DOCSLIB.ORG

Understanding Cyber Security

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Understanding Cyber Security Understanding Cyber Conflict Dr. Panayotis A. Yannakogeorgos Dean Air Force Cyber College 1 The Character of Cyberspace The cyber domain includes more than just the Internet, but all things relevant within cyberspace require some type of connectivity or networking. The Internet is the manifestation of networking theory on a global scale. Cyberspace has national borders, the same as every other domain. In the cyber domain, at no time is the military likely to be in complete control of the battlespace. Civilians will be a part of cyberwar, likely as victims whose computers will be placed at risk, but equally likely, they will be cyberwar participants. Source: JP 3-12(R) Modern Hacking Tactics and the `Cyber Terrain So who actually owns the Internet? There are two answers to this question: 1. Nobody 2. Lots of people • APT1 maintained access to victim networks for an average of 356 days. The longest time period APT1 maintained access to a victim’s network was 1,764 days, or four years and ten months. • In the last two years we have observed APT1 establish a minimum of 937 Command and Control (C2) servers hosted on 849 distinct IP addresses in 13 countries. 3 Spectrum of Operations in Cyberspace Access/Exploitation Deletions/Denial of Service/Disruption/Digital Damage Physical Effect Digital intelligence Interrupt the flow of information or function of information Results in physical damage or systems without physical damage or injury destruction, injury or death Spectrum adapted from US Cyber Command, 2013 Cyber Threat Actors • Hacktivists • Criminals • Spies • Terrorists • Militaries 5 Breakdown of Noteworthy Cyber Attacks in 2015 Tracked by Hackmageddon.com http://www.hackmageddon.com/2016/01/11/2015-cyber-attacks-statistics/ 6 Hacktivists • Operates anonymously and globally • Objectives – Entertainment – laughs – Freedom, transparency, anti-corruption, etc. • Unorganized, but blend of anarchy and power circles with factions and splintering – Often regional and issue related factions • Targets are global and have included – Governments/countries – Businesses – Terrorists, especially ISIS – Competing hacktivists – Pedophiles 7 Criminals • Bangladesh Central Bank Heist • Criminals tried to withdraw $951 million from the bank’s US account with the Federal Reserve, which is used for international settlements • Criminals used stolen Bangladesh Bank credentials and ran malware on bank’s system to cover up tracks • 35 requests were made for money transfers • 81 million successfully moved to casinos in the Philippines Feb 4-5, 2016 • Transfers stopped when Deutsche Bank detected typo in a $20 million transfer to Sri Lankan organization Shalika Foundation (misspelled as “Fandation”) • Philippines froze $68 million of stolen funds 8 Terrorists • Junaid Hussain [TriCk] was involved in recruiting ISIL sympathizers • Had significant technical skills and expressed a strong desire to kill Americans • Compiled and published names, email addresses, phone numbers of US military and government staff urging lone wolves to “act and kill” • Sent terror guidebooks including bomb-making instructions and information about domestic terror plots in the UK 9 Spies & Militaries FANCY BEAR’s profile closely mirrors the strategic 2010 Military Doctrine: interests of the Russian government, and may “integrated use of military indicate affiliation with Главное Разведывательное force and non-military Управление (Main Intelligence Department) or GRU, capabilities, and a greater role for information warfare” Russia’s premier military intelligence service. https://www.crowdstrike.com/blog/who-is-fancy- bear/ Indicted on cyber espionage 2011 Defense White Paper: “combat capability to win charges Chinese military officers local wars in conditions of from left to right informationization” Gu Chunhui, Huang Zhenyu, Sun Kailiang, Wang Dong, and Wen Xinyu 2012 Supreme Council of Cyberspace tasked with the coordination of national cyberwarfare 10 Actors and Authorities 11 Onion Routing 12 Complexity of Response Hypothetical example for educational use. What is a Vulnerability? How do they Relate to Threats? . Vulnerability - Weakness in an information system, system security procedures, internal controls, or implementation that could be exploited by a threat source . Threat - Any circumstance or event with the potential to adversely impact organizational operations (including mission, functions, image, or reputation), organizational assets, individuals, other organizations, or the Nation through an information system via unauthorized access, destruction, disclosure, modification of information, and/or denial of service . Threat source - The intent and method targeted at the intentional exploitation of a vulnerability or a situation and method that may accidentally exploit a vulnerability Source: Glossary definitions (Committee on National Security Systems, 2010) 14 Most hackers use posted vulnerabilities in pre-programmed exploit packages for their attacks. [HBGary’s Law]. Source: 2015 Verizon Data Breach Report Anatomy of a Takeover Target Install Target Victims Services Collect Data Initiate Effect Malware (Intranet, etc.) Malware Types • Trojan horse • Exploit or exploit code/kit – Deceptive – Exploits security vulnerabilities • Virus • Backdoor – Attach to objects; spread w. objects – Gives attacker access to system • Worm • Remote access tool (RAT) – Spread (semi-)autonomously – Gives attacker remote control • Logic bomb / time bomb • Rootkit – Triggered by some condition – Contains backdoors & Trojans • Spyware • Sniffer – Scoops up data – Intercepts packets on network • Keylogger • Downloader/Dropper – Records keystrokes – Downloads/installs malware • Scareware • Wiper – Purports to be needed security tool – Destroys data on disk • Ransomware • Ram scraper – Encrypts & holds data hostage or locks – Steals payment data from POS RAM screen 17 “Spearphishing” • With the information that can be found about us and our coworkers on the Internet, hackers can craft a very believable malware laden email. • Spoofing email addresses (or using email from a compromised system) is not hard. – If you received an email from the director of your department, would you open it? – Would you open the PDF document, or follow the URL to get registration information for an upcoming conference you plan to attend? – If you weren’t sure if the email was legitimate would you follow up using a separate line of communication to confirm the email’s authenticity? 18 Watering Holes https://www.google.com/transparencyreport/safebrowsing 19 Syrian Electronic Army (SEA) Phishing Attack on Associated Press What user saw – not actual link 20 Ransomware A type of malware that attempts to extort money by taking control of a victim’s computer or infecting the files and documents stored on it. CryptoDefense Ransom Demand Locky Recovery Instructions 21 Point of Sale This vector compromises POS terminals where customers swipe a payment card at a checkout counter. RAM (Remote Access Memory) scrapper malware is installed on a POS device: • Captures payment card data while processed in memory before it is encrypted for storage or transmission. Data used to manufacture counterfeit cards • The data is written to a text file which is Often discovery of the breach does later sent to an offsite server. not occur until the criminals are noticed to be using the data for illicit • This credit or debit card data is offered purposes by law enforcement or for sale on the black market. fraud detection entities. 22 Point of Sale Attack (Target Corporation) The retail giant Target confirmed some 70 million customer credit and debit accounts were compromised in December 2013. Account numbers, expiration dates, cardholder names and credit verification value (CVV) were compromised plus encrypted debit card PINs were stolen. • Attackers installed a Hybrid of Kaptoxa and Reedum malware on Point of Service (card reader) machines. • Both derived from BlackPOS sold on crime forums for only $2,300 – designed to bypass firewall software. • The PINs are encrypted with Triple-DES (Data Encryption Standard) – somewhat vulnerable to brute force cracking. two weeks. Data Breach costs $61M in expenses and resulted in loss of $700M of revenue from loss of consumer confidence to shop at Target. 23 Exploitation of Data • The second-biggest health insurer in the United States detected a breach on 29 Jan 2015 of a database containing personal information for 80 million customers and employees • The breach exposed names, birthdays, addresses and Social Security Numbers but not medical information or financial account numbers. – Private health data used for extortion, fraud or identity theft. – Not clear how hackers obtained systems admin privileges – Hacked data tracked to an outside Web-storage service. – Changing corporate attitude about rapid disclosures. 24 Modern Botnets • Networks of compromised devices (zombies, drones) acting as cyber robots (bots) – Devices are put under the command and control (C2) of the botnet herder/owner – C2 servers issue commands to bots • Botnets are used for – Spam – Distributed denial of service (DDoS) attacks – Stealing data – often sold in Bot Chop Shops – Fraud – e.g., click fraud and pay per install fraud – Computational tasks such as bitcoin mining • Botnets are taken down by taking down their C2 – Often multinational efforts Size of DDoS Attacks 2014: 20% reported attacks over 50 Gbps 2015: 25% reported attacks over 100 Gbps Arbor Networks, Worldwide Infrastructure Security Report 2015 26 Dyn DDOS
Load more

Recommended publications
  • 2016 8Th International Conference on Cyber Conflict: Cyber Power
    2016 8th International Conference on Cyber Conflict: Cyber Power N.Pissanidis, H.Rõigas, M.Veenendaal (Eds.) 31 MAY - 03 JUNE 2016, TALLINN, ESTONIA 2016 8TH International ConFerence on CYBER ConFlict: CYBER POWER Copyright © 2016 by NATO CCD COE Publications. All rights reserved. IEEE Catalog Number: CFP1626N-PRT ISBN (print): 978-9949-9544-8-3 ISBN (pdf): 978-9949-9544-9-0 CopyriGHT AND Reprint Permissions No part of this publication may be reprinted, reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording or otherwise, without the prior written permission of the NATO Cooperative Cyber Defence Centre of Excellence ([email protected]). This restriction does not apply to making digital or hard copies of this publication for internal use within NATO, and for personal or educational use when for non-profit or non-commercial purposes, providing that copies bear this notice and a full citation on the first page as follows: [Article author(s)], [full article title] 2016 8th International Conference on Cyber Conflict: Cyber Power N.Pissanidis, H.Rõigas, M.Veenendaal (Eds.) 2016 © NATO CCD COE Publications PrinteD copies OF THIS PUBlication are availaBLE From: NATO CCD COE Publications Filtri tee 12, 10132 Tallinn, Estonia Phone: +372 717 6800 Fax: +372 717 6308 E-mail: [email protected] Web: www.ccdcoe.org Head of publishing: Jaanika Rannu Layout: Jaakko Matsalu LEGAL NOTICE: This publication contains opinions of the respective authors only. They do not necessarily reflect the policy or the opinion of NATO CCD COE, NATO, or any agency or any government.
    [Show full text]
  • Hacking for ISIS: the Emergent Cyber Threat Landscape
    Hacking for ISIS: The Emergent Cyber Threat Landscape By Laith Alkhouri, Alex Kassirer, & Allison Nixon April 2016 Hacking For ISIS Contents Click on a title to navigate to the page Introduction ...........................................................................................................................................2 Cyber Caliphate ...................................................................................................................................3 Islamic State Hacking Division .......................................................................................................6 Islamic Cyber Army ............................................................................................................................9 Rabitat Al-Ansar ................................................................................................................................ 12 Sons Caliphate Army ...................................................................................................................... 15 United Cyber Caliphate .................................................................................................................. 17 Techniques, Tactics, & Procedures (TTPs) .............................................................................. 20 The Future of ISIS’s Cyber Capabilities .................................................................................... 24 Conclusion .........................................................................................................................................
    [Show full text]
  • Cyber Activities in the Syrian Conflict CSS CY
    CSS CYBER DEFENSE PROJECT Hotspot Analysis The use of cybertools in an internationalized civil war context: Cyber activities in the Syrian conflict Zürich, October 2017 Version 1 Risk and Resilience Team Center for Security Studies (CSS), ETH Zürich The use of cybertools in an internationalized civil war context: Cyber activities in the Syrian conflict Authors: Marie Baezner, Patrice Robin © 2017 Center for Security Studies (CSS), ETH Zürich Contact: Center for Security Studies Haldeneggsteig 4 ETH Zürich CH-8092 Zürich Switzerland Tel.: +41-44-632 40 25 [email protected] www.css.ethz.ch Analysis prepared by: Center for Security Studies (CSS), ETH Zürich ETH-CSS project management: Tim Prior, Head of the Risk and Resilience Research Group; Myriam Dunn Cavelty, Deputy Head for Research and Teaching; Andreas Wenger, Director of the CSS Disclaimer: The opinions presented in this study exclusively reflect the authors’ views. Please cite as: Baezner, Marie; Robin, Patrice (2017): Hotspot Analysis: The use of cybertools in an internationalized civil war context: Cyber activities in the Syrian conflict, October 2017, Center for Security Studies (CSS), ETH Zürich. 2 The use of cybertools in an internationalized civil war context: Cyber activities in the Syrian conflict Table of Contents 1 Introduction 5 2 Background and chronology 6 3 Description 9 3.1 Attribution and actors 9 Pro-government groups 9 Anti-government groups 11 Islamist groups 11 State actors 12 Non-aligned groups 13 3.2 Targets 13 3.3 Tools and techniques 14 Data breaches 14
    [Show full text]
  • Troll Hunting
    For my father, Brian, who taught me to love wor ds. Hell is empty, and all the devils are here. William Shakespeare, The Tempest, Act 1, Scene 2 THIS IS A work of nonfiction, researched and documented to the best of my ability. There were significant security risks in writing this book. I sought expert advice and wrote according to it. Therefore, some of the trolling syndicates mentioned within these pages have been given pseudonyms or go unnamed. Likewise, some of the trolls themselves are discussed only with a pseudonym. A few of the trolls who spoke to me behind the scenes are not named at all and others are composites or have been segmented. Some readers may be critical of the decision to provide anonymity for people who are hurting others so much. However, sometimes access to information comes at a cost – and, all things being equal, the trolls gave me great access. By the same token, some predator-troll victims are in physical danger. This is especially true where domestic violence is involved. In those cases, names and other identifying details may have been altered but the facts of the stories are unchanged. I have worked hard to quote all interviewees verbatim, but for the sake of readability have corrected some spelling errors and syntax. When I’m messaging with trolls in the United States, I use Australian spelling and they use American spelling. For authenticity, I’ve left this as is. This is a book about the internet and how it bleeds into real life. When quoting links and screenshots, I’ve aimed for accuracy.
    [Show full text]
  • A Cybersecurity Threat Model for a Combined Cyberattack Against Hospitals and Terrorist Attack in Spain
    A Cybersecurity Threat Model for a Combined Cyberattack against Hospitals and Terrorist Attack in Spain Oxford University - Universidad Autónoma de Madrid Project Report CONSULTANTS: Lucas Kello (Principal Consultant) Ivan Martinovic Martin Strohmeier Florian Egloff Academic Coordinator (UAM): Raquel Galindo Dorado A Cybersecurity Threat Model for a Combined Cyberattack against Hospitals and Terrorist Attack in Spain 1. INTRODUCTION This report is structured as follows: Section 2 will provide the necessary background on cybersecurity in the healthcare Hospital cybersecurity is a global concern. According sector. Section 3 discusses the capabilities and motivations to an investigation by Pulse magazine, health record of different threat actors while Section 4 presents the analysis security breaches in the United Kingdom’s at National of potential vulnerabilities in the reviewed hospitals in Health Service rose 20 percent in the last year. Data from Madrid. Section 5 compares the different IT infrastructure 55 hospitals indicated breaches included records dumped paradigms in terms of security and risk. In Section 6, a in public places, records given to the wrong patient and case study on large medical devices discusses the patching patient data given to relatives without permission. In 2015 process. Finally, Section 7 provides recommendations and alone, more than 94 million U.S. health records were concludes this report. compromised, costing affected institutions approximately $46 billion. According to Experian’s 2014 Data Breach Industry Forecast, the healthcare industry will be among 2. BACKGROUND the most susceptible industries to publicly disclosed and This section will discuss the current cybersecurity widely scrutinized data breaches.1 The October 2013 environment in the healthcare sector.
    [Show full text]
  • Cyber-Terrorism Activities Report No. 16 January
    ICT Cyber-Desk PERIODIC REVIEW Cyber-Terrorism Activities Report No. 16 January – March 2016 Highlights This report covers the period of January - March 2016 and covers two main subjects: cyber-terrorism (offensive, defensive, and the media, and the main topics of jihadist discourse) and cyber-crime, whenever and wherever it is linked to jihad (funding, methods of attack). The following are among the issues covered in this report: The continuing trend of publishing information security guidelines and recommendations, including information and recommendations for correct methods of operation and software manuals, or services with a high encryption or anonymity level. Terrorist organizations continue to publish information about the dangers of intelligence and law enforcement officials who operate on the Internet to search for and locate terrorism supporters. In addition, all supporters are called on to continue spreading the organizations’ messages and guidelines for proper work. Officials in jihadist organizations continue to spread Best Practice guidebooks on the Internet and guidelines for using software and applications to increase information security. These are mainly used to encrypt data on the device and/or for data trafficking and maintaining the anonymity of Internet users. In addition, manuals for video processing are found. As previously stated, in recent years organizations have been using a wide range of software in order to create visual content at a professional level. Terrorists and terrorism supporters continue to hack Internet sites, especially as part of defacement attacks. In January 2016, Islamic State activists tried to recruit hackers to hack into government databases for pay. In February 2016, a television interview in Lebanon reported the existence of a Shi’ite hacker group, affiliated with Hezbollah, named Kadimon (translation – we are coming).
    [Show full text]
  • Security Challenges
    Security Challenges Volume 13 Number 1 (2017) Security Challenges ISSN 1833 – 1459 EDITORS: Dr Greg Raymond Dr Andrew Carr Ian Henry Managing Editors [email protected] Robert Wylie Geoff Hunt Consulting Editor Defence Industry Policy Production Editor [email protected] [email protected] EDITORIAL BOARD: Robert Ayson Sam Bateman Rod Lyon Victoria University University of Wollongong ASPI Wellington, New Zealand Wollongong, Australia Canberra, Australia Leszek Buszynski Eliot Cohen Ralph Cossa Strategic and Defence John Hopkins University, Pacific Forum CSIS Studies Centre, Australian Washington, DC, USA Honolulu, Hawaii, USA National University Bates Gill Gerald Hensley Ramesh Thakur Professor of Strategic Studies Former Secretary of Defence Asia-Pacific College of Strategic & Defence Studies New Zealand Diplomacy, Australian Centre, Australian National National University University Andrew Mack Andrew O’Neill Rizal Sukma Simon Fraser University Director, Griffith Asia Institue, Centre for Strategic and Vancouver, Canada Griffith University, International Studies Brisbane, Australia Jakarta, Indonesia William Tow Akio Watanabe Department of International Research Institute for Peace Relations, Australian National and Security University Tokyo, Japan Project Management and Cover: Qote Canberra (02) 6162 1258 Published and distributed by: The KoKoda Foundation 2/10 Kennedy St (PO Box 4060), Kingston ACT 2604 T: (02) 6295 1555 F: (02) 6169 3019 E: [email protected] W: www.securitychallenges.org.au © The KoKoda Foundation. All rights reserved. Apart from any fair dealing for the purposes of private study, research, criticism or review as permitted by the Copyright Act, no part of this publication may be reproduced, stored, transmitted or disseminated in any form or by any means without prior written permission.
    [Show full text]
  • Cyber-Terrorism Activities Report No. 14 July – September 2015
    ICT Cyber-Desk PERIODIC REVIEW Cyber-Terrorism Activities Report No. 14 July – September 2015 International Institute for Counter Terrorism (ICT) Additional resources are available on the ICT Website: www.ict.org.il Highlights This report covers the period of July - September 2015 and covers two main subjects: cyber- terrorism (offensive, defensive, and the media, and the main topics of jihadist discourse) and cyber- crime, whenever and wherever it is linked to jihad (funding, methods of attack). The following are among the issues covered in this report: Islamic State supporters continued to publish and distribute guidebooks and informational materials on the topic of information security and maintaining anonymity online: “personal computer security”, “smart phone security”, how to post informational material on Twitter using several accounts simultaneously, how to inspect files and links infected with viruses, how to open a Twitter account without a cell phone number, how to use encrypted email, and more. During this period, we continued to see cooperation between players affiliated with the Islamic State, such as Cyber Caliphate, IS Hacking Division and ISIS Cyber Army, and hacker groups that began to identify with the organization. For instance, it was reported that a hacker named Ardit Ferizi stole personal details about US army and government personnel that he sent to members of the organization, who then leaked the information under the name “Cyber Caliphate”. Members and supporters of the Islamic State continued to hack Web sites and social networks, and leak the information obtained. During this period, we witnessed a “spam campaign” – a virtual campaign that called on Islamic State supporters to report Twitter accounts belonging to opponents of the organization as spam in order to have them closed.
    [Show full text]
  • Conflict in Cyberspace and International Law Ido Kilovaty a Thesis Submitted in Partial Fulfillment of the Requirements For
    Conflict in Cyberspace and International Law Ido Kilovaty A thesis submitted in partial fulfillment of the requirements for the degree of Doctor of Juridical Science (S.J.D.) at the Georgetown University Law Center 2017 1 Published as: Law journal publications Doxfare – Election Hacking as Prohibited Intervention 9 HARVARD NATIONAL SECURITY JOURNAL (Forthcoming Fall 2017) World Wide Web of Exploitations: The Case of Peacetime Cyber Espionage Operations Under International Law: Towards a Contextual Approach 18 COLUMBIA SCIENCE AND TECHNOLOGY LAW REVIEW 42 (2017) Virtual Violence – Disruptive Cyberspace Operations as "Attacks" under International Humanitarian Law 22 MICHIGAN TELECOMMUNICATION AND TECHNOLOGY LAW REVIEW 113 (2017) ICRC, NATO and the U.S. – Direct Participation in “Hacktivities” – Targeting Private Contractors in Cyberspace under the Law of Armed Conflict 15 DUKE LAW AND TECHNOLOGY REVIEW 1 (2016) Op-eds Want to Keep Hackers Out of Gadgets? Try International Law WIRED.COM (February 7, 2017). Violence in Cyberspace: Are Disruptive Cyberspace Operations Legal under International Humanitarian Law? JUST SECURITY (March 3, 2017). The Democratic National Committee Hack: Information as Interference JUST SECURITY (August 1, 2016). Will “Cyber Bonds” Mitigate Transnational Cyberspace Threats? JUST SECURITY (June 15, 2016). 2 ABSTRACT Conflict in Cyberspace and International Law Ido Kilovaty In this dissertation, through four separately published articles, I address several contentious questions with regard to offensive cyberspace capabilities and the role of international law in the digital era. Offensive cyberspace capabilities, which for clarity purposes I refer to as “cyber- attacks,” are operations in cyberspace that target the confidentiality, integrity, and availability (colloquially known as the CIA triad) of information technology systems.1 Throughout these four articles, I explore contemporary international law as it applies to cyber conflict.
    [Show full text]
  • Why the United States Needs a National Political Warfare Center and Regional Embassies
    Georgetown Security Studies Review 4:2 1 Georgetown Security Studies Review Volume 4, Number 2 June 2016 A Publication of the Center for Security Studies at Georgetown University’s Edmund A. Walsh School of Foreign Service http://gssr.georgetown.edu Georgetown Security Studies Review 4:2 2 GEORGETOWN SECURITY STUDIES REVIEW Published by the Center for Security Studies at Georgetown University’s Edmund A. Walsh School of Foreign Service Ashley L. Rhoades, Editor-in-Chief Devon Hill, Deputy Editor Jacob Goldstein, Associate Editor for Africa John Chen, Associate Editor for Asia Michael Sexton, Associate Editor for Cyber Security Joe Pedley, Associate Editor for Europe Brendan Kinslow, Associate Editor for the Middle East Morgan Byrne-Diakun, Associate Editor for National Security & the Military Access Georgetown Security Studies Review online at http://gssr.georgetown.edu Connect on Facebook at http://www.facebook.com/GeorgetownUniversityGSSR Follow GSSR on Twitter @gssreview Contact the Editor-in-Chief at [email protected] DISCLAIMER The views expressed in Georgetown Security Studies Review do not necessarily represent those of the editors or staff of GSSR, the Edmund A. Walsh School of Foreign Service, or Georgetown University. The editorial board of GSSR and our affiliated peer reviewers strive to verify the accuracy of all factual information contained in GSSR. However, the staffs of GSSR, the Edmund A. Walsh School of Foreign Service, and Georgetown University make no warranties or representations regarding the completeness or accuracy
    [Show full text]
  • Icrc, Nato and the U.S. – Direct Participation in Hacktivities – Targeting Private Contractors and Civilians in Cyberspace Under International Humanitarian Law
    ICRC, NATO AND THE U.S. – DIRECT PARTICIPATION IN HACKTIVITIES – TARGETING PRIVATE CONTRACTORS AND CIVILIANS IN CYBERSPACE UNDER INTERNATIONAL HUMANITARIAN LAW IDO KILOVATY† ABSTRACT Cyber-attacks have become increasingly common and are an integral part of contemporary armed conflicts. With that premise in mind, the question arises of whether or not a civilian carrying out cyber-attacks during an armed conflict becomes a legitimate target under international humanitarian law. This paper aims to explore this question using three different analytical and conceptual frameworks while looking at a variety of cyber-attacks along with their subsequent effects. One of the core principles of the law of armed conflict is distinction, which states that civilians in an armed conflict are granted a set of protections, mainly the protection from direct attacks by the adversary, whereas combatants (or members of armed groups) and military objectives may become legitimate targets of direct attacks. Although civilians are generally protected from direct attacks, they can still become victims of an attack because they lose this protection “for such time as they take direct part in hostilities.”1 In other words, † Cyber Fellow at the Center for Global Legal Challenges, Yale Law School; Resident Fellow Information Society Project, Yale Law School; S.J.D. Candidate, Georgetown University Law Center. I would like to gratefully acknowledge the generous support of the Minerva Center for the Rule of Law under Extreme Conditions at the Faculty of Law and Department of Geography and Environmental Studies, University of Haifa, Israel and of the Israeli Ministry of Science, Technology and Space, who made this project possible.
    [Show full text]
  • Chapter 29 Cyber Attacks by Terrorists and Other Malevolent Actors
    Chapter 29 Cyber Attacks by Terrorists and other Malevolent Actors: Prevention and Preparedness With Three Case Studies on Estonia, Singapore, and the United States Shashi Jayakumar The field of cyberterrorism has existed for as a long as it has been possible to interdict or compromise computer systems. While contributions of scholars, researchers, and practitioners have enriched discussions, there are longstanding and unresolved issues of definition which can give rise to confusion. Does cyberterrorism mean attacks only by individuals groups that fall within widely accepted definitions of “terrorist” or “terrorist organizations?” To what degree does the aim or intention of the malicious actor matter? For the purposes of the present volume, this study (without sidestepping these questions) examines attacks against computer infrastructure and Critical Information Infrastructure (CII) by all actors with capability, and not just groups such as Al-Qaeda or ISIS. As the author notes and establishes early in his discussion, this is necessary given that while conventional terrorist groups might have intent, they have not to date acquired the capability to carry out a genuinely destructive cyber-attack of the type that might lead to major loss of life or infrastructural damage. It is (for the most part) states which have this capability. Cyber prevention and preparedness covers a wide range. This three-part chapter includes technical aspects of cyber protection, systems (and people) resilience, risk mitigation, as well as nurturing talent within
    [Show full text]