Difference between revisions of "Main Page"

From International cyber law: interactive toolkit
Jump to navigation Jump to search
(adding random selection weights to more recent incidents)
Line 76: Line 76:
 
On 20 June 2019, the US Cyber Command launched multiple cyber attacks [https://www.theguardian.com/world/2019/jun/23/us-launched-cyber-attack-on-iranian-rockets-and-missiles-reports disabling] computer systems that controlled Iran’s rocket launchers and [https://www.nytimes.com/2019/08/28/us/politics/us-iran-cyber-attack.html wiping out] a critical database of Iran’s Islamic Revolutionary Guard Corps. The attacks [https://www.nytimes.com/2019/06/22/us/politics/us-iran-cyber-attacks.html were reportedly] a direct response to earlier attacks against oil tankers in the Persian Gulf and the downing of an American surveillance drone after it had [https://www.aljazeera.com/news/2019/06/iran-revolutionary-guard-shoots-spy-drone-report-190620035802427.html allegedly entered] Iran’s airspace. Iran has [https://www.theguardian.com/world/2019/jun/13/a-visual-guide-to-the-gulf-tanker-attacks denied] all responsibility for the tanker attacks. The cyber attacks were conducted the same day that President Trump [https://www.nytimes.com/2019/06/20/world/middleeast/iran-us-drone.html called off] a military strike against Iran and were reportedly intended to remain below the threshold of armed conflict. The Toolkit considers whether specific cyber operations amount to uses of force in [[Scenario 03: Cyber operation against the power grid|scenario 03]] and [[Scenario 14: Ransomware campaign|scenario 14]]. Moreover, [[Scenario 13: Cyber operations as a trigger of the law of armed conflict|scenario 13]] examines when cyber operations may trigger the application of international humanitarian law.</div>
 
On 20 June 2019, the US Cyber Command launched multiple cyber attacks [https://www.theguardian.com/world/2019/jun/23/us-launched-cyber-attack-on-iranian-rockets-and-missiles-reports disabling] computer systems that controlled Iran’s rocket launchers and [https://www.nytimes.com/2019/08/28/us/politics/us-iran-cyber-attack.html wiping out] a critical database of Iran’s Islamic Revolutionary Guard Corps. The attacks [https://www.nytimes.com/2019/06/22/us/politics/us-iran-cyber-attacks.html were reportedly] a direct response to earlier attacks against oil tankers in the Persian Gulf and the downing of an American surveillance drone after it had [https://www.aljazeera.com/news/2019/06/iran-revolutionary-guard-shoots-spy-drone-report-190620035802427.html allegedly entered] Iran’s airspace. Iran has [https://www.theguardian.com/world/2019/jun/13/a-visual-guide-to-the-gulf-tanker-attacks denied] all responsibility for the tanker attacks. The cyber attacks were conducted the same day that President Trump [https://www.nytimes.com/2019/06/20/world/middleeast/iran-us-drone.html called off] a military strike against Iran and were reportedly intended to remain below the threshold of armed conflict. The Toolkit considers whether specific cyber operations amount to uses of force in [[Scenario 03: Cyber operation against the power grid|scenario 03]] and [[Scenario 14: Ransomware campaign|scenario 14]]. Moreover, [[Scenario 13: Cyber operations as a trigger of the law of armed conflict|scenario 13]] examines when cyber operations may trigger the application of international humanitarian law.</div>
 
</option>
 
</option>
<option>
+
<option weight="2">
 
<!-- INCIDENT 9-->
 
<!-- INCIDENT 9-->
 
<div id="mp-itn" style="padding:0.1em 0.6em;">[[File:Unemblem.gif|left|150px]]
 
<div id="mp-itn" style="padding:0.1em 0.6em;">[[File:Unemblem.gif|left|150px]]
 
On 29 January 2020, ''The New Humanitarian'' [https://www.thenewhumanitarian.org/investigation/2020/01/29/united-nations-cyber-attack?utm_source=The+New+Humanitarian&utm_campaign=c8dddbbc45-EMAIL_CAMPAIGN_2020_01_29&utm_medium=email&utm_term=0_d842d98289-c8dddbbc45-75573037 reported] that dozens of servers were “compromised” at the United Nations offices in Geneva and Vienna. The attack dated back to July 2019 and affected staff records, health insurance, and commercial contract data. According to an unnamed UN official cited in an Associated Press [https://apnews.com/0d958e15d7f5081dd612f07482f48b73 report] on the same day, the level of sophistication was so high that it was possible a State-backed actor might have been behind it. Within the Toolkit, [[Scenario 04: A State’s failure to assist an international organization|Scenario 04]] specifically considers a hypothetical situation in which an international organization falls victim to cyber attacks, the impact of which could and should have been averted by the host State.</div>
 
On 29 January 2020, ''The New Humanitarian'' [https://www.thenewhumanitarian.org/investigation/2020/01/29/united-nations-cyber-attack?utm_source=The+New+Humanitarian&utm_campaign=c8dddbbc45-EMAIL_CAMPAIGN_2020_01_29&utm_medium=email&utm_term=0_d842d98289-c8dddbbc45-75573037 reported] that dozens of servers were “compromised” at the United Nations offices in Geneva and Vienna. The attack dated back to July 2019 and affected staff records, health insurance, and commercial contract data. According to an unnamed UN official cited in an Associated Press [https://apnews.com/0d958e15d7f5081dd612f07482f48b73 report] on the same day, the level of sophistication was so high that it was possible a State-backed actor might have been behind it. Within the Toolkit, [[Scenario 04: A State’s failure to assist an international organization|Scenario 04]] specifically considers a hypothetical situation in which an international organization falls victim to cyber attacks, the impact of which could and should have been averted by the host State.</div>
 
</option>
 
</option>
<option>
+
<option weight="2">
 
<!-- INCIDENT 10-->
 
<!-- INCIDENT 10-->
 
<div id="mp-itn" style="padding:0.1em 0.6em;">[[File:EUCouncil.png|left|150px]]
 
<div id="mp-itn" style="padding:0.1em 0.6em;">[[File:EUCouncil.png|left|150px]]
 
On 30 July 2020, the Council of the European Union [https://www.consilium.europa.eu/en/press/press-releases/2020/07/30/eu-imposes-the-first-ever-sanctions-against-cyber-attacks/ decided] to impose restrictive measures against six individuals and three entities considered to be responsible for or involved in various hostile cyber operations. These included the [[Attempted hack of the OPCW (2018)|attempted hack of the Organization for the Prohibition of Chemical Weapons (OPCW)]] and the [[WannaCry (2017)|WannaCry]] and [[NotPetya (2017)|NotPetya]] incidents. The sanctions imposed included a travel ban and an asset freeze. In addition, EU persons and entities were prohibited from making funds available to those listed. This was the first time the EU has imposed restrictive measures of this kind. Within the Toolkit, [[Scenario 04: A State’s failure to assist an international organization|Scenario 04]] specifically considers a hypothetical situation in which an international organization falls victim to cyber attacks, and [[Scenario 17: Collective responses to cyber operations|Scenario 17]] discusses the legality of targeted restrictive measures of this kind from the perspective of international law.</div>
 
On 30 July 2020, the Council of the European Union [https://www.consilium.europa.eu/en/press/press-releases/2020/07/30/eu-imposes-the-first-ever-sanctions-against-cyber-attacks/ decided] to impose restrictive measures against six individuals and three entities considered to be responsible for or involved in various hostile cyber operations. These included the [[Attempted hack of the OPCW (2018)|attempted hack of the Organization for the Prohibition of Chemical Weapons (OPCW)]] and the [[WannaCry (2017)|WannaCry]] and [[NotPetya (2017)|NotPetya]] incidents. The sanctions imposed included a travel ban and an asset freeze. In addition, EU persons and entities were prohibited from making funds available to those listed. This was the first time the EU has imposed restrictive measures of this kind. Within the Toolkit, [[Scenario 04: A State’s failure to assist an international organization|Scenario 04]] specifically considers a hypothetical situation in which an international organization falls victim to cyber attacks, and [[Scenario 17: Collective responses to cyber operations|Scenario 17]] discusses the legality of targeted restrictive measures of this kind from the perspective of international law.</div>
 
</option>
 
</option>
<option>
+
<option weight="2">
 
<!-- INCIDENT 11-->
 
<!-- INCIDENT 11-->
 
<div id="mp-itn" style="padding:0.1em 0.6em;">[[File:Brno_(znak).svg|left|150px]]
 
<div id="mp-itn" style="padding:0.1em 0.6em;">[[File:Brno_(znak).svg|left|150px]]
 
On 13 March 2020, Brno University Hospital, the second-largest hospital in the Czech Republic, at the time also providing COVID-19 testing capacities, was [[Brno University Hospital ransomware attack (2020)|targeted by ransomware]]. The hospital was forced to shut down its entire IT network, postpone urgent surgical interventions, and reroute patients to other nearby hospitals. It took several weeks before the hospital was fully operational again. [[Scenario 14: Ransomware campaign|Scenario 14]] in the Toolkit provides the legal analysis of a ransomware campaign against municipal and health care services abroad.</div>
 
On 13 March 2020, Brno University Hospital, the second-largest hospital in the Czech Republic, at the time also providing COVID-19 testing capacities, was [[Brno University Hospital ransomware attack (2020)|targeted by ransomware]]. The hospital was forced to shut down its entire IT network, postpone urgent surgical interventions, and reroute patients to other nearby hospitals. It took several weeks before the hospital was fully operational again. [[Scenario 14: Ransomware campaign|Scenario 14]] in the Toolkit provides the legal analysis of a ransomware campaign against municipal and health care services abroad.</div>
 
</option>
 
</option>
<option>
+
<option weight="3">
 
<!-- INCIDENT 12-->
 
<!-- INCIDENT 12-->
 
<div id="mp-itn" style="padding:0.1em 0.6em;">[[File:Microsoft_Exchange_(2019-present).svg|left|150px]]
 
<div id="mp-itn" style="padding:0.1em 0.6em;">[[File:Microsoft_Exchange_(2019-present).svg|left|150px]]
 
On 2 March 2021, Microsoft issued a [https://www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers/ statement] about multiple zero-day exploits in its Exchange Server email software and urged customers to update their systems using a patch released at the same time. Nevertheless, malicious cyber activities escalated, resulting in more than [https://edition.cnn.com/2021/03/10/tech/microsoft-exchange-hafnium-hack-explainer/index.html 250,000 affected customers globally] (including governments as well as the private sector) and involving at least [https://www.welivesecurity.com/2021/03/10/exchange-servers-under-siege-10-apt-groups/?utm_source=Twitter&utm_medium=cpc&utm_campaign=WLS_apt_groups&utm_term=WLS_apt_groups&utm_content=blog 10 APT groups]. The original campaign was [https://www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers/ attributed] by Microsoft to ‘Hafnium’, described as a State-sponsored group operating out of China. The hackers used the exploits to gain access to victim organisations’ email systems and to install malware allowing them to maintain long-term access to files, inboxes, and stored credentials. [[Scenario 02: Cyber espionage against government departments|Scenario 02]] of the Toolkit analyses cyber espionage against government departments; economic cyber espionage is discussed in [[Scenario 09: Economic cyber espionage|Scenario 09]].</div>
 
On 2 March 2021, Microsoft issued a [https://www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers/ statement] about multiple zero-day exploits in its Exchange Server email software and urged customers to update their systems using a patch released at the same time. Nevertheless, malicious cyber activities escalated, resulting in more than [https://edition.cnn.com/2021/03/10/tech/microsoft-exchange-hafnium-hack-explainer/index.html 250,000 affected customers globally] (including governments as well as the private sector) and involving at least [https://www.welivesecurity.com/2021/03/10/exchange-servers-under-siege-10-apt-groups/?utm_source=Twitter&utm_medium=cpc&utm_campaign=WLS_apt_groups&utm_term=WLS_apt_groups&utm_content=blog 10 APT groups]. The original campaign was [https://www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers/ attributed] by Microsoft to ‘Hafnium’, described as a State-sponsored group operating out of China. The hackers used the exploits to gain access to victim organisations’ email systems and to install malware allowing them to maintain long-term access to files, inboxes, and stored credentials. [[Scenario 02: Cyber espionage against government departments|Scenario 02]] of the Toolkit analyses cyber espionage against government departments; economic cyber espionage is discussed in [[Scenario 09: Economic cyber espionage|Scenario 09]].</div>
 
</option>
 
</option>
<option>
+
<option weight="3">
 
<!-- INCIDENT 13-->
 
<!-- INCIDENT 13-->
 
<div id="mp-itn" style="padding:0.1em 0.6em;">[[File:Solarwinds.svg|left|150px]]
 
<div id="mp-itn" style="padding:0.1em 0.6em;">[[File:Solarwinds.svg|left|150px]]

Revision as of 08:22, 8 April 2021

MainBanner.jpg


Welcome to the Cyber Law Toolkit, an interactive online resource on international law and cyber operations.

Other resources

  • FAQ – Frequently asked questions about the project and the Toolkit.
  • All articles – Updated list of all substantive articles in the Toolkit. In a printed book, this would be the table of contents.
  • Keywords – Overview of all keywords used across the Toolkit content. Serves the same purpose as an index would in a printed book.
  • Examples – List of real-world incidents that have inspired the analysis in the Toolkit.
  • Glossary – Glossary of the technical terms used in the Toolkit.
  • Short form citation – Abbreviated references for the most commonly used citations in the Toolkit.
  • Bibliography – Bibliography of resources used in the creation and development of the Toolkit.
  • People – List of all people involved in the project (including scenario authors, peer reviewers, research assistants...).