Permanent Court of Arbitration website goes offline, with cyber-security firm contending that security flaw was exploited in concert with China-Philippines arbitration

The website of the Permanent Court of Arbitration, an institution that administers a significant number of investment treaty arbitrations, went offline last week and stayed offline until today. IAReporter have confirmed that the site came under attack earlier this month and that the site’s recent unavailability was tied to those attacks.

A source close to the PCA confirmed that the site went down following an attack, but the attack was characterized by this particular source in very general and vague terms.*

However, an unconfirmed report by a cyber-security intelligence firm, ThreatConnect, publicly alleges that the PCA website ( was not merely the subject of attacks, but was quietly breached and implanted with malicious code that then posed a potential risk to individuals who visited a specific webpage on the site devoted to the politically-contentious China-Philippines maritime boundary dispute.

Thus far, the PCA has not publicly commented on the report by ThreatConnect.

In a joint interview with IAReporter and The American Lawyer Magazine, the Chief Intelligence Officer at ThreatConnect, Rich Barger said that hackers seem to have laid a so-called “watering hole” trap on the PCA website, and then took advantage of those site visitors who were themselves vulnerable to infection as a result of a security flaw with the Adobe Flash Player software that had been publicly reported days earlier.

Mr. Barger says that hackers appear to have implanted a malicious Adobe Flash file into a PCA webpage devoted to the China-Philippines case on July 9th, as hearings in the China-Philippines case were ongoing. (The means by which this code was implanted is not clear). What is clearer, according to ThreatConnect, is that certain subsequent visitors to the compromised PCA page – those using PC computers with Windows operating systems and still running the vulnerable Adobe Flash software – may have been prone to an infection of their computer systems. Mr. Barger says that visitors landing on the affected page may have unwittingly downloaded malicious software onto their own computers.

This type of attack is often described as a “watering hole” attack, as the goal is to target individuals in a place where they are known to congregate. In this case, lawyers and others with an interest in the China-Philippines case would have visited the PCA case page for this arbitration.

ThreatConnect has alleged that the hacking was consistent in its timing and modus operandi with similar attacks undertaken by hackers with ties to the Chinese military.

Michael Goldhaber who reports on international law issues for The American Lawyer magazine has reported in more detail this morning on the PCA website issue.

Contemporaneous with The American Lawyer’s reporting earlier today, the PCA website appears to have come back online today.


* UPDATE, July 23, 2015: Due to an editing error, several words were missing from this sentence. We’ve since corrected the sentence. The added words appear in bold below:

“A source close to the PCA confirmed that the site went down following an attack, but the attack was characterized by this particular source in very general and vague terms.”