The International Criminal Court (ICC) has confirmed that it was the target of a cyberattack last week, which resulted in the theft of confidential data from some of its staff members. The attack was discovered on September 14, 2023, and the ICC said it immediately took measures to contain the incident and secure its systems.
According to a statement from the ICC, the hackers gained access to the email accounts of some court officials and downloaded sensitive information, such as personal data, case files, and internal communications. The ICC did not disclose the exact number of affected accounts or the nature of the data stolen, but said it was working with the relevant authorities to investigate the incident and notify the affected individuals.
The ICC also said it was taking steps to prevent future attacks and enhance its cybersecurity posture. The court said it was conducting a comprehensive review of its security policies and procedures, as well as implementing additional measures to protect its data and systems. The ICC also urged its staff members to exercise caution and vigilance when using their email accounts and accessing online platforms.
The ICC is an international judicial body that investigates and prosecutes individuals for crimes against humanity, war crimes, genocide, and aggression. The court has jurisdiction over 123 countries that have ratified its founding treaty, the Rome Statute. The ICC is currently handling cases involving situations in Afghanistan, Bangladesh/Myanmar, Burundi, Central African Republic, Darfur (Sudan), Georgia, Kenya, Libya, Mali, Palestine, Uganda, and others.
The cyberattack on the ICC is a serious breach of international law and an attempt to undermine the work of the court and its staff. The hackers may have been motivated by political or ideological reasons, or by financial gain. The stolen data could be used for blackmail, extortion, propaganda, or sabotage purposes. The hackers could also try to sell the data to third parties who have an interest in influencing or disrupting the ICC’s activities.
The ICC should conduct a thorough forensic analysis of the attack and identify the source and methods of the hackers. The ICC should also cooperate with other international organizations and law enforcement agencies to track down and prosecute the perpetrators. The ICC should also review its security awareness and training programs for its staff members and educate them on how to detect and prevent phishing emails and other common cyber threats. The ICC should also implement strong encryption and authentication mechanisms for its data and systems, as well as backup and recovery plans in case of another attack.