The computer systems of the International Criminal Court (ICC), the world’s most high-profile war tribunal, were hacked last week, according to a statement released by the court yesterday.
The tribunal said that its services detected “anomalous activity” affecting its information systems and that “immediate measures” were adopted to respond to this cybersecurity incident and to mitigate its impact.
The ICC, headquartered in The Hague, Netherlands, is the only permanent war crimes tribunal and handles extremely sensitive data about some of the world’s most horrific atrocities.
At this time, the nature of last week’s cybersecurity incident remains unclear and it’s not yet known whether any data held on the ICC’s systems was accessed or exfiltrated.
However a source told Dutch broadcaster NOS that a large number of sensitive documents have been captured, but the ICC has not confirmed this. A spokesperson for the court did not immediately respond to our request for comment.
The court did say however that it is currently investigating the incident in collaboration with Dutch authorities, and that it “continues to analyse and mitigate the impact of this incident.” It also added that it will build on its existing work to strengthen its cybersecurity framework, including increased adoption of cloud technology.
Established in 2002, the court is currently investigating crimes against humanity in 17 states including Ukraine, Uganda, Venezuela, and Afghanistan. For instance, in March 2023, the ICC issued an arrest warrant for Russian President Vladimir Putin concerning crimes linked to Russia’s invasion of Ukraine.
The Dutch intelligence agency said in its 2022 annual report that the ICC was “of interest to Russia because it is investigating possible Russian war crimes in Georgia and Ukraine.”
In August 2023, ICC Prosecutor Karim Khan warned that cyber attacks could be part of future war crimes investigations and that the ICC itself could be vulnerable and should strengthen its defences.
“In all probability this is a nation state attack [by Russia] happening just a week after the ICC established a field office in Kyiv to track Russian war crimes,” Jamie Moles, senior technical marketing manager at US-based cybersecurity firm ExtraHop, told TNW.
He continued: “It seems the ICC may have lost significant volumes of data in an attack, the details of which it refuses to disclose at this time. Too often we see institutions fail to properly secure their networks and data leading to breaches and stolen data. No one is exempt from bad actors, which is why every organisation should prepare to be attacked.”