribution by Indictment
      Available formats

      Send article to Google Drive

      To send this article to your Google Drive account, please select one or more formats and confirm that you agree to abide by our usage policies. If this is the first time you use this feature, you will be asked to authorise Cambridge Core to connect with your <service> account. Find out more about sending content to Google Drive.

      Attribution by Indictment
      Available formats


This is an Open Access article, distributed under the terms of the Creative Commons Attribution licence (, which permits unrestricted re-use, distribution, and reproduction in any medium, provided the original work is properly cited.


Hide All

1 On the U.S. strategy, see Adam Hickey's remarks at CyberNextDC (Oct. 4, 2018); John P. Carlin, Detect, Disrupt, Deter: A Whole-of-Government Approach to National Security Cyber Threats, 7 Harv. Nat'l Security J. 391 (2016).

3 Id.

4 Id.

5 United States v. Wang Dong, No. 14–118 (W.D. Pa. May 1, 2014).

6 Michael S. Schmidt & David E. Sanger, 5 in China Army Face U.S. Charges of Cyberattacks, N.Y. Times (May 19, 2014).

8 Ministry of Foreign Affairs of the People's Republic of China, China Reacts Strongly to US Announcement of Indictment Against Chinese Personnel (May 20, 2014).

9 Id.

10 Shannon Tiezzi, China's Response to the US Cyber Espionage Charges, The Diplomat (May 21, 2014).

13 See Jack L. Goldsmith & Robert D. Williams, The Failure of the United States’ Chinese-Hacking Indictment Strategy, Lawfare (Dec. 28, 2018).

14 Ellen Nakashima & William Wan, U.S. Announces First Charges Against Foreign Country in Connection With Cyberspying, Wash. Post (May 19, 2014).

15 See, e.g., Andy Greenberg, Obama Curbed Chinese Hacking, but Russia Won't Be So Easy, Wired (Dec. 16, 2016).

17 United States v. Su Bin, No. 14–1318M (C.D. Cal. June 27, 2014).

20 Jack Goldsmith & Robert Williams, The Chinese Hacking Indictments and the Frail “Norm” Against Commercial Espionage, Lawfare (Nov. 30, 2017).

21 The outlier is the 2017 indictment charging Russian Federal Security Service (FSB) officers with economic espionage and other criminal offenses in connection with the massive hack of Yahoo's network and webmail accounts. U.S. Dep't of Justice, U.S. Charges Russian FSB Officers and Their Criminal Conspirators for Hacking Yahoo and Millions of Email Accounts (Mar. 15, 2017).

24 Thomas Rid & Ben Buchanan, Attributing Cyber Attacks, 38 J. Strat. Stud. 4, 7 (2015).

25 David E. Sanger & Nicole Perlroth, What Options Does the U.S. Have After Accusing Russia of Hacks?, N.Y. Times (Oct. 8, 2016).

26 Rid & Buchanan, supra note 25, at 9.

27 2016 Public-Private Analytic Exchange Program Team, Cyber Attribution Using Unclassified Data (Sept. 9, 2016) at 2.

28 Central Intelligence Agency, Words of Estimative Probability (1964).

29 U.S. Dep't of Justice, Justice Manual 9–27.220.

30 Jason Healey, Beyond Attribution: Seeking National Responsibility for Cyber Attacks 7 (Atlantic Council Issue Brief, Jan. 2012).

31 Rid & Buchanan, supra note 25, at 27.

32 Id. at 28.

33 Id. at 31.

34 FBI National Press Office, Update on Sony Investigation (Dec. 19, 2014); The White House, Remarks by the President in Year-End Press Conference (Dec. 19, 2014).

35 Christopher Painter, US Moves to Expose North Korea's Malicious Cyber Activity, The Strategist (Sept. 10, 2018).

37 U.S. Computer Emergency Readiness Team, Chinese Malicious Cyber Activity; U.S. Computer Emergency Readiness Team, GRIZZLY STEPPE–Russian Malicious Cyber Activity.

39 Nina Kollars & Jacquelyn Schneider, Defending Forward: The 2018 Cyber Strategy Is Here, War on the Rocks (Sept. 20, 2018).

40 See, e.g., Lyu Jinghua, What Really Matters in ‘Defending Forward’?, Lawfare (Nov. 26, 2018).

41 The White House, National Cyber Strategy 8 (2018).

42 U.S. Dep't of Justice, supra note 36.

43 UK National Cyber Security Centre, Advisory: APT10 Continuing to Target UK Organisations (Dec. 20, 2018); New Zealand National Cyber Security Centre, Cyber Campaign Attributed to China (Dec. 21, 2018); Canadian Centre for Cyber Security, Malicious Cyber Activity Targeting Information Technology Managed Service Providers (Dec. 20, 2018); Australian Minister for Foreign Affairs & Australian Minister for Home Affairs, Joint Media Release, Attribution of Chinese Cyber-Enabled Commercial Intellectual Property Theft (Dec. 21, 2018).

44 See, e.g., Elaine Korzak, UN GGE on Cybersecurity: The End of an Era?, The Diplomat (July 31, 2017).

Recommend this journal

Email your librarian or administrator to recommend adding this journal to your organisation's collection.

AJIL Unbound
  • ISSN: -
  • EISSN: 2398-7723
  • URL: /core/journals/american-journal-of-international-law
Please enter your name
Please enter a valid email address
Who would you like to send this to? *


Altmetric attention score

Full text views

Total number of HTML views: 0
Total number of PDF views: 0 *
Loading metrics...

Abstract views

Total abstract views: 0 *
Loading metrics...

* Views captured on Cambridge Core between <date>. This data will be updated every 24 hours.

Usage data cannot currently be displayed