State-sponsored Ransomware Through the Lens of Maritime Piracy

Publication year2019
CitationVol. 47 No. 3

STATE-SPONSORED RANSOMWARE THROUGH THE LENS OF MARITIME PIRACY

Evans F. Horsley

[Page 669]

TABLE OF CONTENTS

I. INTRODUCTION.......................................................................................670

II. BACKGROUND INFORMATION...............................................................671

A. Background on State-Sponsored Economic Cyberattacks.........671
B. The History of Maritime Piracy..................................................673
C. Contemporary Understanding of Laws on Maritime Piracy......675

III. ANALYSIS.............................................................................................677

IV. CONCLUSION........................................................................................681

[Page 670]

I. Introduction

Until the last few decades, conflicts between nation-states were confined to four domains: land, water, air, and space.1 Common to each of these domains is the fact that they are all physical divisions with relatively distinct borders. It was not until recently when we added the fifth domain, cyberspace, that laws had to be adapted to deal with an entire realm of activity that only exists intangibly.2 Cyberattacks are unique in that the individuals actually perpetrating the assaults do not need to be present within the physical arena they are targeting, and they do not require the extensive training or heavy artillery required for the success of most military operations.3 The Ponemon Institute reported in 2016 that American companies lost on average $17.36 million per year to cyberattacks, but the thieves only needed a few computers to carry out their attacks.4

In May 2017, North Korea was linked to the WannaCry cyberattacks that targeted personal computers in over 150 countries.5 WannaCry ransomware held computers hostage until the ransom, which was paid in the cybercurrency "bitcoin," was proffered. If the ransom was not paid, all of the files on the computer would be destroyed.6 The use of this type of state-sponsored cyberattack, the sole purpose of which was to extort money, was unprecedented, at least in the domain of cyberspace.7

However, state backing of robbers on the high seas has a long and storied history stretching back for thousands of years to the Ancient Greeks.8

[Page 671]

Throughout this time, nations have alternatively "treated pirates as combatants, enemies or criminals."9 Currently, there is no uniform definition of piracy at the domestic level, and there are debates regarding the efficacy of the international definition provided in Article 15 of the 1958 Geneva Convention on the Law of the Sea (HSC) and Article 101 of the United Nations Convention on the Law of the Sea (UNCLOS).10 Nevertheless, it is the position of this Note that the newer form of economic aggression displayed in the WannaCry attack is not a new concept, and state-sponsored ransomware can be understood in the context of maritime piracy.

The objectives of this Note are to provide a brief review of the evolution of maritime piracy and legal approaches to it, and to analyze the new state-sponsored economic cyberattacks through the lens of this longstanding international crime. State-sponsored ransomware attacks are cyberattacks which are either funded by a government or executed by its agencies primarily for the purpose of monetary gain. These attacks are a new concept, but the underlying action is an old one. These ransomware attacks are just state-sponsored piracy in a new domain. As such, it is logical to conceptualize ransomware attacks under the preexisting legal framework for maritime piracy.

II. BACKGROUND INFORMATION

In order to conceptualize state-sponsored cyberattacks under the history and laws surrounding maritime piracy, we must first possess a basic understanding of the subjects involved. Cyberspace is new to the technological age, and the laws governing this new domain remain largely unrefined. Similarly, the current domestic laws and international treaties governing piracy, which have only been in place for about the last century, are in many ways fundamentally different from the legal philosophies on piracy that predominated most of modern history. The effect of these contemporary changes underpins the analysis of this Note.

A. Background on State-Sponsored Economic Cyberattacks

State-sponsored cyberattacks differ from those perpetrated purely by individuals in a number of key aspects beyond the mere fact that a country rather than an individual is behind the assault. These differences can make state-sponsored attacks both more damaging and harder to defend against.11 Unlike

[Page 672]

cybercriminals, countries will not necessarily target marketable cyber material. Instead, they will usually attempt to gain information that will benefit the national interest in some manner. Perhaps the most immediately obvious example of the type of data a government will attempt to gain is political information stored in embassies or governmental agencies that may be important for national security reasons. However, states may also target private companies to access trade secrets in a bid to help their domestic producers, as was the case in the Chinese UglyGorilla attacks on five U.S. companies, including the United States Steel Corporation, in 2014.12

State-sponsored attackers are also more likely to have large, well-organized teams, and these teams are capable of working around the clock.13 Not only can states perpetuate attacks all day and night, but they are also capable of maintaining penetration into foreign systems—undetected—for long periods of time.14 As of 2014 "84 percent of the reported attack discoveries were made by third parties."15 In contrast, private hackers do not typically have the resources or the inclination to target more secure networks or to continue a hack long-term.16

Article 2(4) of the United Nations (UN) Charter states "All Members shall refrain in their international relations from the threat or use of force against the territorial integrity or political independence of any state, or in any other manner inconsistent with the Purposes of the United Nations."17 This prohibition on the threat or use of force is a succinct provision, but its impact on state responses towards disfavored actions of other nations is far-reaching. Generally, this article restricts military attacks unless a state is acting in self-defense or with authorization from the UN Security Council.18 In contrast, the self-defense exception is typically not permitted for economic and diplomatic assaults or pressure.19 In other words, a state cannot respond with physical force when the assault itself was not physical. This proposition usually holds true even if the targeted state suffers tremendous costs.20

With regard to cyberwarfare, Article 2(4) has been interpreted to prohibit cyberattacks that cause physical consequences if the effects reach a certain severity threshold, but the same is not true of cyberattacks aimed at causing

[Page 673]

economic harm.21 The current use of force scholarship commonly understands this distinction as one between "kinetic" cyberattacks (KCAs), which produce "direct or indirect physical consequences,"22 and non-kinetic cyberattacks, which produce only non-physical harm.

For example, a Twitter hack in 2013 announcing an explosion in the White House and the death of President Obama caused the Dow Jones index to plummet 145 points, costing approximately $150 billion. This incident would not have fallen under the Article 2(4) prohibition because it was not a KCA.23 On the other hand, in 1982, hackers tampered with software that controlled the pump speeds and valve settings of a Soviet pipeline, leading to a massive ex-plosion,24 which would be considered a kinetic cyberattack, and thus would be encompassed by Article 2(4).

The 2017 WannaCry attack targeted preexisting programming weaknesses in computers running on Microsoft operating systems across dozens of countries.25 The ransomware was capable of infecting both home computers and the networks of larger organizations, leading to the loss of sensitive information, financial losses, disruption to regular operations, and harm to some organizations' reputations.26 The attack was unprecedented in scope, but despite the fact that it was a state-sponsored effort to steal from individuals and private entities in cyberspace,27 it was not a KCA as most scholarship understands it. WannaCry was economically motivated aggression and as such would almost certainly not be actionable under Article 2(4) as it is presently interpreted. However, WannaCry highly resembles our historical understanding of maritime piracy and privateering in many significant ways.

B. The History of Maritime Piracy

While many pirates during the "Golden Age" of maritime piracy were true outlaws, there existed a large system of state-sponsored piracy.28 From Queen Elizabeth I's Sir Francis Drake, often referred to by the Queen as "my pirate," to the Barbarossa Brothers, who were sponsored by the Ottoman Sultan, looting enemy ships was a common practice from the 1400s through the late

[Page 674]

1700s.29 On the other hand, laws from around the same time period often required pirates to be tried and executed aboard the capturing warship.30 The scourge of the pirate, whether under the protection of a flag or otherwise, has plagued sovereign nations for nearly as long as merchants have been sailing the high seas, and while it has been eradicated in some areas for a time, it has never been fully eliminated.31

As most Romans and Greeks understood, pirates were considered "belligerent[s]."32 This was in the context of war, and sailors looting ships were largely considered to be acting as enemy combatants.33 The Ancient Queen Teuta of Illyria "authorized her subjects' ships to 'plunder all whom they fell in with.' . . . This eventually led to uncontrolled piracy in the Adriatic."34 In time, Queen Teuta's sanctioning of her...

To continue reading

Request your trial

VLEX uses login cookies to provide you with a better browsing experience. If you click on 'Accept' or continue browsing this site we consider that you accept our cookie policy. ACCEPT