Ethan Burk
A person sitting at a desk with multiple monitors via NBC news
On June 5th, 2023, Vladimir Putin went on Russian public TV and did the unthinkable. The president of the Russian Federation announced that the Ukrainian counteroffensive had begun and urged Russian citizens to retreat into the Russian heartland. This was a major turning point in the military conflict between Russia and Ukraine, except it wasn't'.This message was engineered by a group of anti-Russian hacktivists who were able to gain access to the public broadcast network of a specific region broadcasting a deep fake video of Putin urging retreat. This event marks a stark trend in the world of hacktivism, specifically hacktivism generated by conflict and oppression along with an escalation of “civilian hackers” into compromising both military and civilian targets.
The difference between hacktivism and criminal hacking is the motivation of the hackers. Most criminal groups, such as Antisec, the Lockbit group, and the REvil ransomware group, hack organizations and governments in an attempt to extort them for money. Hacktivists, such as the IT army of Ukraine, Killnet, and Anonymous Sudan, are politically motivated groups who conduct cyber operations in an attempt to expand and promote their political message. These categories are not mutually exclusive, as groups such as the multinational group Anonymous have blended financial and political hacking campaigns. The other thing that separates hacktivism from other forms of political or military hacking is the lack of state sponsorship. Most hacktivist groups work as third-party agencies and do not have direct ties to any governmental agencies. This is what separates hacktivist organizations from cyber mercenary groups, such as Sandworm or the NSO group. The difference between state-sponsored hackers and political hacktivists has become increasingly narrow in the wake of both the Russia-Ukraine war and the Israel-Hamas conflict.
One of the defining features of the Russian-Ukrainian conflict was the emergence of both Ukrainian and Russian political hacktivist groups, such as Killnet and the IT Army of Ukraine. These groups were specifically created during the conflict and most of their hacking campaigns seem to be politically motivated. While most of these cyber-attacks seem to be focused on Distributed Denial of Service (DDOS) attacks that attempt to forcibly cause websites to go offline there have been instances such as the deep fake Vladimir Putin video that point to an escalation between these Russian and Ukrainian groups. These groups have begun to move outside of their own region of the world and become international hacktivist syndicates.
One of the biggest areas hacktivist groups have moved into are the ongoing war between the group Hamas and the nation of Israel. Specifically, the groups Killnet and Anonymous Sudan have taken a anti-Zionist stance in the conflict. A representative of Killnet has shared through their telegram channel that their participation was directly caused by the Israeli stance in the war between Ukraine and Russia. This conflict has further escalated hacktivist activities in the area as more groups have been created in the wake of the conflict and joint collaboration between the groups seems to have increased both the severity of their attacks and the number of their attacks. One of the most severe cyberattacks came from the group Anon ghost, who disabled an app meant to tell Israeli citizens about incoming Hamas missile attacks. This highlights a series of cyberattacks that are moving away from targeting the Israeli government and Hamas based attacks and are beginning to focus more on civilian targets.
While there was the targeting of civilian facilities in the cyber operations predating the Russian-Ukrainian conflict, there has been a major increase in the amount of cyberattacks on civilian targets, in both the Russian-Ukrainian conflict and the Israeli-Palestinian conflict. In Ukraine and Russia, there have been numerous cyber-attacks on hospitals, banks, and the disruption of Russia’s product authentication system. Pro-Palestinian groups have already made threats to critical Israeli infrastructure, such as major powerplants, and at least one water treatment facility showcaed both internal schematics for restricted areas of the buildings and, in one instance, live CCTV footage from a hacked water treatment facility. While these threats have been unverified, there have been sporadic internet blackouts from both Palestinian and Israeli communication companies, leaving civilians on both sides of the conflict without internet or cellular access for large periods of time. These groups’ activities have garnered international notoriety, as the Red Cross is attempting to establish a set of rules for civilian hackers to follow in conflicts.
For the last 20 years, the International Community of The Red Cross (ICRC) has stated openly that the Geneva Convention applies to the cyber realm as well as physical. This has mainly been an attempt to stop full scale national cyber warfare between nations, and the disruption of civilian infrastructure from both state sponsored and military hackers. This ruling has generally been unenforced and, in the wake of Russia’s 2014 DDOS attacks against Ukraine, largely circumvented through the use of contracted third-party hackers. The Red Cross has also stated that the use of civilian hackers has created difficulty in classifying civilians and combatants. For these reasons, the Red Cross has taken a more rigid stance on the application of the Geneva Convention in the digital realm and has created the “8 rules for civilian hackers” during war. These rules codify how hacktivists should behave during conflicts, specifying the non-targeting humanitarian organizations and the disuse of malware that is able to spread itself automatically. The Red Cross also stated in this post that hacktivists operating internationally and don’t abide by these rules do open themselves up to criminal prosecution for war crimes and being considered military targets. The Red Cross’ hope is that with these rules and guidelines in place, there will be a decrease in the number of civilians harmed by cyberattacks in the future.
Sources:
“Cyberattacks Targeting Israel Are on the Rise After Hamas Attack.” 2023. Bloomberg.com. https://www.bloomberg.com/news/articles/2023-10-09/cyberattacks-targeting-israel-are-on-the-rise-after-hamas-attack (October 15, 2023).
Hacktivists Target Israel… What’s Happened So Far? 2023. https://www.youtube.com/watch?v=6zYloNKD-08 (October 15, 2023).
“Meet the Hacker Armies on Ukraine’s Cyber Front Line.” 2023. BBC News. https://www.bbc.com/news/technology-65250356 (October 15, 2023).
“Rules of Engagement Issued to Hacktivists after Chaos.” 2023. BBC News. https://www.bbc.com/news/technology-66998064 (October 15, 2023).
Rushing, Elizabeth. 2023. “8 Rules for ‘Civilian Hackers’ during War, and 4 Obligations for States to Restrain Them.” Humanitarian Law & Policy Blog. https://blogs.icrc.org/law-and-policy/2023/10/04/8-rules-civilian-hackers-war-4-obligations-states-restrain-them/ (October 15, 2023).
Sonne, Paul. 2023. “Fake Putin Speech Calling for Martial Law Aired in Russia.” The New York Times. https://www.nytimes.com/2023/06/05/world/europe/putin-deep-fake-speech-hackers.html (October 15, 2023).
Comments