DOCSLIB.ORG

Icrc, Nato and the U.S. – Direct Participation in Hacktivities – Targeting Private Contractors and Civilians in Cyberspace Under International Humanitarian Law

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Icrc, Nato and the U.S. – Direct Participation in Hacktivities – Targeting Private Contractors and Civilians in Cyberspace Under International Humanitarian Law ICRC, NATO AND THE U.S. – DIRECT PARTICIPATION IN HACKTIVITIES – TARGETING PRIVATE CONTRACTORS AND CIVILIANS IN CYBERSPACE UNDER INTERNATIONAL HUMANITARIAN LAW IDO KILOVATY† ABSTRACT Cyber-attacks have become increasingly common and are an integral part of contemporary armed conflicts. With that premise in mind, the question arises of whether or not a civilian carrying out cyber-attacks during an armed conflict becomes a legitimate target under international humanitarian law. This paper aims to explore this question using three different analytical and conceptual frameworks while looking at a variety of cyber-attacks along with their subsequent effects. One of the core principles of the law of armed conflict is distinction, which states that civilians in an armed conflict are granted a set of protections, mainly the protection from direct attacks by the adversary, whereas combatants (or members of armed groups) and military objectives may become legitimate targets of direct attacks. Although civilians are generally protected from direct attacks, they can still become victims of an attack because they lose this protection “for such time as they take direct part in hostilities.”1 In other words, † Cyber Fellow at the Center for Global Legal Challenges, Yale Law School; Resident Fellow Information Society Project, Yale Law School; S.J.D. Candidate, Georgetown University Law Center. I would like to gratefully acknowledge the generous support of the Minerva Center for the Rule of Law under Extreme Conditions at the Faculty of Law and Department of Geography and Environmental Studies, University of Haifa, Israel and of the Israeli Ministry of Science, Technology and Space, who made this project possible. I am thankful for the comments and support of Prof. Amnon Reichman, Prof. Rosa Brooks, Prof. Alexa Freeman, Prof. Mary DeRosa, Adv. Ido Rosenzweig, and all the attendees of the cyber sessions at the University of Haifa, who were incredibly helpful in the process of writing this paper. 1 Protocol Additional to the Geneva Conventions of 12 August 1949, and relating to the Protection of Victims of International Armed Conflicts (Protocol I) art. 51(3), June 8, 1977, 1125 U.N.T.S. 3 [hereinafter AP I]. In the non-international armed conflict context, see Article 13(3) of the Protocol Additional to the Geneva Conventions of 12 August 1949, and relating to the Protection of Victims of Non- No. 1] DUKE LAW & TECHNOLOGY REVIEW 2 under certain circumstances, if a civilian decides to engage in hostile cyber activities (or “hacktivities”), they may well become a target of a direct lethal attack. I will argue that although the answer is highly nuanced and context dependent, the most salutary doctrinal revision that can be made in this area is that the threshold of harm must adapt to the particular intricacies of cyberspace. INTRODUCTION TO TARGETING IN MODERN CONFLICT In August 2015, a U.S. drone strike in Syria killed Junaid Hussain, a British hacker who was carrying out hostile cyber activities on behalf of ISIS.2 Hussain was believed to have a leading position in ISIS’ Cyber Caliphate, a hacking group that allegedly took control of US Central Command’s social media accounts. This group published U.S. soldiers’ and officers’ identifying information, such as their full names, addresses, and photos.3 Unlike other members of ISIS, Hussain only engaged in cyber activities which, although they were hostile, did not pose the same threat of imminent danger as the actual use of conventional military force. Hussain’s death represents the first time a hacker was lethally targeted. This article predicts that the practice of targeting hackers in the context of an armed conflict will only increase because cyber-attacks will become a more frequent and substantial phenomenon in armed conflicts. The crucial question in this regard is whether individuals like Hussain are legitimate targets under international humanitarian law (IHL) in armed conflict. The emergence of cyberspace as an instrument of warfare exacerbates the gaps and ambiguities that already exist within IHL. A particularly aggravating factor is the increased involvement of civilians in cyber-attacks. Civilians in modern armed conflicts can play an active role when it comes to cyber-attacks, as they serve as private contractors carrying out both offensive and defensive cyber operations.4 In addition to International Armed Conflicts (Protocol II), June 8 1977, 1125 U.N.T.S. 609 [hereinafter AP II]. 2 Spencer Ackerman, Ewan MacAskill & Alice Ross, Junaid Hussain: British Hacker for ISIS Believed Killed in US Air Strike, THE GUARDIAN (Aug. 27, 2015, 12:28 EDT), http://www.theguardian.com/world/2015/aug/27/junaid-hussain- british-hacker-for-isis-believed-killed-in-us-airstrike. 3 Julia Glum, ISIS Hacker Junaid Hussain Confirmed Dead After US Airstrike on Islamic State in Syria: Pentagon, INTERNATIONAL BUSINESS TIMES (Aug. 28, 2015, 2:52 PM), http://www.ibtimes.com/isis-hacker-junaid-hussain-confirmed- dead-after-us-airstrike-islamic-state-syria-2073451. 4 See Heather Harrison Dinniss, Cyber Warriors, Patriotic Hackers and the Laws of War, in INTERNATIONAL HUMANITARIAN LAW & THE CHANGING TECHNOLOGY 3 ICRC, NATO AND THE U.S. [Vol. 15 these private contractors, there are patriotic hackers who make similar contributions.5 While the traditional notion of an armed conflict includes members of regular armed forces (“combatants”), this paradigm is no longer the case on the modern battlefield due to the growing involvement of civilians in cyber hostilities. As Susan Brenner, a leading expert on cyber conflict, stated, the “integration of civilians into military efforts can create uncertainty as to whether someone is acting as a ‘civilian’ (noncombatant) or as a military actor (combatant).”6 After all, it is far easier to possess a computer with an active internet connection than a conventional weapon.7 This is because computer technology is readily accessible and carries a low cost of entry and use.8 In fact, in the aftermath of the cyber-attacks on Estonia in 2007, the Estonian government decided to recruit civilian volunteers to serve as “cyber warriors” should another major cyber-attack on Estonia occur.9 Sean Watts, Professor of Law at Creighton University, explained this phenomenon of the privatization of cyber operations by describing how today, many companies provide the expertise required for the development and employment of computer network attacks.10 The versatility of computers and cyberspace has caused difficulties for countries that wish to utilize computers militarily, while retaining their civilian properties. This is sometimes referred to as the OF WAR 269 (Dan Saxon ed., 2013) (noting that civilian contractors are increasingly involved in cyber hostilities). 5 Id. 6 SUSAN BRENNER, CYBERTHREATS, THE EMERGING FAULT LINES OF THE NATION STATE 197 (2009). 7 See Roger Barnett, A Different Kettle of Fish: Computer Network Attack, 76 J. INT’L. L. STUD. 1, 22 (2002) (stating that the “entry costs to conduct a strategic information attack are insignificant” and requite only “an inexpensive computer, some easily obtainable software, and a simple connection to the Internet.”). 8 See MARCO ROSCINI, CYBER OPERATIONS AND THE USE OF FORCE 202 (2014) (noting that the “low cost and ease of access to technology” allows civilians to easily conduct cyber operations). 9 David Blair, Estonia Recruits Volunteer Army of ‘Cyber Warriors’, THE TELEGRAPH (Apr. 26, 2015, 6:58 PM BST), http://www.telegraph.co.uk/news/ worldnews/europe/estonia/11564163/Estonia-recruits-volunteer-army-of-cyber- warriors.html. 10 See Sean Watts, Combatant Status and Computer Network Attack, 50 VA. J. INT’L L. 391, 402–03 (2010) (“Reports indicate that few information operations experts currently serve as active duty soldiers. Many private companies have employed the skills of those with expertise in the various weapons commonly used in [Computer Network Attacks].”). No. 1] DUKE LAW & TECHNOLOGY REVIEW 4 “dual-use” characteristic of cyberspace.11 Dual-use means that computer systems and networks may be used for legitimate, benign, civilian purposes, but at the same time, these systems and networks may be used by the military, or by civilians, for hostile purposes.12 While this characteristic is clear to countries, their civilians are often unaware of the potential consequences of their involvement in cyber operations in armed conflict, the importance of which may be life or death. Such was the case with Evgeny Morozov, who participated in the cyber operations against Georgia in 2008 – “Not knowing exactly how to sign up for a cyberwar, I started with an extensive survey of the Russian blogosphere… As I learned from this blog post, all I needed to do was to save a copy of a certain Web page to my hard drive and then open it in my browser. In less than an hour, I had become an Internet soldier. I didn’t receive any calls from Kremlin operatives; nor did I have to buy a Web server or modify my computer in any significant way.”13 The problem of civilians who directly participate in hostilities (DPH) is not particularly new. Yet even today, many find themselves unable to define the precise boundaries of the notion of DPH. Only in 2009 did the International Committee of the Red Cross (ICRC) publish the Interpretive Guidance on the Notion of Direct Participation of Hostilities (“Interpretive Guidance”), which attempted to deal with the phenomenon of civilians who decide to directly participate in hostilities and the legal 11 See Mary O’Connell, Cyber Security Without Cyber War, 17 J. CONFLICT & SECURITY L. 187, 205 (2012) (comparing cyberspace to other existing treaty regimes of arms control, noting that “[t]he international community has adopted treaties in other ‘dual-use’ areas that are analogous to cyber space, such as the Chemical Weapons Convention and the Nuclear Non-Proliferation Treaty. Both of these treaties seek to end any use or even possession of chemical or nuclear weapons while at the same time promoting legitimate non-military uses of chemicals and nuclear power”).
Load more

Recommended publications
  • 2016 8Th International Conference on Cyber Conflict: Cyber Power
    2016 8th International Conference on Cyber Conflict: Cyber Power N.Pissanidis, H.Rõigas, M.Veenendaal (Eds.) 31 MAY - 03 JUNE 2016, TALLINN, ESTONIA 2016 8TH International ConFerence on CYBER ConFlict: CYBER POWER Copyright © 2016 by NATO CCD COE Publications. All rights reserved. IEEE Catalog Number: CFP1626N-PRT ISBN (print): 978-9949-9544-8-3 ISBN (pdf): 978-9949-9544-9-0 CopyriGHT AND Reprint Permissions No part of this publication may be reprinted, reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording or otherwise, without the prior written permission of the NATO Cooperative Cyber Defence Centre of Excellence ([email protected]). This restriction does not apply to making digital or hard copies of this publication for internal use within NATO, and for personal or educational use when for non-profit or non-commercial purposes, providing that copies bear this notice and a full citation on the first page as follows: [Article author(s)], [full article title] 2016 8th International Conference on Cyber Conflict: Cyber Power N.Pissanidis, H.Rõigas, M.Veenendaal (Eds.) 2016 © NATO CCD COE Publications PrinteD copies OF THIS PUBlication are availaBLE From: NATO CCD COE Publications Filtri tee 12, 10132 Tallinn, Estonia Phone: +372 717 6800 Fax: +372 717 6308 E-mail: [email protected] Web: www.ccdcoe.org Head of publishing: Jaanika Rannu Layout: Jaakko Matsalu LEGAL NOTICE: This publication contains opinions of the respective authors only. They do not necessarily reflect the policy or the opinion of NATO CCD COE, NATO, or any agency or any government.
    [Show full text]
  • Hacking for ISIS: the Emergent Cyber Threat Landscape
    Hacking for ISIS: The Emergent Cyber Threat Landscape By Laith Alkhouri, Alex Kassirer, & Allison Nixon April 2016 Hacking For ISIS Contents Click on a title to navigate to the page Introduction ...........................................................................................................................................2 Cyber Caliphate ...................................................................................................................................3 Islamic State Hacking Division .......................................................................................................6 Islamic Cyber Army ............................................................................................................................9 Rabitat Al-Ansar ................................................................................................................................ 12 Sons Caliphate Army ...................................................................................................................... 15 United Cyber Caliphate .................................................................................................................. 17 Techniques, Tactics, & Procedures (TTPs) .............................................................................. 20 The Future of ISIS’s Cyber Capabilities .................................................................................... 24 Conclusion .........................................................................................................................................
    [Show full text]
  • Cyber Activities in the Syrian Conflict CSS CY
    CSS CYBER DEFENSE PROJECT Hotspot Analysis The use of cybertools in an internationalized civil war context: Cyber activities in the Syrian conflict Zürich, October 2017 Version 1 Risk and Resilience Team Center for Security Studies (CSS), ETH Zürich The use of cybertools in an internationalized civil war context: Cyber activities in the Syrian conflict Authors: Marie Baezner, Patrice Robin © 2017 Center for Security Studies (CSS), ETH Zürich Contact: Center for Security Studies Haldeneggsteig 4 ETH Zürich CH-8092 Zürich Switzerland Tel.: +41-44-632 40 25 [email protected] www.css.ethz.ch Analysis prepared by: Center for Security Studies (CSS), ETH Zürich ETH-CSS project management: Tim Prior, Head of the Risk and Resilience Research Group; Myriam Dunn Cavelty, Deputy Head for Research and Teaching; Andreas Wenger, Director of the CSS Disclaimer: The opinions presented in this study exclusively reflect the authors’ views. Please cite as: Baezner, Marie; Robin, Patrice (2017): Hotspot Analysis: The use of cybertools in an internationalized civil war context: Cyber activities in the Syrian conflict, October 2017, Center for Security Studies (CSS), ETH Zürich. 2 The use of cybertools in an internationalized civil war context: Cyber activities in the Syrian conflict Table of Contents 1 Introduction 5 2 Background and chronology 6 3 Description 9 3.1 Attribution and actors 9 Pro-government groups 9 Anti-government groups 11 Islamist groups 11 State actors 12 Non-aligned groups 13 3.2 Targets 13 3.3 Tools and techniques 14 Data breaches 14
    [Show full text]
  • Troll Hunting
    For my father, Brian, who taught me to love wor ds. Hell is empty, and all the devils are here. William Shakespeare, The Tempest, Act 1, Scene 2 THIS IS A work of nonfiction, researched and documented to the best of my ability. There were significant security risks in writing this book. I sought expert advice and wrote according to it. Therefore, some of the trolling syndicates mentioned within these pages have been given pseudonyms or go unnamed. Likewise, some of the trolls themselves are discussed only with a pseudonym. A few of the trolls who spoke to me behind the scenes are not named at all and others are composites or have been segmented. Some readers may be critical of the decision to provide anonymity for people who are hurting others so much. However, sometimes access to information comes at a cost – and, all things being equal, the trolls gave me great access. By the same token, some predator-troll victims are in physical danger. This is especially true where domestic violence is involved. In those cases, names and other identifying details may have been altered but the facts of the stories are unchanged. I have worked hard to quote all interviewees verbatim, but for the sake of readability have corrected some spelling errors and syntax. When I’m messaging with trolls in the United States, I use Australian spelling and they use American spelling. For authenticity, I’ve left this as is. This is a book about the internet and how it bleeds into real life. When quoting links and screenshots, I’ve aimed for accuracy.
    [Show full text]
  • A Cybersecurity Threat Model for a Combined Cyberattack Against Hospitals and Terrorist Attack in Spain
    A Cybersecurity Threat Model for a Combined Cyberattack against Hospitals and Terrorist Attack in Spain Oxford University - Universidad Autónoma de Madrid Project Report CONSULTANTS: Lucas Kello (Principal Consultant) Ivan Martinovic Martin Strohmeier Florian Egloff Academic Coordinator (UAM): Raquel Galindo Dorado A Cybersecurity Threat Model for a Combined Cyberattack against Hospitals and Terrorist Attack in Spain 1. INTRODUCTION This report is structured as follows: Section 2 will provide the necessary background on cybersecurity in the healthcare Hospital cybersecurity is a global concern. According sector. Section 3 discusses the capabilities and motivations to an investigation by Pulse magazine, health record of different threat actors while Section 4 presents the analysis security breaches in the United Kingdom’s at National of potential vulnerabilities in the reviewed hospitals in Health Service rose 20 percent in the last year. Data from Madrid. Section 5 compares the different IT infrastructure 55 hospitals indicated breaches included records dumped paradigms in terms of security and risk. In Section 6, a in public places, records given to the wrong patient and case study on large medical devices discusses the patching patient data given to relatives without permission. In 2015 process. Finally, Section 7 provides recommendations and alone, more than 94 million U.S. health records were concludes this report. compromised, costing affected institutions approximately $46 billion. According to Experian’s 2014 Data Breach Industry Forecast, the healthcare industry will be among 2. BACKGROUND the most susceptible industries to publicly disclosed and This section will discuss the current cybersecurity widely scrutinized data breaches.1 The October 2013 environment in the healthcare sector.
    [Show full text]
  • Cyber-Terrorism Activities Report No. 16 January
    ICT Cyber-Desk PERIODIC REVIEW Cyber-Terrorism Activities Report No. 16 January – March 2016 Highlights This report covers the period of January - March 2016 and covers two main subjects: cyber-terrorism (offensive, defensive, and the media, and the main topics of jihadist discourse) and cyber-crime, whenever and wherever it is linked to jihad (funding, methods of attack). The following are among the issues covered in this report: The continuing trend of publishing information security guidelines and recommendations, including information and recommendations for correct methods of operation and software manuals, or services with a high encryption or anonymity level. Terrorist organizations continue to publish information about the dangers of intelligence and law enforcement officials who operate on the Internet to search for and locate terrorism supporters. In addition, all supporters are called on to continue spreading the organizations’ messages and guidelines for proper work. Officials in jihadist organizations continue to spread Best Practice guidebooks on the Internet and guidelines for using software and applications to increase information security. These are mainly used to encrypt data on the device and/or for data trafficking and maintaining the anonymity of Internet users. In addition, manuals for video processing are found. As previously stated, in recent years organizations have been using a wide range of software in order to create visual content at a professional level. Terrorists and terrorism supporters continue to hack Internet sites, especially as part of defacement attacks. In January 2016, Islamic State activists tried to recruit hackers to hack into government databases for pay. In February 2016, a television interview in Lebanon reported the existence of a Shi’ite hacker group, affiliated with Hezbollah, named Kadimon (translation – we are coming).
    [Show full text]
  • Security Challenges
    Security Challenges Volume 13 Number 1 (2017) Security Challenges ISSN 1833 – 1459 EDITORS: Dr Greg Raymond Dr Andrew Carr Ian Henry Managing Editors [email protected] Robert Wylie Geoff Hunt Consulting Editor Defence Industry Policy Production Editor [email protected] [email protected] EDITORIAL BOARD: Robert Ayson Sam Bateman Rod Lyon Victoria University University of Wollongong ASPI Wellington, New Zealand Wollongong, Australia Canberra, Australia Leszek Buszynski Eliot Cohen Ralph Cossa Strategic and Defence John Hopkins University, Pacific Forum CSIS Studies Centre, Australian Washington, DC, USA Honolulu, Hawaii, USA National University Bates Gill Gerald Hensley Ramesh Thakur Professor of Strategic Studies Former Secretary of Defence Asia-Pacific College of Strategic & Defence Studies New Zealand Diplomacy, Australian Centre, Australian National National University University Andrew Mack Andrew O’Neill Rizal Sukma Simon Fraser University Director, Griffith Asia Institue, Centre for Strategic and Vancouver, Canada Griffith University, International Studies Brisbane, Australia Jakarta, Indonesia William Tow Akio Watanabe Department of International Research Institute for Peace Relations, Australian National and Security University Tokyo, Japan Project Management and Cover: Qote Canberra (02) 6162 1258 Published and distributed by: The KoKoda Foundation 2/10 Kennedy St (PO Box 4060), Kingston ACT 2604 T: (02) 6295 1555 F: (02) 6169 3019 E: [email protected] W: www.securitychallenges.org.au © The KoKoda Foundation. All rights reserved. Apart from any fair dealing for the purposes of private study, research, criticism or review as permitted by the Copyright Act, no part of this publication may be reproduced, stored, transmitted or disseminated in any form or by any means without prior written permission.
    [Show full text]
  • Cyber-Terrorism Activities Report No. 14 July – September 2015
    ICT Cyber-Desk PERIODIC REVIEW Cyber-Terrorism Activities Report No. 14 July – September 2015 International Institute for Counter Terrorism (ICT) Additional resources are available on the ICT Website: www.ict.org.il Highlights This report covers the period of July - September 2015 and covers two main subjects: cyber- terrorism (offensive, defensive, and the media, and the main topics of jihadist discourse) and cyber- crime, whenever and wherever it is linked to jihad (funding, methods of attack). The following are among the issues covered in this report: Islamic State supporters continued to publish and distribute guidebooks and informational materials on the topic of information security and maintaining anonymity online: “personal computer security”, “smart phone security”, how to post informational material on Twitter using several accounts simultaneously, how to inspect files and links infected with viruses, how to open a Twitter account without a cell phone number, how to use encrypted email, and more. During this period, we continued to see cooperation between players affiliated with the Islamic State, such as Cyber Caliphate, IS Hacking Division and ISIS Cyber Army, and hacker groups that began to identify with the organization. For instance, it was reported that a hacker named Ardit Ferizi stole personal details about US army and government personnel that he sent to members of the organization, who then leaked the information under the name “Cyber Caliphate”. Members and supporters of the Islamic State continued to hack Web sites and social networks, and leak the information obtained. During this period, we witnessed a “spam campaign” – a virtual campaign that called on Islamic State supporters to report Twitter accounts belonging to opponents of the organization as spam in order to have them closed.
    [Show full text]
  • Conflict in Cyberspace and International Law Ido Kilovaty a Thesis Submitted in Partial Fulfillment of the Requirements For
    Conflict in Cyberspace and International Law Ido Kilovaty A thesis submitted in partial fulfillment of the requirements for the degree of Doctor of Juridical Science (S.J.D.) at the Georgetown University Law Center 2017 1 Published as: Law journal publications Doxfare – Election Hacking as Prohibited Intervention 9 HARVARD NATIONAL SECURITY JOURNAL (Forthcoming Fall 2017) World Wide Web of Exploitations: The Case of Peacetime Cyber Espionage Operations Under International Law: Towards a Contextual Approach 18 COLUMBIA SCIENCE AND TECHNOLOGY LAW REVIEW 42 (2017) Virtual Violence – Disruptive Cyberspace Operations as "Attacks" under International Humanitarian Law 22 MICHIGAN TELECOMMUNICATION AND TECHNOLOGY LAW REVIEW 113 (2017) ICRC, NATO and the U.S. – Direct Participation in “Hacktivities” – Targeting Private Contractors in Cyberspace under the Law of Armed Conflict 15 DUKE LAW AND TECHNOLOGY REVIEW 1 (2016) Op-eds Want to Keep Hackers Out of Gadgets? Try International Law WIRED.COM (February 7, 2017). Violence in Cyberspace: Are Disruptive Cyberspace Operations Legal under International Humanitarian Law? JUST SECURITY (March 3, 2017). The Democratic National Committee Hack: Information as Interference JUST SECURITY (August 1, 2016). Will “Cyber Bonds” Mitigate Transnational Cyberspace Threats? JUST SECURITY (June 15, 2016). 2 ABSTRACT Conflict in Cyberspace and International Law Ido Kilovaty In this dissertation, through four separately published articles, I address several contentious questions with regard to offensive cyberspace capabilities and the role of international law in the digital era. Offensive cyberspace capabilities, which for clarity purposes I refer to as “cyber- attacks,” are operations in cyberspace that target the confidentiality, integrity, and availability (colloquially known as the CIA triad) of information technology systems.1 Throughout these four articles, I explore contemporary international law as it applies to cyber conflict.
    [Show full text]
  • Why the United States Needs a National Political Warfare Center and Regional Embassies
    Georgetown Security Studies Review 4:2 1 Georgetown Security Studies Review Volume 4, Number 2 June 2016 A Publication of the Center for Security Studies at Georgetown University’s Edmund A. Walsh School of Foreign Service http://gssr.georgetown.edu Georgetown Security Studies Review 4:2 2 GEORGETOWN SECURITY STUDIES REVIEW Published by the Center for Security Studies at Georgetown University’s Edmund A. Walsh School of Foreign Service Ashley L. Rhoades, Editor-in-Chief Devon Hill, Deputy Editor Jacob Goldstein, Associate Editor for Africa John Chen, Associate Editor for Asia Michael Sexton, Associate Editor for Cyber Security Joe Pedley, Associate Editor for Europe Brendan Kinslow, Associate Editor for the Middle East Morgan Byrne-Diakun, Associate Editor for National Security & the Military Access Georgetown Security Studies Review online at http://gssr.georgetown.edu Connect on Facebook at http://www.facebook.com/GeorgetownUniversityGSSR Follow GSSR on Twitter @gssreview Contact the Editor-in-Chief at [email protected] DISCLAIMER The views expressed in Georgetown Security Studies Review do not necessarily represent those of the editors or staff of GSSR, the Edmund A. Walsh School of Foreign Service, or Georgetown University. The editorial board of GSSR and our affiliated peer reviewers strive to verify the accuracy of all factual information contained in GSSR. However, the staffs of GSSR, the Edmund A. Walsh School of Foreign Service, and Georgetown University make no warranties or representations regarding the completeness or accuracy
    [Show full text]
  • Chapter 29 Cyber Attacks by Terrorists and Other Malevolent Actors
    Chapter 29 Cyber Attacks by Terrorists and other Malevolent Actors: Prevention and Preparedness With Three Case Studies on Estonia, Singapore, and the United States Shashi Jayakumar The field of cyberterrorism has existed for as a long as it has been possible to interdict or compromise computer systems. While contributions of scholars, researchers, and practitioners have enriched discussions, there are longstanding and unresolved issues of definition which can give rise to confusion. Does cyberterrorism mean attacks only by individuals groups that fall within widely accepted definitions of “terrorist” or “terrorist organizations?” To what degree does the aim or intention of the malicious actor matter? For the purposes of the present volume, this study (without sidestepping these questions) examines attacks against computer infrastructure and Critical Information Infrastructure (CII) by all actors with capability, and not just groups such as Al-Qaeda or ISIS. As the author notes and establishes early in his discussion, this is necessary given that while conventional terrorist groups might have intent, they have not to date acquired the capability to carry out a genuinely destructive cyber-attack of the type that might lead to major loss of life or infrastructural damage. It is (for the most part) states which have this capability. Cyber prevention and preparedness covers a wide range. This three-part chapter includes technical aspects of cyber protection, systems (and people) resilience, risk mitigation, as well as nurturing talent within
    [Show full text]
  • Virtual Space As an Area for Covert Terrorist Activities of Radical Islamists
    ТEME, г. XLV, бр. 1, јануар − март 2021, стр. 95−109 Прегледни рад https://doi.org/10.22190/TEME201119006T Примљено: 19. 11. 2020. UDK 323.28:28]:004.738.5 Ревидирана верзија: 5. 2. 2021. Одобрено за штампу: 26. 2. 2021. CYBERSECURITY – VIRTUAL SPACE AS AN AREA FOR COVERT TERRORIST ACTIVITIES OF RADICAL ISLAMISTS Darko Trifunović* University of Belgrade, Faculty of Security Studies, Belgrade, Serbia Abstract Over time, terrorism has evolved into different forms. One of the most dangerous is certainly cyber terrorism. There are many different motivations for terrorists to deploy cyber terrorism as a tool in their fight. Internet and computer networks are powerful resources on which contemporary society relies heavily. Terrorist groups have developed new tools and methods of the fight and they have become more effective, efficient, and unpredictable. Virtual, or cyberspace, is perfect and very safe ground for terrorist groups’ various activities, such are secret encrypted communication, file sharing, indoctrination and recruitment of vulnerable individuals, fundraising and promotions of their future actions and accomplishments spreading fear among common people. Are we adequately aware of these facts and prepared for countermeasures? The fact is that terrorists use mostly open- source tools (software) for their purposes, widely available and free of charge, as well as video games, popular social networks (mostly Twitter), and software developed by their programmers. The purpose of this paper is to point out some of the methods radical Islamic terrorist groups have been using and underline the importance of responding to this new security challenge. Key words: cyber terrorism, Islamic terrorists, Anonymous, steganography, the Islamic state.
    [Show full text]