Main Page: Difference between revisions
mNo edit summary |
(adding the Kazakhstan and Duesseldorf incidents) |
||
Line 112: | Line 112: | ||
</div> |
</div> |
||
</option> |
</option> |
||
<option weight="2"> |
|||
<!-- INCIDENT 21--> |
|||
<div id="mp-itn" style="padding:0.1em 0.6em;">[[File:Universitaetsklinikum-Duesseldorf-Logo.png|left|150px]] |
|||
In September 2020, the German University Hospital in Düsseldorf was forced to reduce healthcare service due to a [https://www.wired.co.uk/article/ransomware-hospital-death-germany ransomware attack] that crippled its systems. The attackers managed to compromise 30 clinic’s servers, reducing its capacity by [https://www.rtl.de/cms/hacker-angriff-auf-uniklinik-duesseldorf-starb-eine-patientin-wegen-einer-erpressung-4615184.html fifty per cent] for several days. This ransomware campaign with [https://www.thelocal.de/20200922/german-experts-see-russian-link-in-deadly-hospital-hacking/ links to Russian groups] is known worldwide because a woman has died when taken into a distant hospital that could accept her, even though her death was later [https://www.technologyreview.com/2020/11/12/1012015/ransomware-did-not-kill-a-german-hospital-patient/ not concluded] as a result of the attack. The attack was most likely a mistake since the perpetrators left a note in a code addressed to Heinrich Heine University. Once the hackers were informed about their misstep, they [https://www.healthcareitnews.com/news/hospital-ransomware-attack-leads-fatality-after-causing-delay-care stopped and provided] the hospital with the encryption key without any ransom demands before [https://www.bbc.com/news/technology-54204356 cutting the communication]. Even though no data has been lost, this ransomware campaign once again showed how the healthcare sector is vulnerable to cyber attacks. |
|||
In the Toolkit, [[Scenario 20: Cyber operations against medical facilities|Scenario 20]] focuses directly on cyber operations against medical facilities. Given that the hospital suffered a ransomware attack, [[Scenario 14: Ransomware campaign|Scenario 14]] exploring the ransomware campaign is also relevant. |
|||
</div> |
|||
</option> |
|||
<option weight="2"> |
|||
<!-- INCIDENT 22--> |
|||
<div id="mp-itn" style="padding:0.1em 0.6em;">[[File:Flag of Kazakhstan.svg|left|150px]] |
|||
In January 2022, Kazakhstan experienced massive protests caused by a double rise in fuel prices. During the unrest, the Kazakh authorities [https://netblocks.org/reports/internet-disrupted-in-kazakhstan-amid-energy-price-protests-oy9YQgy3 have taken down the internet] nationwide for about five days, intending to “[https://thediplomat.com/2022/01/information-chaos-in-kazakhstan/ suppress terrorists]”. The exact method leading to the internet shutdown remains unclear; the Kazakh authorities [https://theconversation.com/kazakhstans-internet-shutdown-is-the-latest-episode-in-an-ominous-trend-digital-authoritarianism-174651 probably] rerouted domain name servers (DNS) traffic, cooperated with the internet providers who blocked the transmission, or used an internet kill switch. This caused a total disconnection of the country from the outside world and relevant information and affected citizens’ everyday life. [https://www.accessnow.org/kazakhstan-internet-shutdowns-protests-almaty-timeline-whats-happening/ People struggled] to buy food as cards or mobile payments were disabled, and they could not have withdrawn cash. As the clashes turned violent, security forces used [https://www.hrw.org/news/2022/01/26/kazakhstan-killings-excessive-use-force-almaty extensive force] against protesters, with casualties reaching 225 deaths. Also, the global Bitcoin’s computational power [https://fortune.com/2022/01/05/kazakhstan-internet-bitcoin-mining-mystery-crypto/ vanished temporarily], showing the actual size of a cryptocurrency mining business in Kazakhstan. |
|||
The internet blockage, increasingly used as a means of suppression by authoritarian regimes and repeatedly deployed in Kazakhstan, is explored in [[Scenario 24: Internet blockage|Scenario 24]] of the Toolkit. |
|||
</div> |
|||
</option> |
|||
</choose> |
</choose> |
||
<h2 id="mp-other" style="clear:both; margin:0.5em; background:#bbceed; font-family:inherit; font-size:120%; font-weight:bold; border:1px solid #a3b0bf; color:#000; padding:0.2em 0.4em;">Quick links</h2> |
<h2 id="mp-other" style="clear:both; margin:0.5em; background:#bbceed; font-family:inherit; font-size:120%; font-weight:bold; border:1px solid #a3b0bf; color:#000; padding:0.2em 0.4em;">Quick links</h2> |
Revision as of 14:09, 5 October 2022
About the projectThe Cyber Law Toolkit is a dynamic interactive web-based resource for legal professionals who work with matters at the intersection of international law and cyber operations. The Toolkit may be explored and utilized in a number of different ways. At its core, it presently consists of 25 hypothetical scenarios. Each scenario contains a description of cyber incidents inspired by real-world examples, accompanied by detailed legal analysis. The aim of the analysis is to examine the applicability of international law to the scenarios and the issues they raise. You can see all scenarios in the box immediately below – just click on any of them to follow the relevant analysis. In addition, you may want to explore the Toolkit by looking for keywords you’re interested in; by viewing its overall article structure; by browsing through the national positions on international law in cyberspace; or by reading about individual real-world examples that serve as the basis of the Toolkit scenarios. Finally, you may want to use the search function in the top right corner of this page to look for specific words across all of the Toolkit content.
Cyber law scenarios |
Featured incidentOn Friday 14 January 2022, approximately 70 Ukrainian government websites were targeted by a large-scale defacement campaign. At a time when tensions between Russia and Ukraine were escalating, the altered text on some of the websites warned Ukrainians to “be afraid and wait for the worst”. Although most websites were restored within a few hours, the Ukrainian authorities worried that the operations may have been just a cover for more destructive actions. The identity of the entity responsible for the operations remains unknown (see more here). Certain aspects, including the use of erroneous Polish, led to suggestions that the attackers may have been trying to create false traces to impede attribution efforts. In the Toolkit, Scenario 15 analyses cyber deception during armed conflicts and Scenario 21 explores the issue of misattribution caused by cyber deception in peacetime. Quick links
Behind the scenesThe project is supported by the following six partner institutions: the Czech National Cyber and Information Security Agency (NÚKIB), the International Committee of the Red Cross (ICRC), the NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE), the University of Exeter, United Kingdom, the U.S. Naval War College, United States, and Wuhan University, China. The core of the project team consists of Dr Kubo Mačák (ICRC) – General Editor; Mr Tomáš Minárik (NÚKIB) – Managing Editor; and Ms Taťána Jančárková (CCDCOE) – Scenario Editor. The individual scenarios and the Toolkit as such have been reviewed by a team of over 30 peer reviewers. The Toolkit was formally launched on 28 May 2019 in Tallinn, Estonia; its Chinese launch took place on 2 November 2019 in Wuhan, China; it received its most recent general annual update on 22 September 2021; and it remains continuously updated. For questions about the project including media enquiries, please contact us at cyberlaw@exeter.ac.uk.
|