The International Criminal Court (ICC) has launched an investigation into alleged Russian cyberattacks on Ukrainian civilian infrastructure, examining them as possible war crimes (via Reuters).
The ICC's probe, confirmed by sources to Reuters, is the first instance of international prosecutors investigating cyberattacks in the context of war crimes.
The focus is on attacks that disrupted essential services, including power and water supplies, emergency response connections, and mobile data services used for air raid warnings. Such disruptions pose significant risks to civilian lives and safety.
The investigation is not limited to the recent conflict that began with Russia's full-scale invasion of Ukraine in February 2022. It may also examine cyberattacks dating back to 2015, following Russia's annexation of Crimea.
This photograph taken in Kyiv on February 26, 2024 shows a laptop screen with a webpage of the IT Army of Ukraine group of volunteer hackers. The IT Army of Ukraine first set up in the wake of Russia's devastating attack, and has since hugely grown in importance. It is one of a flurry of hacker groups that have flourished in wartime, countering Russia from behind their screens and operating in a legal grey area. Photo by GENYA SAVILOV/AFP via Getty Images
Russia Under Investigation for Potential War Crimes from Hacking Ukrainian Infrastructure
Cyberattacks on critical infrastructure pose a grave threat to civilians, with the International Criminal Court (ICC) actively investigating several major incidents targeting energy systems. One group under scrutiny, "Sandworm," is allegedly tied to Russian military intelligence and has been implicated in numerous high-profile cyberattacks.
Reuters tells us that researchers from the Human Rights Center at UC Berkeley School of Law have compiled evidence on Sandworm's activities, submitting information to the ICC on five cyberattacks that could potentially constitute war crimes.
Since the onset of the Ukraine conflict, the ICC has issued four arrest warrants against senior Russian officials, including President Vladimir Putin, for war crimes related to the deportation of Ukrainian children. While neither Russia nor Ukraine are ICC members, Ukraine has granted the court jurisdiction over crimes committed within its borders.
However, the legal framework surrounding cyberattacks as war crimes is still developing. The Geneva Conventions forbid attacks on civilian objects, but there is no universally recognized definition of a cyber war crime. The Tallinn Manual, a non-binding guide on applying international law to cyber warfare, provides some guidance, but interpretations vary.
Michael Schmitt, a professor at the University of Reading who leads the Tallinn Manual process, emphasized the significance of this investigation, stating, "One must always consider the foreseeable consequences of their operations. In this case, it was a foreseeable consequence that placed human beings at risk."
Cybersecurity experts and government agencies have consistently linked the Russian state-sponsored hacking group, Sandworm, to numerous attacks on critical infrastructure across the globe.
One of the earliest high-profile attacks attributed to Sandworm occurred in 2015 when the group targeted and disrupted the power grid in western Ukraine. Another major outage caused by a Sandworm breach was reported in 2022.
In December 2023, Sandworm launched another devastating attack, this time targeting Kyivstar, Ukraine's largest mobile network operator. This attack disrupted mobile and internet services for approximately 24 million people.
Sandworm's reach extended beyond Ukraine, with reports linking the group to attacks on critical infrastructure in the United States, France, and Poland in April 2024.
