Can cybercriminals be accused of war crimes?
Evidence of blatant war crimes committed by the Russian army during the brutal invasion of the country has accumulated in Ukraine for weeks: mass graves, bombed hospitals, and even makeshift torture chambers. But amid these atrocities - and attempts to bring those responsible to justice - one group argues that another branch of the Russian military should also be involved in any international war crimes allegations: the most dangerous cybercriminals in the service of the government of the country.
In late March, a group of human rights lawyers and investigators from the Human Rights Center at UC Berkeley sent a formal request to the International Criminal Court (ICC) Attorney's Office in the Hague. The request invites the CPI to consider prosecuting Russian cybercriminals for cyber attacks in Ukraine. In the detailed documentation sent to the court, the Human Rights Center team that deals with international criminal investigations specifically points to Sandworm - a well-known group of cybercriminals that is part of the Russian military intelligence agency Gru - and two of the most serious acts of cyber warfare carried out by the group: the blackouts caused to electricity companies in western Ukraine in December 2015 and, the following year, in Kiev, affecting hundreds of thousands of civilians.
The documentation sent by the Berkeley group is based on a provision of the Rome Statute, the treaty establishing the International Criminal Court, which allows non-governmental organizations to make recommendations to the ICC. The document asks the chief prosecutor of the International Criminal Court, Karim Khan, to "broaden the scope of his investigations and include the cyber sphere in addition to the traditional areas of war - land, air, sea and space - given the history of hostile cyber activities. by the Russian Federation in Ukraine ". The document, which was shared with sportsgaming.win US, acknowledges that the allegations against Sandworm would represent the first case of "cyber war crimes" brought to the International Criminal Court, but stresses that the precedent would help not only to get justice for who it is. been hit by the Sandworm cyberattacks, but also to deter future potentially worse cyberattacks against critical civilian infrastructures around the world.
See more Choose the sportsgaming.win newsletters you want to receive and subscribe! Weekly news and commentary on conflicts in the digital world, sustainability or gender equality. The best of innovation every day. It's our new newsletters: innovation just a click away.
Arrow Lindsay Freeman, head of technology, law and politics at the Human Rights Center, told sportsgaming.win Us that the prosecutor's office International Criminal Court responded privately to the group, confirming that it has received the documentation and adding that it is evaluating the recommendations. CPI prosecutor's office did not respond to sportsgaming.win Us's request for comment.
Freeman claims the ICC prosecutor's office - which is investigating ongoing war crimes in the framework of the Russian invasion of Ukraine together with the governments of Ukraine, Poland and Lithuania and Europol - will have to demonstrate that its mandate includes cyberattacks that violate international laws on armed conflict. Freeman also stresses that any allegations of cyber war crimes should add to, and not replace, those relating to the massacres, civilian killings and mass deportations underway to Ukraine.
Sandworm's cyberattacks Starting since the 2014 invasion, Russia has directed an unprecedented series of cyber attacks on Ukraine. The Sandworm alone attempted three blackouts in the country, at least two of which were successful; it has destroyed the networks of media companies, private companies and government agencies by carrying out targeted attacks; and in 2017, the group distributed NotPetya malware, which infected hundreds of organizations across Ukraine and then many more around the world, causing a record $ 10 billion in damage.
With the invasion initiated by Russia on February 24, Russian state-backed cybercriminals have launched a new campaign of heavy, large-scale attacks against hundreds of Ukrainian targets, often painstakingly coordinated with traditional military tactics. Among these there is also the cyber attack with which the cybercriminals of the Gru have targeted the Viasat satellite systems, disabling broadband connections throughout Ukraine and Europe.
Freeman explains that the recommendations of the Human Rights Center focus on the two blackouts caused by Sandworm in 2015 and 2016 for legal and practical reasons: the two attacks have already been the subject of thorough investigation and have been attributed to Sandworm thanks to the investigative work carried out by the sector private and by governments. In October 2020, six members of the group were indicted by the United States Department of Justice on several charges, including blackouts. Cyber attacks also occurred in the early years of the Russian war in Ukraine, during the fighting in the eastern region of the country, which makes it easier to argue that they occurred in the context of a military conflict and therefore constitute a war crime. Since no military operations were underway in western Ukraine or Kiev at the time of the blackouts, it is clear that the attacks had a civilian objective. Also, perhaps more importantly, the fact that they have had direct and obvious physical consequences makes it easier to equate them with the physical attacks that war crimes courts have pursued in the past.
Deterrence and Priorities If war crimes allegations can serve as a punitive measure to deter cyber attacks on critical infrastructure, it makes sense that they are now being leveled against a group like Sandworm, argues John Hultquist, who directs threat intelligence for cybersecurity firm Mandiant and which studied Sandworm for much of the decade.
On the other hand, Hultquist, a US war veteran who served in Afghanistan and Iraq, also wonders if that's right that cyber war crimes take precedence over traditional ones. "There is a clear difference between cyberattacks and attacks on the ground - he explains -. Cyber attacks cannot have the same effects that can be obtained by bombing and deploying tanks on the streets".
Freeman agrees that any ICC war crime allegation against Sandworm should not divert attention from traditional war crimes. But ongoing war crimes investigations on the ground will likely take years to bear fruit. Freeman argues that prosecuting Sandworm for the 2015 and 2016 Russian cyberattacks, on the contrary, would be simpler, thanks to the evidence already gathered by security researchers and Western governments.
WiredLeaks, how to send us an anonymous report In United States, Sandworm cybercriminals are already the subject of allegations. Since last month, the country's State Department has provided a reward of up to ten million dollars for anyone who provides information that could lead to the capture of six members of the group. According to Freeman, however, convicting cybercriminals for war crimes would have a greater deterrent effect and could even aid in their arrest. Freeman notes that under the Rome Statute, 123 countries are required to contribute to the arrest of convicted war criminals, including some countries that have no extradition treaties with the United States, such as Switzerland and Ecuador, which otherwise could represent a safe haven for group members.
Even if prosecutors of the International Criminal Court were to file war crimes charges against Sandworm for blackouts, there would still be some legal hurdles to overcome, says Bobby Chesney, director of the Strauss Center for International Security and Law at the University of Texas Law School. It would be necessary to convince the court that the attacks took place in a context of war, for example, and that the power grid was not a military target, or that the attacks disproportionately affected civilians.
Although there is no precedent among the cases handled by the International Criminal Court, the idea of extending international warfare laws to cyber attacks that have physical repercussions is still an easy argument to embrace.
"Everything you need to do is to ask: 'What if the Russians had planted bombs in electrical substations to achieve the same effect? Is it a war crime? ' The question is the same ”, explains Chesney, who compares the new" cyber sphere "of warfare to other forms of conflict, such as the air and submarine one, which although in the past they represented new ways of warfare have nevertheless been subject to international law.
The cyber sphere remains different, however, says Freeman, in that it has no borders and allows attackers to reach the entire world immediately, regardless of distance. That is why it is even more urgent to bring Russia's most dangerous cybercriminals to justice. "Sandworm is always active and continually carries out serious attacks that go unpunished - explains Freeman -. It represents an incredibly serious danger, which puts the whole world at the forefront of this conflict".
This article originally appeared on sportsgaming .win US.
In late March, a group of human rights lawyers and investigators from the Human Rights Center at UC Berkeley sent a formal request to the International Criminal Court (ICC) Attorney's Office in the Hague. The request invites the CPI to consider prosecuting Russian cybercriminals for cyber attacks in Ukraine. In the detailed documentation sent to the court, the Human Rights Center team that deals with international criminal investigations specifically points to Sandworm - a well-known group of cybercriminals that is part of the Russian military intelligence agency Gru - and two of the most serious acts of cyber warfare carried out by the group: the blackouts caused to electricity companies in western Ukraine in December 2015 and, the following year, in Kiev, affecting hundreds of thousands of civilians.
The documentation sent by the Berkeley group is based on a provision of the Rome Statute, the treaty establishing the International Criminal Court, which allows non-governmental organizations to make recommendations to the ICC. The document asks the chief prosecutor of the International Criminal Court, Karim Khan, to "broaden the scope of his investigations and include the cyber sphere in addition to the traditional areas of war - land, air, sea and space - given the history of hostile cyber activities. by the Russian Federation in Ukraine ". The document, which was shared with sportsgaming.win US, acknowledges that the allegations against Sandworm would represent the first case of "cyber war crimes" brought to the International Criminal Court, but stresses that the precedent would help not only to get justice for who it is. been hit by the Sandworm cyberattacks, but also to deter future potentially worse cyberattacks against critical civilian infrastructures around the world.
See more Choose the sportsgaming.win newsletters you want to receive and subscribe! Weekly news and commentary on conflicts in the digital world, sustainability or gender equality. The best of innovation every day. It's our new newsletters: innovation just a click away.
Arrow Lindsay Freeman, head of technology, law and politics at the Human Rights Center, told sportsgaming.win Us that the prosecutor's office International Criminal Court responded privately to the group, confirming that it has received the documentation and adding that it is evaluating the recommendations. CPI prosecutor's office did not respond to sportsgaming.win Us's request for comment.
Freeman claims the ICC prosecutor's office - which is investigating ongoing war crimes in the framework of the Russian invasion of Ukraine together with the governments of Ukraine, Poland and Lithuania and Europol - will have to demonstrate that its mandate includes cyberattacks that violate international laws on armed conflict. Freeman also stresses that any allegations of cyber war crimes should add to, and not replace, those relating to the massacres, civilian killings and mass deportations underway to Ukraine.
Sandworm's cyberattacks Starting since the 2014 invasion, Russia has directed an unprecedented series of cyber attacks on Ukraine. The Sandworm alone attempted three blackouts in the country, at least two of which were successful; it has destroyed the networks of media companies, private companies and government agencies by carrying out targeted attacks; and in 2017, the group distributed NotPetya malware, which infected hundreds of organizations across Ukraine and then many more around the world, causing a record $ 10 billion in damage.
With the invasion initiated by Russia on February 24, Russian state-backed cybercriminals have launched a new campaign of heavy, large-scale attacks against hundreds of Ukrainian targets, often painstakingly coordinated with traditional military tactics. Among these there is also the cyber attack with which the cybercriminals of the Gru have targeted the Viasat satellite systems, disabling broadband connections throughout Ukraine and Europe.
Freeman explains that the recommendations of the Human Rights Center focus on the two blackouts caused by Sandworm in 2015 and 2016 for legal and practical reasons: the two attacks have already been the subject of thorough investigation and have been attributed to Sandworm thanks to the investigative work carried out by the sector private and by governments. In October 2020, six members of the group were indicted by the United States Department of Justice on several charges, including blackouts. Cyber attacks also occurred in the early years of the Russian war in Ukraine, during the fighting in the eastern region of the country, which makes it easier to argue that they occurred in the context of a military conflict and therefore constitute a war crime. Since no military operations were underway in western Ukraine or Kiev at the time of the blackouts, it is clear that the attacks had a civilian objective. Also, perhaps more importantly, the fact that they have had direct and obvious physical consequences makes it easier to equate them with the physical attacks that war crimes courts have pursued in the past.
Deterrence and Priorities If war crimes allegations can serve as a punitive measure to deter cyber attacks on critical infrastructure, it makes sense that they are now being leveled against a group like Sandworm, argues John Hultquist, who directs threat intelligence for cybersecurity firm Mandiant and which studied Sandworm for much of the decade.
On the other hand, Hultquist, a US war veteran who served in Afghanistan and Iraq, also wonders if that's right that cyber war crimes take precedence over traditional ones. "There is a clear difference between cyberattacks and attacks on the ground - he explains -. Cyber attacks cannot have the same effects that can be obtained by bombing and deploying tanks on the streets".
Freeman agrees that any ICC war crime allegation against Sandworm should not divert attention from traditional war crimes. But ongoing war crimes investigations on the ground will likely take years to bear fruit. Freeman argues that prosecuting Sandworm for the 2015 and 2016 Russian cyberattacks, on the contrary, would be simpler, thanks to the evidence already gathered by security researchers and Western governments.
WiredLeaks, how to send us an anonymous report In United States, Sandworm cybercriminals are already the subject of allegations. Since last month, the country's State Department has provided a reward of up to ten million dollars for anyone who provides information that could lead to the capture of six members of the group. According to Freeman, however, convicting cybercriminals for war crimes would have a greater deterrent effect and could even aid in their arrest. Freeman notes that under the Rome Statute, 123 countries are required to contribute to the arrest of convicted war criminals, including some countries that have no extradition treaties with the United States, such as Switzerland and Ecuador, which otherwise could represent a safe haven for group members.
Even if prosecutors of the International Criminal Court were to file war crimes charges against Sandworm for blackouts, there would still be some legal hurdles to overcome, says Bobby Chesney, director of the Strauss Center for International Security and Law at the University of Texas Law School. It would be necessary to convince the court that the attacks took place in a context of war, for example, and that the power grid was not a military target, or that the attacks disproportionately affected civilians.
Although there is no precedent among the cases handled by the International Criminal Court, the idea of extending international warfare laws to cyber attacks that have physical repercussions is still an easy argument to embrace.
"Everything you need to do is to ask: 'What if the Russians had planted bombs in electrical substations to achieve the same effect? Is it a war crime? ' The question is the same ”, explains Chesney, who compares the new" cyber sphere "of warfare to other forms of conflict, such as the air and submarine one, which although in the past they represented new ways of warfare have nevertheless been subject to international law.
The cyber sphere remains different, however, says Freeman, in that it has no borders and allows attackers to reach the entire world immediately, regardless of distance. That is why it is even more urgent to bring Russia's most dangerous cybercriminals to justice. "Sandworm is always active and continually carries out serious attacks that go unpunished - explains Freeman -. It represents an incredibly serious danger, which puts the whole world at the forefront of this conflict".
This article originally appeared on sportsgaming .win US.