Illegal: The SolarWinds Hack under International Law-Reference-Cited by-同舟云学术

Illegal: The SolarWinds Hack under International Law

Published:2022-11-01 Issue:4 Volume:33 Page:1275-1286
ISSN:0938-5428
Container-title:European Journal of International Law
language:en
Short-container-title:

Author:

Coco Antonio¹²^ORCID,Dias Talita³⁴^ORCID,van Benthem Tsvetelina⁵⁶⁷

Affiliation:

1. Lecturer, School of Law, University of Essex , Colchester

2. Visiting Fellow, Oxford Institute for Ethics, Law and Armed Conflict, Blavatnik School of Government, University of Oxford (Oxford ELAC) , United Kingdom

3. Shaw Foundation Junior Research Fellow in Law, Jesus College, University of Oxford

4. Research Fellow, Oxford ELAC , United Kingdom

5. DPhil Candidate, Faculty of Law, University of Oxford

6. Lecturer in Public International Law, Department of Continuing Education, University of Oxford

7. Research Associate, Oxford ELAC , United Kingdom

Abstract

Abstract In late 2020, news surfaced about one of the most extensive attacks on an information technology (IT) supply chain to date. Hackers exploited a vulnerability in the update system of Orion, a network-monitoring and management software developed by the company SolarWinds. Malicious code embedded in Orion updates created a backdoor into the systems used by numerous private and public entities. This backdoor was then used to insert additional malware into affected systems – in particular, spyware to exfiltrate confidential or sensitive data. Considering both the importance of preserving the integrity of IT supply chains and the diverse risks of harm that attacks such as the SolarWinds hack give rise to, this article examines this cyber operation according to the relevant rules of international law – notably those on sovereignty, non-intervention, general due diligence duties and international human rights law. It concludes that the operation may have been illegal on multiple fronts.

Publisher

Oxford University Press (OUP)

Subject

Law,Political Science and International Relations

Link

https://academic.oup.com/ejil/article-pdf/33/4/1275/49332912/chac063.pdf

Cited by 5 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. Paralyzed or Compromised: A Case Study of Decisions in Cyber-Physical Systems;Lecture Notes in Computer Science;2024

2. Methodology of identifying customary international law applicable to cyber activities;Leiden Journal of International Law;2023-08-02

3. Limits on Information Operations Under International Law;2023 15th International Conference on Cyber Conflict: Meeting Reality (CyCon);2023-05-29

4. Knowledge mapping of resilience and human rights in supply chains: A roadmapping taxonomy for twin green and digital transition design;Frontiers in Environmental Science;2023-04-12

5. Not Illegal: The SolarWinds Incident and International Law;European Journal of International Law;2022-11-01