Wednesday, August 3, 2011

Operation Shady RAT (Remote Access Control)

The internet is perhaps the most dangerous place on the planet. No one is safe. Not even the United Nations.
Photo Source: http://www.presstv.ir/detail/163926.html
Security company McAfee, discovered the biggest series of cyber attacks in the last 5 years which involved the the infiltration of the networks of 72 organizations including the United Nations, governments (US, Taiwan, India, South Korea, Vietnam and Canada) and companies around the world. It believed there was one "state actor" behind the attacks but declined to name it, though the evidence "allegedly" points to China. (Source: Reuters)

Cyber attacks are perhaps as old as the internet. However, what is alarming about this report is that a "state actor" is involved in the attacks against various governments of different countries. Should the "state actor" be proven, could such cyber attacks escalate to a dispute under the principles of international law?

In international law, the state is responsible for all actions of its officials and organs, even if the organ/actor/official is acting ultra vires. However, before a state can be held responsible for any action, it is necessary to prove a causal connection between the injury and an official act or omission attributable to the state alleged to be in breach of its obligations.

In the case at bar, it is not clear whether the "hacker-state-actor" owed an international obligation to the injured governments under either a treaty or customary law. So far, the only relevant document regarding the matter is the 2007 resolution passed by the UN Disarmament and International Security Committee related to IT security concerns related to organized crime, terrorism and politically motivated cyber attacks. Take note that this is not even the General Assembly or the Security Council, but a Committee. Hence, no "force" so to speak.

While the use of all the illegally obtained data is still largely an open question, the need for an international legal framework to combat malicious or illegal use of information technology is called for by many sectors around the world. After all, we live in the age where information is power ---political or economic.


Entry No. 7
Soleil Flores

No comments: