Question 1
The Netyksho indictment (July 2018) named 12 officers from two GRU units. What single operational security failure most directly anchored attribution of the Guccifer 2.0 persona to Unit 74455? A GRU officers used their real names when registering the DCLeaks.com domain B Guccifer 2.0 logged into his WordPress account once without an active VPN, revealing a Moscow IP address C X-Agent malware compilation timestamps matched timestamps from GRU-issued hardware D The same Bitcoin wallet used to pay for GRU server infrastructure was registered under a GRU officer's real email
Question 2
Under what evidentiary standard does the U.S. government file a criminal indictment against a nation-state actor? A Beyond a reasonable doubt — the same standard required for conviction at trial B Clear and convincing evidence — the civil fraud standard C Probable cause — enough evidence to support a reasonable belief the named person committed the charged offense D Preponderance of the evidence — more likely than not that the offense occurred
Question 3
The APT10/Cloud Hopper campaign (Zhu Hua and Zhang Shilong, 2018) was distinguished from a direct intrusion campaign by which primary innovation? A APT10 used zero-day exploits that targeted military contractors exclusively B APT10 compromised managed service providers (MSPs) to gain simultaneous privileged access to dozens of client networks C APT10 embedded malware in legitimate software updates distributed through official vendor channels D APT10 bribed insiders at target organizations rather than conducting external network intrusions
Question 4
The Zhu Hua/Zhang Shilong indictment did not include Economic Espionage Act charges. What is the primary reason prosecutors chose not to charge under 18 U.S.C. § 1831 ? A The EEA does not apply to Chinese nationals operating outside the United States B The stolen material — broad government PII, emails, and technical specs — did not fit cleanly into the EEA's trade secret definition, which requires independent economic value from secrecy C The statute of limitations for EEA violations had expired by the time the indictment was filed D EEA charges require Senate confirmation of the indictment before filing
Question 5
Xu Yanjun is legally significant as the first known case of what event in U.S. cyber-espionage prosecution history? A An MSS officer being convicted on CFAA charges in absentia B A Chinese intelligence officer being extradited to the United States, tried, and convicted — sentenced to 20 years C A Chinese national receiving diplomatic immunity that prevented U.S. prosecution D An EEA prosecution resulting in acquittal at trial
Question 6
What specific operational security failure made Xu Yanjun's extradition possible, and why did it defeat any claim to diplomatic immunity? A He posted about his MSS affiliation on a public social media account, alerting Belgian authorities B He traveled to Belgium under his real identity as an MSS officer, but his diplomatic credentials had expired C He traveled to Belgium under a false identity to meet an FBI cooperating witness — diplomatic immunity only protects officials who declare their status and travel officially D He communicated with GE Aviation employees using an unencrypted email account traced to a JSSD server
Question 7
Under 18 U.S.C. § 1831 (economic espionage), what element is required beyond what 18 U.S.C. § 1832 (theft of trade secrets) requires? A Proof that the stolen trade secret was actually used by the foreign government B Proof that the theft was committed "for the benefit of any foreign government, foreign instrumentality, or foreign agent" C Proof that the defendant was physically present on U.S. soil during the theft D Proof that the information was classified under Executive Order 13526
Question 8
In the Mabna Institute indictment (2018), what did the simultaneous OFAC SDN designation accomplish that the criminal indictment alone could not? A It created a criminal record for the Mabna Institute as a legal entity under Iranian law B It froze assets in U.S. jurisdiction, prohibited U.S. persons from transacting with the organization, and imposed secondary sanctions risk — without requiring a trial, conviction, or even probable cause C It authorized the U.S. military to conduct offensive cyber operations against Mabna Institute infrastructure D It required Iranian authorities to cooperate with FBI investigation requests under UN Security Council Resolution 1373
Question 9
The North Korea/Lazarus Group prosecutions (Park Jin Hyok, 2018; expanded 2021) used 18 U.S.C. § 1956 (money laundering) as a key charging statute. What specific enforcement capability does § 1956 enable that CFAA counts alone do not? A It allows the government to charge DPRK hackers under the Foreign Corrupt Practices Act B It authorizes the NSA to disrupt DPRK cryptocurrency infrastructure without a court order C It enables civil forfeiture actions against cryptocurrency wallets holding theft proceeds, operating independently of whether any defendant is ever extradited D It requires cryptocurrency exchanges to report DPRK-linked transactions to the IRS within 48 hours
Question 10
The Netyksho GRU indictment was released two days before the Trump-Putin Helsinki summit. Which of the following most accurately characterizes what in-absentia indictments do NOT accomplish, based on the module's analysis? A They fail to create a public evidentiary record of attribution B They fail to impose any travel risk on named defendants C They fail to enable OFAC sanctions designations D They do not deter state actors already insulated in protected jurisdictions — GRU Unit 74455 (Sandworm) was separately indicted in 2020 for NotPetya despite the 2018 charges