A United Nations Convention on Cybercrime
| Author | Mickellea M. Tennis |
| Position | Juris Doctor, Capital University Law School Class of 2020 |
| Pages | 87-133 |
A UNITED NATIONS CONVENTION ON CYBERCRIME
MICKELLEA M. TENNIS*
I. INTRODUCTION
On December 23, 2015, around 3:35 p.m. local time, Kiev and other
surrounding areas of Ukraine were thrust into total darkness.
1
An operator
in the Ivano-Frankivsk region of Ukraine sat incredulous at his desk as his
mouse cursor began to move all by itself.
2
The mouse opened one electric
breaker serving a section of the region, selected to shut down the breaker,
and then affirmed the action in a pop-up confirmation message.
3
Then it
moved to the next substation, doing the same thing, and then to the next.
4
This power outage was no accident. It was a message from Russia with love:
submit or suffer.
5
* Juris Doctor, Capital University Law School Class of 2020; Marshall-Brennan Fellow;
Managing Editor Vol. 48 Capital University Law Review; B.A. in International Relations and
Diplomacy; Honors and Scholars student at The Ohio State University. I would like to thank
my faculty advisor and mentor Professor Hannah Botkin -Doty and Professor Scott Anderson
for their help in structuring and focusing this comment. I would also like to thank my family
for their endless support in my academic pursuits.
1
ROBERT M. LEE, MICHAEL J. ASSANTE & TIM CONWAY, ELECTRICITY INFO. SHARING &
ANALYSIS CTR., ANALYSIS OF THE CYBER ATTACK ON THE UKRAINIAN POWER GRID iv (2016),
https://ics.sans.org/media/E-ISAC_SANS_Ukraine_DUC_5.pdf [https://perma.cc/SY4E-
2UVS].
2
See Kim Zetter, Inside the Cunning, Unprecedented Hack of Ukraine’s Power Grid,
WIRED (Mar. 3, 2016), https://www.wired.com/2016/03/inside-cunning-unprecedented-
hack-ukraines-power-grid/ [https://perma.cc/44HB-EY8T].
3
Id.
4
See id.
5
See Andy Greenberg, How An Entire Nation Became Russia’s Test Lab for Cyberwar,
WIRED (Jun. 20, 2017), https://www.wired.com/story/russian-hackers-attack-ukraine/
[https://perma.cc/UX5J-TM6T]; Council on Foreign Rel., Conflict in Uk raine, GLOBAL
CONFLICT TRACKER (last updated Dec. 28, 2018), https://www.cfr.org/interactives/global-
conflict-tracker#!/conflict/conflict-in-ukraine [https://perma.cc/YH92-E3WD]. Ukraine’s
fraught centuries-long history with Russia is extremely relevant to the cyberattack. Id. The
Russian attack was likely inspired by a multitude of factors, including Ukraine’s growing
attraction towards the European Union, its cutting of power to the recently-annexed
Crimean peninsula, and the attack was perhaps the general progres sion of Russia’s effort to
assist Russian-separatist forces in their resistance against the Ukrainian government. Id.
190 CAPITAL UNIVERSITY LAW REVIEW [48:189
This cyberattack was unprecedented.
6
Traced back to the now infamous
Russian government-associated hacking group Fancy Bear, the attack was
the first of its kind to successfully affect the power stations of a country.
7
Ukraine’s power system was not an easy target—the systems in Ukraine
were more secure than many other power grid systems in the West, including
the United States.
8
The methods employed in this attack were simple but
effective when implemented by professionals. A basic email spear-phishing
campaign started nine months prior to the attack exploited the macro features
of Microsoft programs on Ukrainian computers, resulting ultimately in the
loss of power to over 230,000 people right before Christmas Eve.
9
This attack may have been performed using basic methods, but the
detailed coordination was not; the attack was “highly sophisticated,” so
much so that experts believe that a national government was directly
involved in the crime.
10
This attack was also personal, appearing to be “a
component of a destabilization campaign aimed at Ukraine as it reduces its
dependence on Russia and leans west towards the European Union (EU) and
NATO economically, politically, and militarily.”
11
This campaign was
intended to carry two messages: Ukraine needed to get back in its
subservient place, and the world should fear the new hard power of state-
sponsored Russian hackers.
12
What happened in Ukraine can happen anywhere, and indeed, in many
places it already has. Cybercrime such as this attack poses a unique threat
to modern society, but the attention paid to the problem until recently has
been minimal. Unsophisticated methods like phishing emails can be
tactfully employed by skilled cybercriminals to influence democratic
elections, steal billions of dollars’ worth of real and crypto currencies, and
6
See Donghui Park, Julia Summers & Michael Walstrom, Cyberat tack on Critical
Infrastructure: Russia and the Ukrainian Power Grid Attacks, HENRY M. JACKSON SCH. INT’L
STUD., U. WASH. (Oct. 11, 2017), https://jsis.washington.edu/news/cyberattack-critical-
infrastructure-russia-ukrainian-power-grid-attacks/ [https://perma.cc/5X3A-NFLB].
7
Zetter, supra note 2; Greenberg, supra note 5.
8
Zetter, supra note 2 (The “systems in Ukraine were . . . well-segmented from the control
center business networks with robust firewalls.”).
9
See id. (The Microsoft macro spear-phishing technique was “an old-school method from
the 90’s that attackers have recently revived in multiple attacks.”).
10
See id. (‘“This had to be a well-funded, well-trained team. . . . [B]ut it didn’t have to
be a nation-state.’ . . . It could have started out with cybercriminals getting initial access to
the network, then handing it off to nation-state attackers who did the rest.”).
11
Park, Summers & Walstrom, supra note 6.
12
Id.
2020] A UNITED NATIONS CONVENTION ON CYBERCRIME 191
to do much worse. What was once an infrequent and inconsequential private
phenomenon has evolved into a transnational criminal threat.
This comment will first demonstrate how cybercrime is being used today
to effect negative changes in global relations. This includes examples of
how cybercrime methods have been employed transnationally, and how they
can be used as a weapon of war, a tool of democratic destabilization, a new
hard power, and a toy for the powerful and petty. This comment will then
argue that a United Nations treaty criminalizing cybercrime is the most
appropriate international response to the current challenges. This comment
will propose the conduct to be criminalized by the treaty, offering the
specific provisions for certain cyber acts. Last, this comment will address
detracting arguments, showing that an international treaty is the best solution
to the cyber challenges currently being faced by individual countries. This
will include an examination of the necessary jurisdictional and enforcement
provisions. This comment concludes that collective security action is
necessary and will have an actual deterring effect on cybercrime.
II. BACKGROUND INFORMATION
A. The Growing Threat of Cybercrime
Over the course of a few decades, the internet has grown from an
unnecessary luxury to an essential part of life for many Americans.
13
In
2016, the United Nations reported through the findings of the International
Telecommunication Union (“ITU”) that forty-seven percent of people
around the world had access to the internet.
14
The ITU, a United Nations
specialized agency focusing on information and communication
technologies, has recognized disparities in internet access globally and aims
to increase worldwide access to sixty percent by 2020.
15
It is undeniable that
13
See Internet/Broadband Fact Sheet, PEW RESEARCH CENTER (June 12, 2019),
http://www.pewinternet.org/fact-sheet/internet-broadband/ [perma.cc/ZT8R-26PM] (In
2000, only 5 in 10 Americans used the internet. Today, nearly 9 out of 10 use the internet,
with 98% people aged 18 to 29 using the internet, and 97% of people from 30 to 49 years old
using the internet.).
14
See Int’l Telecomm. Union, Nearly 47 Per Cent of Global Population Now Online—
UN Report, UN NEWS (Sept. 15, 2016), https://news.un.org/en/story/2016/09/539112-nearly-
47-cent-global-population-now-online-un-report [https://perma.cc/U8CZ-34HS].
15
See Int’l Telecomm. Union, Connect 2030 Agenda, ITU,
https://www.itu.int/en/connect2020/Pages/default.aspx
To continue reading
Request your trial