The FBI and the Justice Department's computer crimes unit are searching for the hackers who launched Operation Payback, the Internet attack against companies that stopped doing business with WikiLeaks and its founder, Julian Assange.
But former prosecutors and cyber experts say that actually bringing U.S. criminal indictments in the massive denial-of-service attacks could be a bridge too far.
"If you have a very successful or high-profile attack, or an attack that causes a tremendous amount of damage because of its timing, you'll at least get an investigation," said Mark Rasch, who founded the Justice Department computer crimes unit years ago. "Let's face it: Most computer crimes are not prosecuted, because we rarely catch the people responsible."
There's already a potent law on the books that the Justice Department can use, called the Computer Fraud and Abuse Act. That law makes it a felony to transmit programs that intentionally cause damage to a computer in the U.S.
For now, the biggest challenge for investigators is trawling the shadowy hacking world for clues as to the operation's organizers, and tracing anonymous hackers who did a bad job of disguising their identities. In most cases, former prosecutors said, the hackers may not even know each other.
What we may be looking at is 15- and 16-year-old kids who do this ... not as a prank but as a protest. And do we really want to spend the time, the money, the energy and the resources to bring a bunch of these kids over from Belgium or Holland?
"What we may be looking at is 15- and 16-year-old kids who do this ... not as a prank but as a protest," Rasch said. "And do we really want to spend the time, the money, the energy and the resources to bring a bunch of these kids over from Belgium or Holland or the Netherlands?"
Dutch authorities last week took into custody a 16-year-old boy, apparently in connection with the Operation Payback attacks on such companies as MasterCard and PayPal. But few other arrests have been announced, a development that concerns U.S. cybersecurity consultant Charles Dodd.
"Well, what kind of message does it send out there, when no one's doing any kind of retaliation and you get one, you know, Dutch kid, and you get one or two people out there, but there are hundreds of thousands of systems being compromised right now to propagate this attack?" Dodd said.
Dodd, who works with U.S. intelligence and military agencies, said he is worried that Operation Payback will give hackers and more dangerous people bad ideas for the future.
"I'm afraid it's going to probably set a precedent," Dodd said. "It's going to be one of those events that happened that do show the rest of the community out there and the rest of the world the power of cyberattacks."
But other activists who condemn WikiLeaks, including a former military man who uses an online pseudonym, have launched their own cyberattacks on WikiLeaks.
And, Rasch asked, should the Justice Department and the FBI be investigating them?
That issue and others could come up this week, when the House Judiciary Committee holds the first hearing on WikiLeaks and the law.
Stewart Baker, a former policymaker at the Department of Homeland Security, said that congressional attention could help.
"I do think that there are a variety of holes in our legal system that this has exposed," said Baker, whose new book, Skating on Stilts, deals with terrorism and cyberthreats. "You know, we treat bootleg copies of Hollywood movies with far more protection than we give to classified secrets of the United States government."
Baker said that's because movie studios can slap websites with heavy fines if they play too much of a new film, but the release of secret State Department cables isn't treated the same way under the law.
Legal experts said the First Amendment makes it hard for the government to go after media outlets that published the secret documents. And WikiLeaks and the hackers who support it argue that the controversial website is a media outlet, too.
Rasch, the former Justice Department prosecutor who now directs cybersecurity at the Virginia company CSC, said the U.S. government and industry have to take matters into their own hands.
"Cybercrime occurs transnationally," Rasch said. "It occurs everywhere at the same time. But we are divided into political borders. And so hackers can act at the speed of light, and prosecutors and lawyers act at the speed of law."
The U.S. military has already made it harder to access certain computer databases thought to be the source of the latest WikiLeaks documents.
But that, experts said, is only the first step.
Copyright 2023 NPR. To see more, visit https://www.npr.org.
