State responsibility for third-party cyberattacks in conditions of anonymity
DOI:
https://doi.org/10.31617/3.2025(140)03Keywords:
cyberattack, international legal responsibility, attribution, anonymity, non-state actors, cybersecurity.Abstract
The relevance of this research is determined by the rapid increase in the number of cyberattacks carried out indirectly via third-party actors (non-state groups or proxy actors) and the difficulties in holding states accountable for such actions under conditions of the anonymity of cyberspace. A hypothesis has been proposed that current norms of international law are insufficient for effective "proving the involvement" of a state in cyberattacks carried out by third parties, due to attribution issues and a lack of clear evidentiary standards. To verify the hypothesis, a methodology for analysing the international legal norms (including the draft articles on State responsibility for international legal violations of 2001, UN acts, etc.), precedents, and contemporary scientific publications on this issue has been applied. A comparative analysis of attribution criteria (the "effective control" vs. "overall control" doctrines) in classical international law and their application in cyberspace has been conducted. It has been confirmed that the anonymity and technical complexity of cyber operations create a "dilemma of normative failure" – that is, a situation in which states can effectively evade responsibility. It has been established that in order to hold state sponsors of cyberattacks accountable, it is necessary to improve legal mechanisms: to introduce clearer standards for proving involvement, to develop international cooperation in attribution, and to consider new criteria (such as the concept of "substantial support" in attribution). The obtained results contribute to the deepening of the theory of international legal responsibility in cyberspace and can be used to formulate policies and norms that will prevent the unpunished use of cyberspace for aggression.
References
Banks, W. C. (2021). Cyber attribution and state responsibility. International Law Studies, 97(1), 1039-1072. https://digital-commons.usnwc.edu/ils/vol97/iss1/43
Cheng, L., & Li, H. (2025). State responsibility in the context of cyberwarfare: dilemma identification and path reconstruction. https://www.degruyterbrill.com/document/doi/10.1515/ijld-2025-2005/html; https://doi.org/10.1515/ijld-2025-2005
European Court of Human Rights. (2007, July 12). Case of Jorgić v. Germany (Application no. 74613/01), Judgment. https://hudoc.echr.coe.int/app/conversion/docx/?library=ECHR&id=001-117698&filename=CASE%20OF%20JORGIC%20v.%20GERMANY%20-%20%5BUkrainian%20Translation%5D%20by%20the%20COE%20Human%20Rights%20Trust%20Fund.docx
International Court of Justice. (1986, June 27). Military and Paramilitary Activities in and against Nicaragua (Nicaragua v. United States of America). Merits Judgment. https://www.icj-cij.org/case/70
International Criminal Tribunal for the former Yugoslavia. (1999, July 15). Prosecutor v. Dusko Tadić. Appeals Chamber Judgment. https://www.icty.org/x/cases/tadic/acjug/en/tad-aj990715e.pdf
Levite, A. E., Lu, C., Perkovich, G., & Yang, F. (2022, March 28). Managing U.S. - China Tensions Over Public Cyber Attribution. Carnegie Endowment for International Peace. https://carnegieendowment.org/2022/03/28/managing-u.s.-china-tensions-over-public-cyber-attribution-pub-86693
Schmitt, M. (2021, June 10). The Sixth United Nations GGE and International Law in Cyberspace. https://www.justsecurity.org/76864/the-sixth-united-nations-gge-and-international-law-in-cyberspace/
Sepich, J. (2023, April 19). The evolution of cyber attribution. American University, Center for Security, Innovation & New Technology. https://www.american.edu/sis/centers/security-technology/the-evolution-of-cyber-attribution.cfm
The Hague Program for Cyber Norms. (n. d.). Cumulative Recommendations in the UN GGE Reports (2010-2015). https://www.thehaguecybernorms.nl/cumulative-recommendations-in-the-un-gge-reports
Tsagourias, N. (2024). Cyber Attribution Agencies: A Sceptical View. https://www.qil-qdi.org/cyber-attribution-agencies-a-sceptical-view/
United Nations General Assembly. (2001, July 26). Responsibility of States for Internationally Wrongful Acts: Titles and Texts of the Draft Articles. https://legal.un.org/ilc/texts/instruments/english/draft_articles/9_6_2001.pdf
Additional Files
Published
How to Cite
Issue
Section
License
This work is licensed under a Creative Commons Attribution 4.0 International License.
This work is licensed under a Creative Commons Attribution 4.0 International (CC BY 4.0)
