After a trial over whether the defendants could obtain Russian passports, sit for depositions in Europe and turn over case files, lawyers for Google and Litvak traded accusations of lying. In 2022 US District Judge Dennis Coate sided with Google. She found in a 48-page decision that the defendants “intentionally withheld information” and “misrepresented their willingness and ability” to disclose it in order to “avoid liability and further profit” from Glupteba. “The record here is sufficient to establish a deliberate attempt to defraud the Court,” Cote wrote.
Cott sanctioned Litvak, and he agreed to pay Google a total of $250,000 through 2027 to settle. The lawyer also ordered Starovikov and Filipov to pay a total of nearly $526,000 to cover Google’s legal fees. Castaneda says Google received payment from all three.
Google’s Castaneda says the case had the desired effect: Russian hackers stopped abusing Google’s services and shut down its marketplace for stolen logins, while the number of computers infected with Glupteba dropped by 78 percent.
Not every case produces measurable results. The defendants in the other three Google hacking cases have not responded to the charges. That led Google last year to win a default judgment against three people in Pakistan accused of infecting more than 672,000 computers by disguising malware as downloads of Google’s Chrome browser. Controversial victories are expected in the other cases as well, including one in which overseas app developers stole money through fake investment apps and were sued for violating YouTube’s Community Guidelines.
Royal Hansen, Google’s vice president of privacy, safety and security, says lawsuits that don’t result in defendants paying or agreeing to stop the alleged abuse can still make life harder for alleged perpetrators. Google is using the rulings as evidence to convince businesses like banks and cloud providers to cut off the defendants. Other hackers may not want to work with them knowing they have been exposed. Defendants could also be more cautious about crossing international borders and become new targets of scrutiny by local authorities. “It’s also a win,” says Hansen.
More to come
These days, Google’s small pre-litigation team meets about twice a week with other units within the company to discuss potential lawsuits. They assess whether a case might set a useful precedent that would give additional teeth to Google’s policies or draw attention to an emerging threat.
Team leader Day says that as Google has refined its process, filing lawsuits has become more accessible. That should lead to more lawsuits each year, including some for the first time potentially filed outside the U.S. or representing specific consumers who have been harmed, he says.
The ever-expanding empires of tech giants leave no shortage of new cases to pursue. Waymo, Google’s sister company, recently took an affirmative litigation approach and is suing two people who allegedly crashed and hacked its driverless taxis. Meanwhile, Microsoft is weighing cases against people using generative AI technology for malicious or fraudulent purposes, said Stephen Masada, assistant general counsel of the company’s digital crime division.
Questions remain as to whether the increasing frequency of litigation has left cybercriminals with little deterrence, and whether a wider range of Internet companies will take legal action.
Erin Bernstein, who runs the California office of Bradley Bernstein Sands, a law firm that helps governments litigate civil cases, says she has recently directed several companies from various industries to pursue their own affirmative action litigation. Although no one has accepted her offer, she is optimistic. “This is going to be a growing field,” says Bernstein.
But Google’s DeLaine Prado hopes the affirmative action lawsuit will eventually slow down. “In a perfect world, this job would disappear over time if it’s successful,” she says. “In fact, I want to make sure that our success makes us almost obsolete, at least as far as this type of work is concerned.”