Cyberattack (Political)

From Global Informality Project
Jump to: navigation, search
Cyberattacks on political opponents using semi-state actors
Location: Worldwide
World map.png
Author: Alistair Faulkner
Affiliation: University College London

Original text by Alistair Faulkner

Cyberattacks deliberately exploit computer systems, technology-dependent enterprises and networks using a malicious code resulting in disruptive consequences that can compromise data (Kim et al 2014[1]). Malware and Distributed Denial of Service attacks (DDOS) are arguably the most prevalent forms of cyberattacks globally (Verizon 2016[2]). Malware is code or software that is designed to disrupt data, hosts, or networks. Damage from malware varies from minor irritation to entirely disabling systems and networks (Cisco 2016[3]). DDOS attacks attempt to make a machine or network resource unavailable to its intended users and are often driven by political motivations (Nazario 2009[4]).

The inherent legal characteristics associated with cyberspace and the use of semi-state actors by governments to target political opponents arguably enables this practice to be categorised as informal.

Traditional forms of political targeting include physical violence, which breaks clearly defined laws that have been constructed to penalise such illegal activity (Zimmermann 2013[5]). Thus for example, a non-fatal physical attack on a political dissident within the UK constitutes a crime under the Offences against the Person Act 1861 act and if convicted, the offender, (assuming they did not hold diplomatic immunity), could be sentenced to life in prison (CPS 2016a[6]). Empirical studies suggest that countries tend to observe almost all principles of international law (Pawlak and Petkova 2015[7]) thus whilst countries tend to avoid overtly breaking international law, they may rely on legal technicalities or seek to exploit the grey area between legal and illegal practices, thereby using informal practices that are neither legal nor illegal to achieve their ends (Craig 2013[8]).

In contrast to the substantial legal landscape covering physical crimes traditionally used to target political opponents, the cyberattack legal landscape is underdeveloped (despite vast legal issues surrounding cyberattacks) which, in conjunction with the use of semi-state actors, gives rise to the informal nature of this practice (Egloff 2015[9]).

International law has been slow to adapt to the increasing prevalence of cyberattacks as shown by UN Charter Article 2(4) which states that if actions do not include violence or the threat of violence, such actions do not constitute a cyberattack (UN 2016[10]). Therefore, cyberattacks using malware or DDOS can be a powerful weapon with which governments can target political opponents internationally without resorting to conventional attacks (such as war), which make a government subject to international law and has the potential to leave it exposed to economic and political repercussions. Furthermore, it is significantly more cost effective to launch cyberattacks than conventional attacks and the effect of cyberattacks can nevertheless be great because industrialised states tend to be dependent upon computer networks (Hathaway and Crootof 2012[11]).

Due to the current lack of international law regulating cyberattacks, governments are able to exploit the situation therefore many nation-states have a vested interest in ensuring that existing laws, such as the UN Article 2(4), are not revised make them applicable to cyber attacks. However, Sigholm (2013[12]) hypothesises that should such laws be introduced, covertly outsourcing cyberattacks to semi-state actors could be a viable method to circumvent these new laws. Thus, many nations are keen to continue to exploit the grey area that exists currently within the legal landscape.

National security is a concept through which a government protects the state and its citizens against aggression from domestic and external actors. Cyberattacks are arguably one of the greatest threats and infringements to a nation’s national security (Hare 2010). The alleged use of semi-state actors by a nation state in cyberattacks, and the challenge of measuring the attack’s origin, enables a state to circumvent the aforementioned informal constraints by obtaining a ‘plausible deniability’ because the attacker’s true identity is concealed (Nazario 2009[13]).

Egloff (2015[14]) identifies three distinct categories of actors operating within cyberspace. Firstly, he identifies state actors who comprise of cyber units of militaries, intelligence agencies and police forces. Secondly, he identifies semi-state actors who comprise of actors working in the political and economic interest of a specific country. The last category he identifies is that of the criminal actors – the so-called cybercriminals. Whilst criminals consciously break formal rules such as laws, state actors such as militaries work in accordance with the law, therefore the actions of semi-state actors can be seen to occupy the grey area between the legal and illegal (Egloff 2015[15]).

There has been an increasing prevalence in the recruitment of semi-state actors by governments, resulting from their desire to benefit from the semi-state actor’s experience and leverage their cyber knowledge (Sigholm 2013[16]; Lennon 2015[17]). Semi-state actors are motivated to work with governments for a variety of reasons including curiosity, economic gain, political agendas, attraction to technical challenges, or purely out of boredom (Sigholm 2013[18]). However, in recent years there is an increasing trend for governments to recruit semi-state actors with nationalistic tendencies to conduct cyberattacks (Egloff 2015[19]).

The use of semi-state actors recruited through informal channels to conduct cyberattacks enables the instigating nation state to achieve its strategic objectives whilst escaping recrimination (Sigholm 2013[20]; Lennon 2015[21]) since this practice provides a country with a plausible deniability (Nazario 2009[22]) due to the difficulty in establishing the origin of cyber-attacks (Elgoff 2015[23]). Firstly, the association between an attack and a specific hacker group needs to be established; this is sometimes determined on the basis of inference according to the specific targets selected, mistakes made, or the techniques, tactics and procedures used. A frequent problem for researchers however is that attacks may be staged by a group deliberately using the known techniques, tactics and procedures of a different group in order to conceal the attacker’s true identity. Secondly an association between a specific hacker group and a specific government needs to be established which is extremely difficult to prove (Egloff 2015[24]). Thus, when a specific government is attributed to a specific cyberattack, the political attribution is typically based on a researcher’s interpretation based on internal information such as the identity of the victim and type of attacks seen. Furthermore, external sources such as news reports may be used to validate the findings (Nazario 2009[25]).

Plausible deniability is essential because should cyber-attacks be linked back to the initiating nation-state repercussions could be politically damaging with the revelation of culpability having the potential to lead to escalating tension between two nations, which could ultimately lead to conventional warfare (Lewis 2011[26]). Due to this potential for political or military recrimination, nation-states have little incentive to openly admit their involvement in initiating cyberattacks (Sigholm 2013[27]; Lennon 2015[28]).

Since 2007, Estonia, Lithuania, Georgia and Ukraine have all suffered high profile cyberattacks allegedly originating from Russia. Whilst there is arguably little beyond circumstantial evidence of the Russian government’s involvement in attacks targeted at governments, organisations or individuals critical of the state, the existing evidence suggests that when organisations, individuals or countries oppose the Russian state, there is an increased likelihood of being the target of such an attack. These attacks are designed to counter opposition and ‘persuade’ or influence the country, organisation or individual to change their policy or stance (Ashmore 2009[29]).

The informal practice of cyberattack has numerous economic effects on its target. As of 2014, the cost of cyberattacks on the global economy was in excess of $400 billion per annum, with the regions of North America, Europe and Asia experiencing the greatest losses whilst Africa suffered the least. This finding is attributed to differences in the income levels of these territories, with highly developed economies losing the most and countries with emerging economies losing the least (CSIS 2014[30]). However, these figures are not necessarily representative of the true costs of cyberattacks on the global economy. In the first instance the economic cost is difficult to measure due to a lack of consensus about what constitutes a cyberattack, resulting in an inconsistent approach to data collection (UNCTD 2005[31]). Secondly, the financial losses resulting from cyberattacks are underreported (Pawlak and Petkova 2015[32]). Lastly, such figures fail to account for the intangible costs of the attacks such as the loss of business intelligence, intellectual property and damage to reputation (Ernst & Young 2014[33]).

References and Bibliography

  1. Schmitt, M. N. 2012. “Attack” as a Term of Art in International Law: The Cyber Operations Context. Tallin: NATO Cooperative Cyber Defence Centre of Excellence Publication

Notes

  1. Kim, Y. et al. 2014. Analysis of cyber-attacks and security intelligence. In: Park J.J. et al ed. Mobile, ubiquitous, and intelligent computing, Lecture Notes in Electrical Engineering, Vol. 274 (pp. 489-494). Berlin, Heidelberg: Springer.
  2. Verizon. 2016. Verizon's 2016 Data Breach Investigations Report. United States: Verizon.
  3. Cisco. 2016. What Is the Difference: Viruses, Worms, Trojans, and Bots? [Online]. CISCO. Available at: http://www.cisco.com/c/en/us/about/security-center/virus-differences.html [Accessed 11 April 2016].
  4. Nazario, J., 2009. Politically motivated denial of service attacks. The Virtual Battlefield: Perspectives on Cyber Warfare, pp.163-181.
  5. Zimmermann, E. 2013. Political Violence, Crises and Revolutions (Routledge Revivals): Theories and Research. New York: Routledge.
  6. CPS. 2016a. Offences against the Person, incorporating the Charging Standard [Online]. Crown Prosecution Service. Available at: http://www.cps.gov.uk/legal/l_to_o/offences_against_the_person/#a15 [Accessed 11 April 2016].
  7. Pawlak, P. and Petkova, G. 2015. State-sponsored hackers: hybrid armies? [Online]. European Union Institute for Security Studies. Available at: http://www.iss.europa.eu/publications/detail/article/state-sponsored-hackers-hybrid-armies/ [Accessed: 11 April 2016].
  8. Craig, A. 2013. International Legitimacy and the Politics of Security: The Strategic Deployment of Lawyers in the Israeli Military. Plymouth: Lexington Books.
  9. Egloff, F. 2015. Cybersecurity and the Age of Privateering: A Historical Analogy, Cyber Studies Working Papers, 1, March 2015.
  10. UN. 2016. Charter of the United Nations [Online]. United Nations. Available at: http://www.un.org/en/sections/un-charter/chapter-i/ [Accessed 11 April 2016].
  11. Hathaway, O. A. and Crootof, R. 2012. The Law of Cyber-Attack. Yale Law School Faculty Scholarship Series. Paper 3852.
  12. Sigholm, J. 2013. Non-State Actors in Cyberspace Operations, Journal of Military Studies, 4(1).
  13. Nazario, J., 2009. Politically motivated denial of service attacks. The Virtual Battlefield: Perspectives on Cyber Warfare, pp.163-181.
  14. Egloff, F. 2015. Cybersecurity and the Age of Privateering: A Historical Analogy, Cyber Studies Working Papers, 1, March 2015.
  15. Egloff, F. 2015. Cybersecurity and the Age of Privateering: A Historical Analogy, Cyber Studies Working Papers, 1, March 2015.
  16. Sigholm, J. 2013. Non-State Actors in Cyberspace Operations, Journal of Military Studies, 4(1).
  17. Lennon, M. 2015. Russia-linked Pawn Storm Attackers Exploiting New Adobe Flash Zero-Day [Online]. Available at: http://www.securityweek.com/russia-linked-pawn-storm-attackers-exploiting-new-adobe-flash-zero-day [Accessed 11 April 2016].
  18. Sigholm, J. 2013. Non-State Actors in Cyberspace Operations, Journal of Military Studies, 4(1).
  19. Egloff, F. 2015. Cybersecurity and the Age of Privateering: A Historical Analogy, Cyber Studies Working Papers, 1, March 2015.
  20. Sigholm, J. 2013. Non-State Actors in Cyberspace Operations, Journal of Military Studies, 4(1).
  21. Lennon, M. 2015. Russia-linked Pawn Storm Attackers Exploiting New Adobe Flash Zero-Day [Online]. Available at: http://www.securityweek.com/russia-linked-pawn-storm-attackers-exploiting-new-adobe-flash-zero-day [Accessed 11 April 2016].
  22. Nazario, J., 2009. Politically motivated denial of service attacks. The Virtual Battlefield: Perspectives on Cyber Warfare, pp.163-181.
  23. Egloff, F. 2015. Cybersecurity and the Age of Privateering: A Historical Analogy, Cyber Studies Working Papers, 1, March 2015.
  24. Egloff, F. 2015. Cybersecurity and the Age of Privateering: A Historical Analogy, Cyber Studies Working Papers, 1, March 2015.
  25. Nazario, J., 2009. Politically motivated denial of service attacks. The Virtual Battlefield: Perspectives on Cyber Warfare, pp.163-181.
  26. Lewis, J. A., 2011. Cyberwar Thresholds and Effects, IEEE Security & Privacy, 9(5).
  27. Sigholm, J. 2013. Non-State Actors in Cyberspace Operations, Journal of Military Studies, 4(1).
  28. Lennon, M. 2015. Russia-linked Pawn Storm Attackers Exploiting New Adobe Flash Zero-Day [Online]. Available at: http://www.securityweek.com/russia-linked-pawn-storm-attackers-exploiting-new-adobe-flash-zero-day [Accessed 11 April 2016].
  29. Ashmore, W.C., 2009. Impact of alleged Russian cyber attacks. Army Command and General Staff Coll Fort Leavenworth Ks School of Advanced Military Studies.
  30. CSIS. 2014. Net Losses: Estimating the Global Cost of Cybercrime Economic impact of cybercrime II. United States of America: Center for Strategic and International Studies.
  31. UNCTD. 2005. Information Economy Report 2005 ecommerce and development. Geneva: United Nations Conference on Trade and Development.
  32. Pawlak, P. and Petkova, G. 2015. State-sponsored hackers: hybrid armies? [Online]. European Union Institute for Security Studies. Available at: http://www.iss.europa.eu/publications/detail/article/state-sponsored-hackers-hybrid-armies/ [Accessed: 11 April 2016].
  33. Ernst & Young. 2014. Cyber threat intelligence − how to get ahead of cybercrime [Online] Ernst & Young. Available at: https://www.google.co.uk/url?sa=t&rct=j&q=&esrc=s&source=web&cd=2&ved=0ahUKEwjD1-SD7K_MAhVsIcAKHf68Ci4QFggkMAE&url=http%3A%2F%2Fwww.ey.com%2FPublication%2FvwLUAssets%2FEY-cyber-threat-intelligence-how-to-get-ahead-of-cybercrime%2F%24FILE%2FEY-cyber-threat-intelligence-how-to-get-ahead-of-cybercrime.pdf&usg=AFQjCNE2lf2YQK9E-2gZpMyvmq_3qsiVgg&bvm=bv.120853415,d.ZGg&cad=rja [Accessed 11 April 2016].