ICC: September Breach Was Espionage Raid
The International Criminal Court (ICC) has revealed that a September cyber-attack on its IT systems was a highly targeted espionage attempt, although attribution thus far remains elusive.
The Netherlands-headquartered tribunal, which tries individuals suspected of war crimes and crimes against humanity, first posted a brief message about the breach at the end of September.
However, a longer blog post on Friday revealed more information gathered from a subsequent forensics investigation.
“The evidence available thus far indicates a targeted and sophisticated attack with the objective of espionage. The attack can therefore be interpreted as a serious attempt to undermine the court’s mandate,” it stated.
“Based on the forensic analysis carried out, the court has already taken and will continue to take all necessary steps to address any compromise to data belonging to individuals, organizations and states. Should evidence be found that specific data entrusted to the court has been compromised, those affected would be contacted immediately and directly by the court.”
Read more on ICC breaches: International Criminal Court Reveals Security Breach
The ICC has not yet been able to confirm who was behind the incident, although Dutch law enforcers are continuing with their criminal investigation.
As Infosecurity reported last month, there are plenty of potential suspects who may benefit from finding out more about current ICC cases and protected witnesses. Prosecutors are currently said to be investigating 17 cases in Ukraine, Uganda, Venezuela, Afghanistan and the Philippines.
The ICC also issued a global arrest warrant for Russian President Vladimir Putin back in March, putting the Russian state top of the list of suspects for this cybersecurity breach.
A Russian spy masquerading as a Brazilian intern was blocked from working for the ICC after Dutch intelligence intervened last year.
The ICC said it is “accelerating” several cybersecurity initiatives in response to the breach, as well as enhancing its risk management framework and incident response processes.
“This latest attack comes at the time of broader and heightened security concerns for the court: several elected officials, including judges of the court and the prosecutor, have had criminal proceedings initiated against them; the court has recently undergone daily and persistent attempts to attack and disrupt its systems; and the court averted an almost successful attempt to infiltrate a hostile intelligence officer into the court under the guise of an intern,” it concluded.