Red Cross Issues Hacking Guidelines
The International Committee of the Red Cross (ICRC) has issued guidelines for civilians who carry out hacking attacks to support one side of a military conflict. It warned that non-combatants need to respect humanitarian rules.
The guidelines relate to hacktivism, where people disrupt online services or replace text on websites. The tactic has often been associated with people making a political point against businesses or governments. However, it's now also commonly used by those trying to aid countries or regions involved in wars and other military conflicts.
The ICRC believes such tactics may be well-intentioned (depending on views on which side is in the right) but can cause unintended harm. They could affect non-military targets that mean citizens suffer, for example if health or financial services are compromised. There's also a risk that the other party in the military conflict could see the "hacktivists" as a legitimate military target.
Eight Rules
To reduce these risks, the ICRC has now published a set of "rule of engagement" for civilian hacktivists. They are largely adapted from the same international humanitarian rules that, in theory, countries agree to follow during military conflicts. (Source: bbc.co.uk)
The guidelines are:
- Do not direct cyber-attacks against civilian objects.
- Do not use malware or other tools or techniques that spread automatically and damage military objectives and civilian objects indiscriminately.
- When planning a cyber-attack against a military objective, do everything feasible to avoid or
minimize the effects your operation may have on civilians.
- Do not conduct any cyber-operation against medical and humanitarian facilities.
- Do not conduct any cyber-attack against objects indispensable to the survival of the population or that can release dangerous forces.
- Do not make threats of violence to spread terror among the civilian population.
- Do not incite violations of international humanitarian law. Comply with these rules even if the enemy does not.
Uneven Playing Field
It doesn't appear all hacktivist groups will follow the guidelines. In some cases that's because they believe cyber attackers on the other side (both government/military and citizen-led) will not follow the rules and that would create an unfair disadvantage.
In other cases, the groups believe there's no need to follow guidelines because they act anonymously and thus will never be held accountable for their actions. (Source: infosecurity-magazine.com)
What's Your Opinions?
Is it worthwhile issuing such guidelines or simply naive? Should online attackers follow the same humanitarian rules as those engaged in in physical conflicts? Should governments impose similar rules on those engaged in cyber warfare on an official basis?
My name is Dennis Faas and I am a senior systems administrator and IT technical analyst specializing in cyber crimes (sextortion / blackmail / tech support scams) with over 20 years experience; I also run this website! If you need technical assistance , I can help. Click here to email me now; optionally, you can review my resume here. You can also read how I can fix your computer over the Internet (also includes user reviews).
We are BBB Accredited
We are BBB accredited (A+ rating), celebrating 21 years of excellence! Click to view our rating on the BBB.
Comments
NEEDED TO BE DONE
Of course, as in war, there's no way the guidelines will be followed. But there's still the social contract to uphold and reinforce, and that's what these guidelines do, where there have been none until now in this new domain.