ICC investigates cyber intrusions in Ukraine as likely war violations
Individuals at the International Criminal Court are looking into purported Russian cyber incursions on Ukrainian civilian structures as potential acts of war, according to four sources familiar with the situation who relayed the information to Reuters.
This marks the first acknowledgment that cyber intrusions are under scrutiny by international prosecutors, potentially leading to arrest warrants pending the accumulation of sufficient evidence.
The examination focuses on attacks that endangered lives by disrupting critical infrastructure, such as power and water supplies, hampering communication with emergency services, or disrupting mobile networks that transmit alerts for air raids, as noted by a government official.
International Criminal Court investigators, collaborating with Ukrainian counterparts, are delving into “cyber activities that occurred since the onset of the extensive invasion” in February 2022, the unnamed source mentioned since the inquiry remains ongoing.
Additional sources close to the ICC prosecutor’s office verified the scrutiny of cyberattacks in Ukraine, suggesting the investigations may extend back to 2015, the year following Russia’s appropriation and annexation of the Crimean Peninsula from Ukraine.
Prior to this, Moscow denied conducting cyber offensives, describing the claims as endeavors to provoke anti-Russian sentiments.
Ukraine is in the process of assembling evidence to support the ICC prosecutor’s inquiries.
Although the ICC prosecutor’s office abstained from offering comments on Friday, it previously asserted its authority to address cyber-related crimes and refrained from discussing ongoing probes.
Since the commencement of the invasion, the court has released four arrest warrants against notable Russian suspects, including President Vladimir Putin, accused of committing war-related offenses like forcing Ukrainian minors into Russia.
Russia, not a signatory to the ICC, dismissed the warrants as “invalid”. Ukraine, similarly not a member, has nonetheless authorized the ICC to prosecute crimes within its borders.
In April, a pre-trial chamber issued arrest warrants alleging two Russian commanders perpetrated crimes against humanity by targeting civilian infrastructure. The Russian defence ministry did not issue a response to this at the time.
According to two informed insiders, at least four significant assaults on energy infrastructure are currently under investigation.
As indicated by a senior source, a faction of Russian hackers, known in cybersecurity parlance as “Sandworm”, is under ICC scrutiny and is believed by Ukrainian officials and cybersecurity specialists to act in alignment with Russian military intelligence.
This group is suspected of several high-profile cyber incidents, such as the notable 2015 attack on a power grid in western Ukraine, recognized among the earliest of its kind by cybersecurity experts.
A cohort of activist hackers operating under the name “Solntsepyok” (“hot spot”) claimed responsibility for a substantial breach on Ukrainian mobile service provider Kyivstar on December 12 last year. Ukrainian security entities identified this group as a proxy for Sandworm.
Allegedly, Sandworm has also undertaken extensive cyber espionage operations on behalf of Russia’s intelligence agencies against Western governments, as perceived by Kyiv.
Could a cyber incursion amount to a war crime?
Apt individuals have suggested that cyber offensives targeting industrial control systems, pivotal in supporting much of the world’s industrial framework, are infrequent, but that Russia falls into a small bracket of countries with the capability to do so, as per cybersecurity researchers.
The ongoing ICC inquiry, poised to establish a legal precedent, is being keenly observed.
The body of international law governing armed conflicts, codified in the Geneva Conventions, prohibits attacks on civilian entities, yet a universally acknowledged definition of what constitutes a cyber war violation remains elusive.
In 2017, legal experts collaborated to produce the Tallinn Manual, a guide on implementing international law in cyberwarfare and related operations.
However, interviews with individuals for Reuters indicated uncertainties revolving around whether digital data itself could be deemed the “entity” of an attack as proscribed by international humanitarian law, or if its obliteration, which could detrimentally impact civilians, could qualify as a war crime.
“Should the court decide on this matter, it would bring about significant clarity for us,” mentioned Professor Michael Schmitt from the University of Reading, who spearheads the Tallinn Manual project.
Schmitt contends that the Kyivstar hack, owned by Dutch company Veon, satisfies the criteria for being designated a war violation.
“In planning operations, you must always consider the foreseeable consequences. And, that outcome posed a foreseeable risk to human lives.”
Ukraine’s intelligence agency disclosed details of the incident to ICC investigators in The Hague. Concurrently, Kyivstar disclosed ongoing analyses jointly conducted with international suppliers and Ukraine’s security bureau, SBU.
About Author
