Hacking for the State? : The Use of Private Persons in Cyber Attacks and State Responsibility

Abstract: While there are many examples to turn to regarding the thriving phenomenon of private persons being exploited to launch cyber attacks on behalf of states, this thesis will direct it’s attention onto two special cases. Russia has been accused of being the state actor behind the cyber attacks on Estonia in 2007 and Georgia in 2008. The cases are chosen as Estonia have been recognised as the first coordinated cyber attack on a foreign country, and Georgia being the first case were cyber attacks have been utilised in synchronisation with military action. The purpose of the thesis is to analyse the facts of each case in relation to the International Law Commission’s Draft Articles on Responsibility of States for Internationally Wrongful Acts (DARSIWA). The analysis will work through article 4, article 5, article 8 and article 11. The main question is how Russia may be hold as legally responsible under international law for the private conduct of ’patriotic’ hackers, the Nashi Youth Group and the Russian Business Network. The thesis concludes that while the circumstances of each case highly indicate state-involvement, this cannot be proven under the respective criterias of the articles and Russia does therefore not bear legal responsibility.