FBI hacked by China
A recent computer intrusion that forced the FBI to shut down its computer network and disrupted FBI operations was traced to an e-mail containing malicious code that originated in China, according to FBI officials.
The forced shutdown of the network affected one significant FBI operation — the May 20 arrest of homegrown terrorism suspects in New York, said officials who spoke on condition of anonymity because they were not authorized to discuss the matter.
“The Chinese shut down our network,” said one FBI official familiar with assessments of the attack.
The FBI network disruptions followed a similar penetration of the Defense Department e-mail system used by Defense Secretary Robert M. Gates in 2007, which defense officials have said was traced to computer servers in China.
FBI spokesman Mike Kortan declined to address the suspected Chinese origin of the computer strike or its likely penetration through an e-mail attachment.
Chinese Embassy press spokeswoman Wei Xin said China has a “resolute policy of opposing and cracking down on cyber crimes including hacking, according to law.”
“Relevant authorities of the Chinese government attach great importance to cracking down on cyber crimes, and have strengthened cooperation with other countries and international organizations, including the Interpol on jointly fighting against crimes such as cross-border cyber attacks through bilateral consultation and cooperation,” she said.
Mr. Kortan referred Inside the Ring to an FBI statement issued May 29 in response to a New York Post report on the network disruption. The FBI stated that their network was shut down as a precaution and that e-mail traffic was “largely restored within 48 hours” after the detection of the malicious code.
“The external, unclassified network is generally used for routine communications and messages,” the statement said. “It is important to note that the FBI’s internal, classified network is where communications and email about sensitive and investigative matters take place and was never affected.”
However, a senior FBI official said the shutdown disrupted communications used during the May 20 raid in New York that netted a group of homegrown terrorists.
A second FBI official said that computer access by the entire agency and its thousands of officials was restricted for at least two weeks and was only restored to normal levels last week.
“Out of an abundance of caution, the FBI has temporarily self-imposed a limit on sending and receiving attachments on our external, unclassified network to give our technicians time to scan all the attachments that came into the e-mail system to make sure we have identified and mitigated all threats to the network,” the FBI statement said.
According to the officials, the computer network penetration occurred in early May after an FBI employee opened an attachment to an e-mail marked H1N1 in the subject line. The H1N1 virus is also known as the swine flu. It then permitted hackers some access to the FBI network that was not discovered until at least a week after the e-mail electronic infection.
The intrusion also affected the U.S. Marshals Service. several issues, including the decision not to define voluntary human shields as direct participants in hostilities. All 50 experts on the panel had agreed that civilians who act as voluntary human shields should fit within the definition, which would make them legitimate military targets.
The final report defines “civilians attempting to shield a military objective by their presence” as persons entitled to protection against direct attack. It states that the conduct of voluntary human shields “does not amount to direct participation in hostilities.”
One participant in the process said the ICRC decision might prevent military forces from targeting legitimate terrorist groups and their operations.
The participant, who spoke on condition of anonymity because he is not authorized to speak publicly on the matter, said the ICRC failed to further consult with the experts even though it knew the experts disagreed with the international organization on the issue.
“When the final report was circulated to the experts two weeks ago, it contained a major abandonment of key portions of the final draft agreed to by the experts,” he said.
The withdrawal of a total of 12 experts, many of whom are prominent international legal scholars, took place in the days before the report was released in June. “Those who did are the bigger names, too, practitioners rather than the academicians and NGOs — from Amnesty International, Human Rights Watch — who normally align with ICRC,” the participant said.
The experts’ group included lawyers from Britain, Germany, Canada, Belgium, Lebanon, Barbados, Switzerland, France, Netherlands, India, Tanzania, Argentina, and Israel.
The American participant said the ICRC decision was “inconsistent with U.S. federal court decisions, including U.S. Supreme Court decisions, domestic court decisions in other nations, decisions of the European Court of Human Rights, and state practice in international armed conflict.”
He said the ICRC’s failure to offer an accurate statement of existing law, notwithstanding advice to the contrary by the legal experts it enlisted, “was critical to my decision” not to support the report.
“I am disappointed that the ICRC chose to ignore the work and advice of the legal experts it enlisted and instead produced a political rather than legal document that as a consequence is an incomplete and inaccurate statement of the law.”
A Texas-based law professor said in an e-mail to the ICRC that he believed it was “substan- tially changing the conclusions offered by its experts.”
“I hereby withdraw authorization of identification or any other listing of me as a participant in the ICRC study that endeavored to define the treaty phrase ‘taking a direct part in hostilities’ in the 1977 Protocol I additional to the 1949 Geneva Conventions,” he wrote.
A Tel Aviv University law professor also withdrew his support for the ICRC saying he considered the final language as a “personal betrayal.” This professor said he had offered a compromise on the language identifying voluntary human shields as legitimate military targets if they were defined as having “membership in irregularly constituted armed groups — not belonging to any belligerent party.”
But, he said, “if you insist on proceeding with the publication of the present text, I must withdraw my name from the project.” He ultimately was among those who did.
A Dutch specialist on international criminal and humanitarian law closely involved in organizing the experts stated that his institute “has decided to take under review the question of whether [it] wishes to have its name associated in any way with the final document.”
A German professor also opposed the final ICRC report dropping references to voluntary civilian human shields and asked the ICRC to “delete my name from the list of participants.”
ICRC spokesman Florian Westphal said in an e-mail that the experts’ views “widely informed” the report, titled “Interpretive Guidance on the Notion of Direct Participation in Hostilities under International Humanitarian Law (IHL).”
However, “the aim of the Interpretive Guidance is not to reflect a unanimous view or majority opinion of the experts, but to provide the ICRC’s own recommendations as to how IHL relating to the notion of ‘direct participation in hostilities’ should be interpreted in contemporary armed conflict,” Mr. Westphal said.
The expert meetings were held under rules that prohibit identifying the members publicly, he said.
“The use of human shields constitutes a violation of IHL,” he stated. “The ICRC has condemned this practice in past and recent conflicts and will continue to do so in the future.”
The report came to a “nuanced conclusion” on what circumstances under which voluntar y human shields lose protection from attack, he said.
“There was no ‘betrayal’ [of the experts],” Mr. Westphal said.
“While the Interpretive Guidance is not legally binding, the ICRC hopes that it will be persuasive to states, nonstate actors, practitioners and academics alike and that, ultimately, it will help better protect the civilian population from the dangers of warfare,” he said.
Bill Gertz covers national security affairs. He can be reached at 202/636-3274, or at insidether firstname.lastname@example.org.