Cyber Attacks and Cyber (mis)information Operations During a Pandemic

Document

Cited authorities 3

Cited in

Cyber Attacks and Cyber (Mis)information

Operations During a Pandemic

Marko Milanovic* & Michael N. Schmitt**

INTRODUCTION . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 247

I. STATE CYBER OPERATIONS AGAINST HEALTH CARE SYSTEMS DURING

THE PANDEMIC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 250

A. Violation of Sovereignty . . . . . . . . . . . . . . . . . . . . . . . . . . . . 252

B. Violation of the Prohibition of Intervention . . . . . . . . . . . . . . 256

C. Violation of the Prohibition on the Use of Force . . . . . . . . . . 258

D. Violation of Human Rights . . . . . . . . . . . . . . . . . . . . . . . . . . 261

II. STATE MISINFORMATION DURING THE PANDEMIC . . . . . . . . . . . . . . . . . . . . 266

A. Violation of Human Rights Law When Directed Against A

State’s Own Population . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 267

B. Violation of Human Rights Law When Directed Against

Individuals in Other States . . . . . . . . . . . . . . . . . . . . . . . . . . 268

C. Violation of General International Law When Directed

Against Other States . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 269

III. STATE OBLIGATIONS REGARDING CYBER OPERATIONS AND

MISINFORMATION BY NON-STATE ACTORS AND THIRD STATES DURING

THE PANDEMIC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 270

A. Positive Due Diligence Obligation under Human Rights Law

to Protect the State’s Own Population Against Hostile

Operations by Other States and by Non-State Actors . . . . . . . 270

B. Constraints under Human Rights Law When Combatting

Hostile Cyber Operations and Misinformation . . . . . . . . . . . 274

C. Positive Due Diligence Obligation under General

International Law and Human Rights Law to Stop Hostile

Operations Against Other States . . . . . . . . . . . . . . . . . . . . . . 279

CONCLUSION. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 282

INTRODUCTION

The COVID-19 pandemic has been accompanied by reprehensible cyber opera-

tions directed against medical facilities and capabilities, as well as by a f‌lood of

* Professor of Public International Law, University of Nottingham School of Law. The discussion on

misinformation draws on my earlier three part series on Viral Information and the Freedom of

and Michael N. Schmitt.

** Professor of International Law, University of Reading; Francis Lieber Distinguished Scholar,

West Point; Strauss Center Distinguished Scholar and Visiting Professor of Law, University of Texas;

Charles H. Stockton Distinguished Scholar-in-Residence, U.S. Naval War College.

247

misinformation. In the Czech Republic, for example, Brno University Hospital was

targeted in an as yet unattributed attack that forced the facility to shut down its IT

network and that bled over into the aff‌iliated Children’s Hospital and the Maternity

Hospital. Urgent surgeries had to be postponed, and the hospital could not perform

its role as a designated COVID-19 testing center.

Similarly, cyber criminals have

conducted ransomware attacks targeting medical facilities, including one against

Hammersmith Medicines Research, which was on standby in the United Kingdom

to test vaccines. Although the primary attack was foiled, patient medical data were

exf‌iltrated and held for ransom.

Many other hostile cyber operations that directly

interfered with the delivery of care, medical logistics, and the research necessary to

effectively f‌ight the virus and its spread have occurred around the world.

So too have hostile cyber operations been directed against public health activ-

ities. For instance, one took down the Champaign-Urbana Public Health

District’s website, on which vital COVID-19 information was being posted. As a

result, alternative websites had to be activated to ensure that the information was

available to the public.

At the national level, the U.S. Department of Health and

Human Services was the target of a distributed denial of service attack lasting

several hours, although it fortunately failed to signif‌icantly affect the agency’s

systems. A state actor is suspected of having conducted the operation.

And the World Health Organization, which despite politicized claims to the

contrary plays a critical role in the global response to the pandemic, was sub-

jected to malicious cyber operations that tried to secure the passwords of its per-

sonnel. Although the motives remain unclear, the head of global research and

analysis at the Kaspersky cyber security f‌irm noted that “[a]t times like this, any

information about cures or tests or vaccines relating to coronavirus would be

priceless and the priority of any intelligence organization of an affected coun-

try.”

Cyber criminals have also engaged in phishing attacks impersonating the

1. Catalin Cimpanu, Czech Hospital Hit by Cyberattack While in the Midst of a COVID-19 Outbreak,

ZDNET (Mar. 13, 2020), https://perma.cc/E4N9-XFHT; Sean Lyngaas, Czech Republic’s Second-

Biggest Hospital is Hit by Cyberattack, CYBERSCOOP (Mar. 13, 2020), https://perma.cc/3QDR-WXDH.

2. Davey Winder, COVID-19 Vaccine Test Center Hit by Cyber Attack, Stolen Data Posted Online,

FORBES (Mar. 23, 2020), https://perma.cc/E96C-H5R2.

3. Aaron Holmes, Hackers are Targeting Hospitals Already Stretched Thin from Fighting the

Coronavirus—and Experts Say the Worst Cyberattacks May Still Be to Come, BUS. INSIDER (Apr. 14,

2020), https://perma.cc/LY8C-X49Q; Europe’s Largest Private Hospital Operator Fresenius Hit by

Ransomware, KREBSONSECURITY (May 6, 2020), https://perma.cc/4RAB-XS74; Joseph Marks,

Hospitals Face a Surge of Cyberattacks during the Novel Coronavirus Pandemic, WASH. POST (Apr. 15,

2020), https://perma.cc/YWX7-C4G8.

4. Debra Pressey, C-U Public Health District’s Website Held Hostage by Ransomware Attack, NEWS

GAZ. (Champaign, IL), Mar. 11, 2020, https://perma.cc/GM7B-TDBL.

5. Shira Stein & Jennifer Jacobs, Cyber-Attack Hits U.S. Health Agency Amid COVID-19 Outbreak,

BLOOMBERG (Mar. 16, 2020), https://perma.cc/ZC47-AXER.

6. Raphael Satter, Jack Stubbs & Christopher Bing, Elite Hackers Target WHO as Coronavirus

Cyberattacks Spike, REUTERS (Mar. 23, 2020, 3:08 PM), https://perma.cc/D7NP-9THA.

248 JOURNAL OF NATIONAL SECURITY LAW & POLICY [Vol. 11:247

WHO to gain access to information in personal computers, in one case distribut-

ing a fake “My Health e-book” attachment containing a f‌ile with malware.

Additionally, the COVID-19 crisis has spawned an epidemic of online misinfor-

mation. At times, the claims have been farcical. For instance, individuals in the

United Kingdom and the Netherlands have vandalized phone masts in reaction to

online conspiracy theories tying the construction of 5G masts to the pandemic.

Often the claims are politically motivated, as with suggestions that the virus was cre-

ated in, and escaped from, a Chinese laboratory. In the United States, the Director of

the National Institute of Allergy and Infectious Diseases, Dr. Anthony Fauci, found

it necessary to debunk the story, which had been impliedly supported by President

Trump during one of his lengthy news conferences.

And the scale of the misinfor-

mation is truly daunting.

According to the British regulator Ofcom, “almost half of

UK online adults came across false or misleading information about the coronavirus

(COVID-19)” in a single week in early April 2020.

The contemporary power of misinformation and “fake news” to polarize soci-

eties and politics is hardly surprising. But the convergence of COVID-19 and vi-

ral misinformation is unique in its potential to cause signif‌icant societal harm, for

the “infodemic” is disrupting the coordinated, medically sound response that is

necessary to control the spread of the virus.

Tragically, it is even directly caus-

ing large-scale loss of human life. Consider Iran, where the government has

reported that hundreds died after ingesting methanol or other high-proof alcohol,

falsely believing social media claims that doing so would protect them from the

virus.

Some states appear to be leveraging the crisis to seek advantage in cyberspace.

For example, the Syrian government has allegedly exploited the pandemic to dis-

tribute surveillance malware through watering hole attacks and third party app

stores.

And a report by the State Department’s Global Engagement Center,

which has not been made public, apparently accuses China, Iran, and Russia of

7. Malwarebytes Labs, Cybercriminals Impersonate World Health Organization to Distribute Fake

Coronavirus E-book (Mar. 18, 2020), https://perma.cc/5ERJ-78TQ.

8. The theories range from 5G causing COVID-19 to the lockdown measures being imposed as a

distraction from the construction of 5G infrastructure and its alleged ill-effects. Jim Waterson & Alex

Hern, At Least 20 UK Phone Masts Vandalised Over False 5G Coronavirus Claims, GUARDIAN (Apr. 6,

2020), https://perma.cc/FJ34-FTPT; Dutch Telecommunications Towers Damaged by 5G Protestors:

Telegraaf, REUTERS (Apr. 11, 2020), https://perma.cc/3LC8-25LD.

9. John Haltiwanger, Dr. Fauci Throws Cold Water on Conspiracy Theory that Coronavirus Was

Created in a Chinese Lab, BUS. INSIDER (Apr. 18, 2020), https://perma.cc/PP8A-HPER.

10. Aaron Holmes, Roughly Half the Twitter Accounts Pushing to “Reopen America” Are Bots,

Researchers Found, BUS. INSIDER (May 22, 2020), https://perma.cc/3VHL-N3A4.

11. Ofcom, Half of UK Adults Exposed to False Claims about Coronavirus (Apr. 9, 2020), https://

perma.cc/MWM7-CT74.

12. John Zarocostas, How to Fight an Infodemic, LANCET (Feb. 29, 2020); Coronavirus Myths

Explored, MED. NEWS TODAY (April 6, 2020), https://perma.cc/JZ9Q-FCD2.

13. Bel Trew, Coronavirus: Hundreds Dead in Iran from Drinking Methanol Amid Fake Reports It

Cures Disease, INDEPENDENT (Mar. 27, 2020), https://perma.cc/257C-CR9G.

14. Lookout Research: Nation-State Mobile Malware Targets Syrians with COVID-19 Lures,

SECURITY (Apr. 16, 2020), https://perma.cc/RS8J-966L.

2020] CYBER ATTACKS AND CYBER (MIS)INFORMATION OPERATIONS 249

To continue reading

Request your trial

Subscribers can access the reported version of this case.

You can sign up for a trial and make the most of our service including these benefits.

Request your trial

Why Sign-up to vLex?

Over 100 Countries

Search over 120 million documents from over 100 countries including primary and secondary collections of legislation, case law, regulations, practical law, news, forms and contracts, books, journals, and more.
Thousands of Data Sources

Updated daily, vLex brings together legal information from over 750 publishing partners, providing access to over 2,500 legal and news sources from the world’s leading publishers.
Find What You Need, Quickly

Advanced A.I. technology developed exclusively by vLex editorially enriches legal information to make it accessible, with instant translation into 14 languages for enhanced discoverability and comparative research.
Over 2 million registered users

Founded over 20 years ago, vLex provides a first-class and comprehensive service for lawyers, law firms, government departments, and law schools around the world.

Subscribers are able to see a list of all the cited cases and legislation of a document.

You can sign up for a trial and make the most of our service including these benefits.

Request your trial

Why Sign-up to vLex?

Over 100 Countries

Search over 120 million documents from over 100 countries including primary and secondary collections of legislation, case law, regulations, practical law, news, forms and contracts, books, journals, and more.
Thousands of Data Sources

Updated daily, vLex brings together legal information from over 750 publishing partners, providing access to over 2,500 legal and news sources from the world’s leading publishers.
Find What You Need, Quickly

Advanced A.I. technology developed exclusively by vLex editorially enriches legal information to make it accessible, with instant translation into 14 languages for enhanced discoverability and comparative research.
Over 2 million registered users

Founded over 20 years ago, vLex provides a first-class and comprehensive service for lawyers, law firms, government departments, and law schools around the world.

Subscribers are able to see a list of all the documents that have cited the case.

You can sign up for a trial and make the most of our service including these benefits.

Request your trial

Why Sign-up to vLex?

Over 100 Countries

Search over 120 million documents from over 100 countries including primary and secondary collections of legislation, case law, regulations, practical law, news, forms and contracts, books, journals, and more.
Thousands of Data Sources

Updated daily, vLex brings together legal information from over 750 publishing partners, providing access to over 2,500 legal and news sources from the world’s leading publishers.
Find What You Need, Quickly

Advanced A.I. technology developed exclusively by vLex editorially enriches legal information to make it accessible, with instant translation into 14 languages for enhanced discoverability and comparative research.
Over 2 million registered users

Founded over 20 years ago, vLex provides a first-class and comprehensive service for lawyers, law firms, government departments, and law schools around the world.

Subscribers are able to see the revised versions of legislation with amendments.

You can sign up for a trial and make the most of our service including these benefits.

Request your trial

Why Sign-up to vLex?

Over 100 Countries

Search over 120 million documents from over 100 countries including primary and secondary collections of legislation, case law, regulations, practical law, news, forms and contracts, books, journals, and more.
Thousands of Data Sources

Updated daily, vLex brings together legal information from over 750 publishing partners, providing access to over 2,500 legal and news sources from the world’s leading publishers.
Find What You Need, Quickly

Advanced A.I. technology developed exclusively by vLex editorially enriches legal information to make it accessible, with instant translation into 14 languages for enhanced discoverability and comparative research.
Over 2 million registered users

Founded over 20 years ago, vLex provides a first-class and comprehensive service for lawyers, law firms, government departments, and law schools around the world.

Subscribers are able to see any amendments made to the case.

You can sign up for a trial and make the most of our service including these benefits.

Request your trial

Why Sign-up to vLex?

Over 100 Countries

Search over 120 million documents from over 100 countries including primary and secondary collections of legislation, case law, regulations, practical law, news, forms and contracts, books, journals, and more.
Thousands of Data Sources

Updated daily, vLex brings together legal information from over 750 publishing partners, providing access to over 2,500 legal and news sources from the world’s leading publishers.
Find What You Need, Quickly

Advanced A.I. technology developed exclusively by vLex editorially enriches legal information to make it accessible, with instant translation into 14 languages for enhanced discoverability and comparative research.
Over 2 million registered users

Founded over 20 years ago, vLex provides a first-class and comprehensive service for lawyers, law firms, government departments, and law schools around the world.

Subscribers are able to see a visualisation of a case and its relationships to other cases. An alternative to lists of cases, the Precedent Map makes it easier to establish which ones may be of most relevance to your research and prioritise further reading. You also get a useful overview of how the case was received.

Request your trial

Why Sign-up to vLex?

Over 100 Countries

Search over 120 million documents from over 100 countries including primary and secondary collections of legislation, case law, regulations, practical law, news, forms and contracts, books, journals, and more.
Thousands of Data Sources

Updated daily, vLex brings together legal information from over 750 publishing partners, providing access to over 2,500 legal and news sources from the world’s leading publishers.
Find What You Need, Quickly

Advanced A.I. technology developed exclusively by vLex editorially enriches legal information to make it accessible, with instant translation into 14 languages for enhanced discoverability and comparative research.
Over 2 million registered users

Founded over 20 years ago, vLex provides a first-class and comprehensive service for lawyers, law firms, government departments, and law schools around the world.

Subscribers are able to see the list of results connected to your document through the topics and citations Vincent found.

You can sign up for a trial and make the most of our service including these benefits.

Request your trial

Why Sign-up to vLex?

Over 100 Countries

Search over 120 million documents from over 100 countries including primary and secondary collections of legislation, case law, regulations, practical law, news, forms and contracts, books, journals, and more.
Thousands of Data Sources

Updated daily, vLex brings together legal information from over 750 publishing partners, providing access to over 2,500 legal and news sources from the world’s leading publishers.
Find What You Need, Quickly

Advanced A.I. technology developed exclusively by vLex editorially enriches legal information to make it accessible, with instant translation into 14 languages for enhanced discoverability and comparative research.
Over 2 million registered users

Founded over 20 years ago, vLex provides a first-class and comprehensive service for lawyers, law firms, government departments, and law schools around the world.

Cyber Attacks and Cyber (mis)information Operations During a Pandemic

You can sign up for a trial and make the most of our service including these benefits.

Why Sign-up to vLex?

Over 100 Countries

Thousands of Data Sources

Find What You Need, Quickly

Over 2 million registered users

You can sign up for a trial and make the most of our service including these benefits.

Why Sign-up to vLex?

Over 100 Countries

Thousands of Data Sources

Find What You Need, Quickly

Over 2 million registered users

You can sign up for a trial and make the most of our service including these benefits.

Why Sign-up to vLex?

Over 100 Countries

Thousands of Data Sources

Find What You Need, Quickly

Over 2 million registered users

You can sign up for a trial and make the most of our service including these benefits.

Why Sign-up to vLex?

Over 100 Countries

Thousands of Data Sources

Find What You Need, Quickly

Over 2 million registered users

You can sign up for a trial and make the most of our service including these benefits.

Why Sign-up to vLex?

Over 100 Countries

Thousands of Data Sources

Find What You Need, Quickly

Over 2 million registered users

Why Sign-up to vLex?

Over 100 Countries

Thousands of Data Sources

Find What You Need, Quickly

Over 2 million registered users

You can sign up for a trial and make the most of our service including these benefits.

Why Sign-up to vLex?

Over 100 Countries

Thousands of Data Sources

Find What You Need, Quickly

Over 2 million registered users