Is counter-attack justified against a state-sponsored cyber attack? It’s a legal grey area



File 20180327 188616 1ccmbhv.jpg?ixlib=rb 1.1
The US has charged and sanctioned nine Iranians and an Iranian company for cyber attacks.
Parmida Rahimi/Flickr, CC BY-SA

Sandeep Gopalan, Deakin University

On March 23, the US Department of Justice commenced perhaps the largest prosecution of a state-sponsored cyber attack. It indicted nine Iranians for carrying out:

a coordinated campaign of cyber intrusions into computer systems belonging to 144 US universities, 176 universities across 21 foreign countries, 47 domestic and foreign private sector companies … [and] the United Nations…

At least 31.5 terabytes of data was allegedly stolen and Australian universities were targeted, although specific institutions are not named.

History suggests that this response is unlikely to deter future attacks, and that counter-attacks are a more effective strategy. But would it be justified? Current international law focuses on armed attack, not cyber attack as a justification for state action taken in self-defence.

As cyber attacks become more common, international law needs to clear up this grey area.

How they did it and what was taken

The indictment alleges that defendants Gholamreza Rafatnejad and Ehsan Mohammadi are founders of Mabna Institute – an organisation established for the purpose of scientific espionage. Mabna is alleged to have contracted with Iranian governmental agencies (including the Islamic Revolutionary guard) to conduct hacking on their behalf.




Read more:
Following the developing Iranian cyberthreat


The defendants allegedly engaged in a conspiracy to compromise computer accounts of thousands of professors to steal research data and intellectual property, costing the US approximately US$3.4 billion. They allegedly conducted surveillance and sent professors targeted “spearphishing” emails to lure them into providing access to their computer systems.

Valuable data was transferred from the compromised IT systems to the hackers, according the the indictment. Over 100,000 professors were apparently targeted and approximately 8,000 email accounts compromised.

Private companies were also targeted – none Australian – via “password spraying”, said the US Department of Justice. This is a technique whereby the attacker identifies the email accounts of a target via public search and gains access to the account using common or default passwords.

Prosecution is an insufficient response

The defendants are charged with committing fraud and related activity in connection with computers, conspiracy, wire fraud, unauthorised access of a computer, and identity theft. Each charge carries a prison sentence ranging from two years to 20 years.

The prosecution is a necessary, but insufficient response to these cyber attacks.

The defendants are based in Iran and are unlikely to be brought to justice. Previously, US prosecutors have charged Iranian hackers with attacks against financial institutions and a dam in New York to no avail.

And hacking has escalated – the US accused Russia of compromising the US electricity grid and attacks against other countries are also alleged.

Counter-attack a better deterrent

Rogue states such as Iran, Russia, and North Korea are only likely to be deterred against conducting cyber attacks if their targets have robust self-defense and counter-attack capabilities. However, the legal status of cyber attacks and the appropriate responses are not clear in international law.

Under the UN Charter, states have an obligation to refrain “from the threat or use of force against the territorial integrity or political independence of any state”. Crucially, states possess an “inherent right of individual or collective self-defence if an armed attack occurs”.




Read more:
Cybersecurity of the power grid: A growing challenge


The key questions then are whether a cyber attack amounts to a “use of force”, whether hacking attributable to a state amounts to an “armed attack”, and if a cyber attack violates “territorial integrity”. Traditionally, international law has answered these questions with reference to acts of physical violence – conventional military strikes.

It’s likely that a large scale cyber attack against a state that has physical consequences within its territory may be characterised as a “use of force”, and may violate “territorial integrity” under the charter. For instance, attacks that turn self-driving cars into weapons, knock out nuclear stations or paralyse the power grid might reach this threshold.

But what if the attack is designed to sow confusion or generate internal discord, such as in the case of Russian hacking of the US election? Or attacks directed beyond a particular country? This is a harder question and not settled currently. Similarly, it’s not certain that even large scale hacking would rise to the level of an “armed attack”.

Precedent in international law

In 1984, Nicaragua brought proceedings against the US in response to American support for the Contras (rebels fighting the government). In that case, the International Court of Justice (ICJ) opined that armed attack might also include:

the sending by a State of armed bands on to the territory of another State, if such an operation, because of its scale and effects, would have been classified as an armed attack had it been carried out by regular armed forces.

Crucially, the ICJ underlined the principle of non-intervention:

Intervention is wrongful … [using] methods of coercion, particularly force, either in the direct form of military action or in the indirect form of support for subversive activities in another State.

Based on the Nicaragua case, if a cyber attack has sufficient “scale and effects” it may amount to an armed attack. More importantly, if the attacks are attributable to a state (in this case the Islamic Revolutionary Guard) – or are within its overall or effective control or direction – it would appear that the armed attack would give rise to the right to self-defence.




Read more:
Cyber peacekeeping is integral in an era of cyberwar – here’s why


However, this may be difficult to establish in practice – there may not be sufficient evidence connecting the hacker to the state to show control, and hence attribution.

So, what are the permissible self-defence responses under international law? Could the US launch military strikes against Iran or Russia for these incidents if they are found to be behind these attacks? The legality of such strikes is not clear even though the US might claim such status.

The ConversationThe international community should set bright line rules on this matter before an expansive reading of self-defence triggers war. The NATO Cooperative Cyber Defence Centre of Excellence’s Tallinn Manual 2.0 is a start, but a binding instrument is needed. John Bolton’s appointment as US President Donald Trump’s National Security Advisor makes this an urgent priority because a military strike in response to the next major cyber attack is a realistic prospect.

Sandeep Gopalan, Pro Vice-Chancellor (Academic Innovation) & Professor of Law, Deakin University

This article was originally published on The Conversation. Read the original article.

Advertisements

UN resolution jeopardizes religious freedom worldwide


Christians in Muslim-dominated countries are facing increased persecution. Over the last month, churches in Indonesia have been attacked and forced to close. A mob of Pakistani Muslim extremists shot and beat dozens of Christians, including one cleared earlier of "blasphemy" charges.

These Christians, and many more worldwide, are not free to believe.

Open Doors USA is launching an advocacy campaign called "Free to Believe." The campaign will focus on helping persecuted Christians who currently do not have religious freedom like Christians do in the United States.

The campaign is a response to the United Nations Defamation of Religions Resolution which threatens the freedom of religion and expression for Christians and members of minority faiths worldwide.

This resolution seeks to criminalize words or actions perceived as attacks against a religion, with the focus being on protecting Islam. Passing this resolution would further result in the United Nations condoning state-sponsored persecution of Christians and members of other faiths.

Many of the countries supporting this resolution are the Islamic-majority countries of the Organization of Islamic Conference (OIC) that persecute Christians and other religious minorities. Members of minority faiths such as Christians or Jews who make truth claims or even evangelize can be accused of "defamation," and those individuals can be punished under national blasphemy laws as frequently happens in countries like Pakistan. Tragically, the UN resolution provides legitimacy to these countries’ blasphemy laws.

While the Defamation of Religions Resolution has been introduced and passed by the UN in the past–in various forms and under various titles since 1999, support for the resolution has been eroding in recent years. The Open Doors advocacy team has been lobbying countries which have voted for the resolution or abstained from voting on the issue in the past. The resolution is up again this fall for re-authorization.

It is important to encourage key countries to change their vote on this resolution. These countries are not easily influenced by American citizens. But they are more receptive to pressure from our legislators. That’s why we’re asking you to send a message to your legislator, asking him or her to ask key countries to change their vote on the Defamation of Religions Resolution. A sample letter is provided for you to send which includes the necessary information for your elected officials to lobby the target UN country missions.

To send a message, go to www.freetobelieve.info

"It’s dangerous and alarming that a UN resolution provides legitimacy to national blasphemy laws that are used to persecuting Christians and other minority faith groups," says Open Doors USA Advocacy Director Lindsay Vessey. "The United Nations Defamation of Religions Resolution in effect amounts to the UN condoning state-sponsored persecution. We as Christians need to speak out against it and do all in our power to stop its passage. Everyone should be free to believe."

Report from the Christian Telegraph