Part 4 (1/2)
Israeli Retaliation.
Israel and its supporters have also partic.i.p.ated in this cyber conflict in a couple of ways. The Israeli government is behind an effort to recruit supporters who speak languages other than Hebrew-mostly new immigrants-to flood blogs with pro-Israel opinions. The Israel Defense Forces has hacked a television station belonging to Hamas. Supporters of Israel have also been hacking pro-Palestinian Facebook groups, using fake login pages and phis.h.i.+ng emails to collect the login details of group members.
According to the administrators of Gaza Hacker Team, pro-Israel activists are also pressuring hosting companies to cut off service to hacker websites. After the Gaza Hacker Team defaced the Kadima party website, they reported that their US-based hosting company denied them service after being subjected to ”Jewish” pressure.
Perhaps the most creative tactic employed by Israel's supporters is the development of a voluntary botnet. Developed by a group of Israeli hacktivists known as Help Israel Win, the distributed denial of service tool called Patriot is designed to attack anti-Israel websites.
Once installed and executed, Patriot opens a connection to a server hosted by Defenderhosting.com. It runs in the background of a PC and does not have a configurable user interface that would allow the user to control which sites to attack. Rather, the server at Defenderhosting.com likely updates the client with the IP addresses to target.
Help Israel Win describes itself as ”a group of students who are tired of sitting around doing nothing while the citizens of Sderot and the cities around the Gaza Strip are suffering.” Their stated goal is to create ”a project that unites the computer capabilities of many people around the world. Our goal is to use this power in order to disrupt our enemy's efforts to destroy the state of Israel.” The Help Israel Win website is registered to Ron Shalit of Haifa, Israel.
Control the Voice of the Opposition by Controlling the Content in Cybers.p.a.ce: Nigeria.
Cyber wars are not always fought between states or between nonstate actors; sometimes they are fought between a government and its political opponents. This is precisely the case in Nigeria, where the Information Minister Dora Akunyili, with the support of Nigeria's President Umaru Yar'adua, has launched a $5 million campaign to support and create government-friendly websites. The objective, according to a June 16, 2009, news report filed by Saharareporters, is ”to do everything to ensure that websites like yours (saharareporters.com) and others are stopped from taking root in Nigeria.”
Additionally, the plan calls for paying forum administrators to create discussion threads about topics created by Akunyili that will serve to cast the administration in the most favorable light.
A third plank of the plan accelerates the arrest and detention of opposition bloggers at airports or other entry points into Nigeria. Civil actions against negative posters could include the filing of a libel lawsuit against them by the government.
Are Nonstate Hackers a Protected a.s.set?.
It would seem so. Instances of prosecution of Russian or Chinese hackers involved in foreign website attacks are so few as to be statistically insignificant. A news article written by Xinhua News Agency writers Zhou Zhou and Yuan Ye ent.i.tled ”Experts: Web Security a pressing challenge in China” for China View (August 8, 2009) relates the pervasive security challenges China's online population, which numbers almost 340 million, faces. The only illegal acts prosecuted by the PRC are online attacks causing financial harm to China; for example, two men from Yanbian County in Jilin Province were recently arrested and prosecuted for breaking into online banking systems and stealing 2.36 million yuan ($345,269 US). All other types of attacks, according to Li Xiaodong, deputy director of the China Internet Network Information Center (CNNIC), fall into a ”grey area.”
Similarly, in the Russian Federation, the police are interested only in arresting hackers for financial crimes against Russian companies. Hacking attacks cloaked in nationalism are not only not prosecuted by Russian authorities, but they are encouraged through their proxies, the Russian youth a.s.sociations, and the Foundation for Effective Policy.
Chapter 3. The Legal Status of Cyber Warfare.
Although cyber warfare has been around for a decade or so, it still has not been well defined. As of this writing, there is no international treaty in place that establishes a legal definition for an act of cyber aggression. In fact, the entire field of international cyber law is still murky.
The NATO Cooperative Cyber Defense Centre of Excellence (CCDCOE) published a paper on the subject in November 2008 ent.i.tled ”Cyber Attacks Against Georgia: Legal Lessons Identified.” In it, the authors discuss possible applicability of the Law of Armed Conflict (LOAC) to the cyber attacks that occurred during the Russia-Georgia War of August 2008.
LOAC, also known as the International Humanitarian Law, relies on two primary rule groups: jus ad bellum and jus ad bello, which is Latin for ”justice to war” and ”justice in war,” respectively. In other words, there are rules for how a country proceeds to a state of war and, once there, for how it conducts its war effort.
On May 8, 2009, the head of the US Strategic Command, US Air Force General Kevin P. Chilton, was quoted in Stars and Stripes as saying ”[t]he Law of Armed Conflict will apply to this domain.” It is still unclear how many other nations will adopt that same approach, particularly the Russian Federation and the People's Republic of China.
Amit Sharma, deputy director of India's Ministry of Defense-Defense Research and Development Organization, prefers a different approach, one styled after the Mutually a.s.sured Destruction (MAD) model of nuclear deterrence: You can talk endlessly about the law of armed conflict, but a treaty would not be achieved. ... The only viable solution is one of cyber deterrence.
According to a June 27, 2009, New York Times article ent.i.tled ”US and Russia Differ on a Treaty for Cybers.p.a.ce”: Russia favors an international treaty along the lines of those negotiated for chemical weapons and has pushed for that approach at a series of meetings this year and in public statements by a high-ranking official.
The United States argues that a treaty is unnecessary. It instead advocates improved cooperation among international law enforcement groups. If these groups cooperate to make cybers.p.a.ce more secure against criminal intrusions, their work will also make cybers.p.a.ce more secure against military campaigns, American officials say.
These areas of dispute are reflected in the multiple faces of cyber aggression: Cyber attacks against government or critical civilian websites or networks without accompanying military force Cyber attacks against government or critical civilian websites or networks with accompanying military force Cyber attacks against internal political opponents Cyber intrusions into critical infrastructure and networks Acts of cyber espionage How many of these real-world attacks should be considered acts of cyber warfare? All? None? Only those that can be attributed directly to a nation-state?
The first thing to realize is that legally there is no such concept as an act of war, cyber or otherwise. The UN Charter lays out when a nation-state can use force in self-defense against an act of aggression, but it refers entirely to armed conflict. Other treaties may provide a better framework for establis.h.i.+ng definitions for cyber aggression, and these are thoroughly examined in a 2009 paper by Scott Shackleford ent.i.tled ”From Nuclear War to Net War: a.n.a.logizing Cyber Attacks in International Law,” published in the Berkeley Journal of International Law (BJIL), Vol 25 No 3.
Shackleford lists a few treaty regimes that may be useful in constructing an international cyber treaty: Nuclear nonproliferation treaties.
The Antarctic Treaty System and s.p.a.ce law.
United Nations Convention on the Law of the Sea (UNCLOS).
Mutual Legal a.s.sistance Treaties (MLAT).
Nuclear Nonproliferation Treaties.
Nuclear nonproliferation treaties are designed to limit the spread of nuclear weapons at the very earliest stages of development, i.e., at the nuclear reactor level. They were used most recently in Iran when it refused to fully cooperate with the International Atomic Energy Agency (IAEA).
Nonproliferation treaties work because the components of creating a nuclear device are highly restricted and closely monitored by the IAEA as well as by various governments that have their own agencies monitoring such activities (e.g., US Nuclear Emergency Support Team [NEST]).
Unfortunately, the genie is already out of the bottle when it comes to the components of cyber warfare. Everything that an attacker needs is in wide distribution and freely available or available at a reasonable price. That pretty much kills the effectiveness of any proposed nonproliferation-type treaty aimed at keeping states from engaging in or developing a cyber warfare capability.
While there has been some hyperbole on the part of military officials in Russia and the United States around the issue of scale and proportionality in response to a large-scale cyber attack,[2] neither nation has a policy to deal with it.
Can a cyber attack rise to the level of a nuclear attack? Not in and of itself, but a sufficiently large-scale cyber attack that takes down critical networks and in turn results in systemic failures of safety systems at nuclear power plants could have devastating consequences, including loss of life.*[2] For example, ”Russia retains the right to use nuclear weapons first against the means and forces of information warfare, and then against the aggressor state itself” (Col. V.I.Tsymbal, 1995); cyber warfare is ”a close third behind the proliferation of weapons of ma.s.s destruction and the use by terrorists of a nuclear, biological, or chemical weapon” (former CIA Director John Deutch, 1996).