Is counter-attack justified against a state-sponsored cyber attack? It’s a legal grey area

The US has charged and sanctioned nine Iranians and an Iranian company for cyber attacks.
Parmida Rahimi/Flickr, CC BY-SA

Sandeep Gopalan, Deakin University

On March 23, the US Department of Justice commenced perhaps the largest prosecution of a state-sponsored cyber attack. It indicted nine Iranians for carrying out:

a coordinated campaign of cyber intrusions into computer systems belonging to 144 US universities, 176 universities across 21 foreign countries, 47 domestic and foreign private sector companies … [and] the United Nations…

At least 31.5 terabytes of data was allegedly stolen and Australian universities were targeted, although specific institutions are not named.

History suggests that this response is unlikely to deter future attacks, and that counter-attacks are a more effective strategy. But would it be justified? Current international law focuses on armed attack, not cyber attack as a justification for state action taken in self-defence.

As cyber attacks become more common, international law needs to clear up this grey area.

How they did it and what was taken

The indictment alleges that defendants Gholamreza Rafatnejad and Ehsan Mohammadi are founders of Mabna Institute – an organisation established for the purpose of scientific espionage. Mabna is alleged to have contracted with Iranian governmental agencies (including the Islamic Revolutionary guard) to conduct hacking on their behalf.

---

Read more:
Following the developing Iranian cyberthreat

---

The defendants allegedly engaged in a conspiracy to compromise computer accounts of thousands of professors to steal research data and intellectual property, costing the US approximately US$3.4 billion. They allegedly conducted surveillance and sent professors targeted “spearphishing” emails to lure them into providing access to their computer systems.

Valuable data was transferred from the compromised IT systems to the hackers, according the the indictment. Over 100,000 professors were apparently targeted and approximately 8,000 email accounts compromised.

Private companies were also targeted – none Australian – via “password spraying”, said the US Department of Justice. This is a technique whereby the attacker identifies the email accounts of a target via public search and gains access to the account using common or default passwords.

Prosecution is an insufficient response

The defendants are charged with committing fraud and related activity in connection with computers, conspiracy, wire fraud, unauthorised access of a computer, and identity theft. Each charge carries a prison sentence ranging from two years to 20 years.

The prosecution is a necessary, but insufficient response to these cyber attacks.

The defendants are based in Iran and are unlikely to be brought to justice. Previously, US prosecutors have charged Iranian hackers with attacks against financial institutions and a dam in New York to no avail.

And hacking has escalated – the US accused Russia of compromising the US electricity grid and attacks against other countries are also alleged.

Counter-attack a better deterrent

Rogue states such as Iran, Russia, and North Korea are only likely to be deterred against conducting cyber attacks if their targets have robust self-defense and counter-attack capabilities. However, the legal status of cyber attacks and the appropriate responses are not clear in international law.

Under the UN Charter, states have an obligation to refrain “from the threat or use of force against the territorial integrity or political independence of any state”. Crucially, states possess an “inherent right of individual or collective self-defence if an armed attack occurs”.

---

Read more:
Cybersecurity of the power grid: A growing challenge

---

The key questions then are whether a cyber attack amounts to a “use of force”, whether hacking attributable to a state amounts to an “armed attack”, and if a cyber attack violates “territorial integrity”. Traditionally, international law has answered these questions with reference to acts of physical violence – conventional military strikes.

It’s likely that a large scale cyber attack against a state that has physical consequences within its territory may be characterised as a “use of force”, and may violate “territorial integrity” under the charter. For instance, attacks that turn self-driving cars into weapons, knock out nuclear stations or paralyse the power grid might reach this threshold.

But what if the attack is designed to sow confusion or generate internal discord, such as in the case of Russian hacking of the US election? Or attacks directed beyond a particular country? This is a harder question and not settled currently. Similarly, it’s not certain that even large scale hacking would rise to the level of an “armed attack”.

Precedent in international law

In 1984, Nicaragua brought proceedings against the US in response to American support for the Contras (rebels fighting the government). In that case, the International Court of Justice (ICJ) opined that armed attack might also include:

the sending by a State of armed bands on to the territory of another State, if such an operation, because of its scale and effects, would have been classified as an armed attack had it been carried out by regular armed forces.

Crucially, the ICJ underlined the principle of non-intervention:

Intervention is wrongful … [using] methods of coercion, particularly force, either in the direct form of military action or in the indirect form of support for subversive activities in another State.

Based on the Nicaragua case, if a cyber attack has sufficient “scale and effects” it may amount to an armed attack. More importantly, if the attacks are attributable to a state (in this case the Islamic Revolutionary Guard) – or are within its overall or effective control or direction – it would appear that the armed attack would give rise to the right to self-defence.

---

Read more:
Cyber peacekeeping is integral in an era of cyberwar – here’s why

---

However, this may be difficult to establish in practice – there may not be sufficient evidence connecting the hacker to the state to show control, and hence attribution.

So, what are the permissible self-defence responses under international law? Could the US launch military strikes against Iran or Russia for these incidents if they are found to be behind these attacks? The legality of such strikes is not clear even though the US might claim such status.

The international community should set bright line rules on this matter before an expansive reading of self-defence triggers war. The NATO Cooperative Cyber Defence Centre of Excellence’s Tallinn Manual 2.0 is a start, but a binding instrument is needed. John Bolton’s appointment as US President Donald Trump’s National Security Advisor makes this an urgent priority because a military strike in response to the next major cyber attack is a realistic prospect.

Sandeep Gopalan, Pro Vice-Chancellor (Academic Innovation) & Professor of Law, Deakin University

This article was originally published on The Conversation. Read the original article.

UN resolution jeopardizes religious freedom worldwide

Christians in Muslim-dominated countries are facing increased persecution. Over the last month, churches in Indonesia have been attacked and forced to close. A mob of Pakistani Muslim extremists shot and beat dozens of Christians, including one cleared earlier of "blasphemy" charges.

These Christians, and many more worldwide, are not free to believe.

Open Doors USA is launching an advocacy campaign called "Free to Believe." The campaign will focus on helping persecuted Christians who currently do not have religious freedom like Christians do in the United States.

The campaign is a response to the United Nations Defamation of Religions Resolution which threatens the freedom of religion and expression for Christians and members of minority faiths worldwide.

This resolution seeks to criminalize words or actions perceived as attacks against a religion, with the focus being on protecting Islam. Passing this resolution would further result in the United Nations condoning state-sponsored persecution of Christians and members of other faiths.

Many of the countries supporting this resolution are the Islamic-majority countries of the Organization of Islamic Conference (OIC) that persecute Christians and other religious minorities. Members of minority faiths such as Christians or Jews who make truth claims or even evangelize can be accused of "defamation," and those individuals can be punished under national blasphemy laws as frequently happens in countries like Pakistan. Tragically, the UN resolution provides legitimacy to these countries’ blasphemy laws.

While the Defamation of Religions Resolution has been introduced and passed by the UN in the past–in various forms and under various titles since 1999, support for the resolution has been eroding in recent years. The Open Doors advocacy team has been lobbying countries which have voted for the resolution or abstained from voting on the issue in the past. The resolution is up again this fall for re-authorization.

It is important to encourage key countries to change their vote on this resolution. These countries are not easily influenced by American citizens. But they are more receptive to pressure from our legislators. That’s why we’re asking you to send a message to your legislator, asking him or her to ask key countries to change their vote on the Defamation of Religions Resolution. A sample letter is provided for you to send which includes the necessary information for your elected officials to lobby the target UN country missions.

To send a message, go to www.freetobelieve.info

"It’s dangerous and alarming that a UN resolution provides legitimacy to national blasphemy laws that are used to persecuting Christians and other minority faith groups," says Open Doors USA Advocacy Director Lindsay Vessey. "The United Nations Defamation of Religions Resolution in effect amounts to the UN condoning state-sponsored persecution. We as Christians need to speak out against it and do all in our power to stop its passage. Everyone should be free to believe."

Report from the Christian Telegraph

Chinese Christian Rights Activist Gao Zhisheng Released

Church likely to face another harsh year, report says.

DUBLIN, April 9 (CDN) — Christian human rights activist Gao Zhisheng, kidnapped by state security agents on Feb. 4, 2009, has been released, though he appears unable to move or speak freely.

On Tuesday (April 6) Gao told Bob Fu, president of the U.S.-based China Aid Association (CAA), by telephone that he had just returned to his Beijing apartment from his guarded location in Shanxi Province.

“Gao Zhisheng and his family have suffered deeply from the long separation,” Fu stated on CAA’s website. “Despite the persecution, he continues to trust the Lord.”

On Jan. 9, 2009, less than a month before Gao was abducted in his home village in Shaanxi Province, his family members began their escape from China. His wife, Geng He, along with then 16-year-old daughter Geng Ge and then 5-year-old son Gao Tianyu, arrived on foot to Thailand and eventually reached New York City on March 14, 2009.

With Fu and with reporters from The Associated Press (AP) this week, Gao declined to discuss his physical condition or how he was treated during his captivity. He told the AP that by leaving his role as a critic of human rights violations in China, he hopes to be re-united with his family.

“Gao is still not able to speak or move freely,” Fu said on the CAA website. “We urge the Chinese government now to allow Gao Zhisheng to be reunited with his family. It is his right, according the Chinese law, to be able to see them, since he has broken no laws during his time of probation.”

Gao’s disappearance had drawn protests from international human rights groups, U.S. and British officials and the United Nations. He had defended house church Christians and coal miners as well as members of the banned Falun Gong, which fuses Buddhist-inspired teachings with forms of meditation. In 1999 Beijing banned it as an “evil cult.”

Early in 2009, Gao authorized CAA to release his account of 50 days of torture by state-sponsored thugs in September and October of 2007. Gao had written the account in November 2007 while under house arrest in Beijing after prolonged beatings and electric shocks on his mouth and genitals.

Gao’s suffering in the fall of 2007 followed an open letter he wrote to the U.S. Congress describing China’s torture of Falun Gong members and other human rights abuses.

Another Harsh Year Expected

Chinese Christians can expect more attacks on large urban churches, more harsh punishments for house church leaders and tighter control of registered churches this year, according to CAA.

In a report summarizing persecution it monitored in 2009, CAA identified five key trends in China’s management of Protestant Christianity.

Authorities last year specifically targeted house church leaders, sometimes handing out harsh sentences and fines; carried out violent raids on large urban churches; attempted to disrupt regular worship meetings and tightened control of churches registered with the government-approved Three-Self Protestant Movement (TSPM).

In response, some urban churches engaged in a “power encounter” with local governments, refusing to quietly allow officials to close or destroy their meeting places, CAA noted. For example, almost 1,000 members of Beijing Shouwang church on Nov. 1 worshiped in Haidian Park during a snowstorm after officials pressured Huajie Plaza managers not to renew the church rental contract.

These trends were confirmed by a Chinese House Church Alliance (CHCA) report, released in December, which described harassment and arrest of church leaders, violent raids on house churches and the oppression of TSPM churches.

While CAA reported only 77 incidents in 2009, these occurred throughout China, giving a broad indication of the status of Protestant Christians, particularly those in unregistered churches. A total of 2,935 people were affected in these incidents, a 44.8 percent increase from 2008. Of these, 389 were arrested, a decrease in arrests of 49 percent; and 23 were sentenced to prison, a decline of 34 percent.

Of the 389 people arrested, 211 were church leaders. Several received harsh prison sentences and fines, including Beijing bookstore owner and church leader Shi Weihan, who on June 12 was sentenced to three years in prison and fined 150,000 RMB (US$21,945). Xinjiang officials on Aug. 6 sentenced Uyghur church leader Alimjan Yimit (Alimujiang Yimiti in Chinese) to 15 years in prison, while a day later, officials in Inner Mongolia sentenced church leaders Li Ming-shun and Zhang Yong-hu to 10 and seven years respectively, with fines of 30,000 (US$4,390) and 20,000 (US$2,925) RMB.

A court in Shanxi Province in November awarded five Linfen church pastors sentences ranging from three to seven years, with fines ranging from 10,000 to 50,000 RMB (US$1,462 to US$7,315). A further five pastors were sentenced to two years in labor camp.

At least 400 paramilitary police violently raided the Fushan county branch of Linfen church on Sept. 13, injuring a few dozen church members, confiscating Bibles and money and damaging church property. A similar raid was carried out on another large church in Shanxi Province in November.

Authorities also sealed or destroyed both house church and TSPM church buildings. In one prominent case last June, officials in Chengdu city, Sichuan Province declared Quiyu church to be an illegal organization, forcing the church to close and confiscating church property.

Officials in Rizhao city, Shandong province, raided a training event at a TSPM church and de-registered two church meeting places, CAA reported, while CHCA reported that officials tore down the meeting place of Changchun church in Ninan city, Shandong Province, giving only token compensation.

Churches in ‘Grey’ Zone

Chinese scholar and former policy writer Liu Peng believes the government is attempting to remove the “grey” zone in Protestant Christianity, where some churches operate openly without legal status.

China now permits churches to bypass joining the TSPM when registering, but many house church groups reject this solution. Leaders would prefer churches to be in one camp or the other, Liu said in a December interview with the China Daily.

In predicting harsher treatment this year, CAA quoted Wang Zuoan, head of the State Administration for Religious Affairs, who in January told Oriental Outlook that the “reluctance, intimidation and inability” of local governments to deal with religious issues must be addressed.

If these words represent China’s religious policy direction in 2010, churches are likely to be targets of greater persecution, CAA concluded.

Report from Compass Direct News