FBI aiding Ukraine in collection of digital and physical war crime evidence

U.S. law enforcement is helping officials in Kyiv process the huge amounts of data from investigations of alleged war crimes.
People react during a ceremony for slain Ukrainian volunteers in Independence Square in Kyiv on March 7, 2023, amid the Russian invasion of Ukraine. (DIMITAR DILKOFF/AFP via Getty Images)

SAN FRANCISCO — The Federal Bureau of Investigation is helping investigators in Ukraine gather and process evidence related to alleged Russian war crimes, including data associated with Russian-directed cyberattacks on civilian targets, a senior FBI official said Tuesday.

In the run-up to Russia’s invasion of Ukraine last year and throughout the subsequent conflict, Kremlin-backed forces have carried out an onslaught of cyberattacks targeting Ukrainian systems, alongside a long list of brutal atrocities. Investigating these incidents requires the collection and organization of large stores of data — ranging from DNA samples, to fingerprints to the digital artifacts of cyberattacks — and the FBI sees addressing this data challenge as where it can be most helpful to its Ukrainian counterparts, FBI Special Agent Alex Kobzanets, the bureau’s assistant legal attaché in the U.S. embassy in Kyiv, said Tuesday.

The Ukrainian military, its national police force and other investigators are “collecting a lot of digital information” related not only to cyberattacks, but also information such as cell phone location data tied to the alleged perpetrators of war crimes, Kobzanets said during a panel discussion at the RSA security conference. Addressing the “big data issues” posed by such investigations is where the FBI can be most useful, Kobzanets said.

The FBI is working to help Ukrainian investigators obtain the data they need from U.S. providers and is drawing on lessons from one of its most high-profile recent investigations. “Collection of that data and the analysis of that data and working through that data is something that the FBI has experience working through our January 6 investigations,” he said, referring to the sprawling investigation of the assault on the U.S. Capitol.


But whether Ukrainian investigators will succeed in bringing war crimes charges against Russian hackers or officials who ordered attacks on civilian infrastructure remains unclear. The prosecution of cyberattacks on civilian infrastructure as a war crime remains an untested legal theory — but one that Ukrainian officials are eager to test against Russian actors.

“I do believe that military commanders that are in charge of special forces, special services, like the GRU and the SVR, are responsible for cyberattacks on civil infrastructure should also be convicted as war criminals,” Illia Vitiuk, the head of Ukraine’s Department of Cyber and Information Security within the Security Service of Ukraine, said during Tuesday’s panel discussion.

Vitiuk argued that these cases should go before the International Criminal Court to test what he acknowledged is a novel legal argument. “This is very important for our future,” he said.

Vitiuk said his agency is continuing to gather information and evidence for additional ongoing cases, but added that it can be difficult to gather the information about such operations. Vitiuk said Ukrainian authorities have already convicted Russian military commanders for conducting cyberattacks on civilian infrastructure.

The evidence for prosecuting Russian attacks on Ukraine’s civilian infrastructure predates the 2022 invasion. In 2015 and 2016, Russian military intelligence successfully targeted Ukrainian electrical utilities with malware, and after Russian forces crossed into Ukraine last year, Russian forces tried once more to cut power using a cyberattack, though that attack, which occurred in April, was mostly thwarted.


Following the invasion, Russian forces have carried out waves of destructive cyberattacks targeting public and private entities in Ukraine and information operations designed to psychologically terrorize Ukrainian civilians.

Vitiuk said support from the U.S. government, the FBI, as well as a range of private sector technology firms, has helped Ukraine persevere against a much larger enemy. He described the conflict as the world’s first “full scale cyberwar” and said that “Ukraine is a country that has debunked the myth about the almighty Russian hackers.”

Ukrainians have been battling Russians in the current conflict since 2014, he added, and Ukraine’s many partners are a key reason why they’ve been so successful.

“When you fight such a big and powerful enemy as Russia is, you cannot win on your own,” he said.

AJ Vicens

Written by AJ Vicens

AJ covers nation-state threats and cybercrime. He was previously a reporter at Mother Jones. Get in touch via Signal/WhatsApp: (810-206-9411).

Latest Podcasts