Difference between revisions of "Main Page"

From International cyber law: interactive toolkit
Jump to navigation Jump to search
(updating references in incident 11 (Brno) to new scenarios)
(colonial pipeline incident added)
Line 79: Line 79:
 
<div id="mp-itn" style="padding:0.1em 0.6em;">[[File:Solarwinds.svg|left|150px]]
 
<div id="mp-itn" style="padding:0.1em 0.6em;">[[File:Solarwinds.svg|left|150px]]
 
On 13 December 2020, FireEye [https://www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html announced] the discovery of an ongoing supply chain attack that trojanized SolarWinds Orion business software updates in order to distribute malware. The [https://www.businessinsider.com/solarwinds-hack-explained-government-agencies-cyber-security-2020-12?r=US&IR=T victims] included many U.S. governmental organisations (such as the Department of Homeland Security, the Department of Energy, or the Treasury) and businesses (including Microsoft, Cisco, or Deloitte). Once the systems were infected, hackers could transfer files, execute files, profile the system, reboot the machines, or disable system services. The U.S. government has [https://www.cisa.gov/news/2021/01/05/joint-statement-federal-bureau-investigation-fbi-cybersecurity-and-infrastructure attributed] the attack to an ‘Advanced Persistent Threat Actor, likely Russian in origin’. Even though the campaign’s full scope remains unknown, recovering from the hack and conducting investigations may take up to [https://www.technologyreview.com/2021/03/02/1020166/solarwinds-brandon-wales-hack-recovery-18-months/ 18 months]. In the Toolkit, data theft and cyber espionage against government departments are analysed in [[Scenario 02: Cyber espionage against government departments|Scenario 02]]. Given that private sector organizations were among the victims, [[Scenario 09: Economic cyber espionage|Scenario 09]] on economic cyber espionage is also relevant.</div>
 
On 13 December 2020, FireEye [https://www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html announced] the discovery of an ongoing supply chain attack that trojanized SolarWinds Orion business software updates in order to distribute malware. The [https://www.businessinsider.com/solarwinds-hack-explained-government-agencies-cyber-security-2020-12?r=US&IR=T victims] included many U.S. governmental organisations (such as the Department of Homeland Security, the Department of Energy, or the Treasury) and businesses (including Microsoft, Cisco, or Deloitte). Once the systems were infected, hackers could transfer files, execute files, profile the system, reboot the machines, or disable system services. The U.S. government has [https://www.cisa.gov/news/2021/01/05/joint-statement-federal-bureau-investigation-fbi-cybersecurity-and-infrastructure attributed] the attack to an ‘Advanced Persistent Threat Actor, likely Russian in origin’. Even though the campaign’s full scope remains unknown, recovering from the hack and conducting investigations may take up to [https://www.technologyreview.com/2021/03/02/1020166/solarwinds-brandon-wales-hack-recovery-18-months/ 18 months]. In the Toolkit, data theft and cyber espionage against government departments are analysed in [[Scenario 02: Cyber espionage against government departments|Scenario 02]]. Given that private sector organizations were among the victims, [[Scenario 09: Economic cyber espionage|Scenario 09]] on economic cyber espionage is also relevant.</div>
  +
</option>
  +
<option weight="2">
  +
<!-- INCIDENT 14-->
  +
<div id="mp-itn" style="padding:0.1em 0.6em;">[[File:Colonial Pipeline.png|left|150px]]
  +
On 7 May 2021, the Colonial Pipeline Company, one of the biggest fuel suppliers in the USA, experienced a ransomware attack. The perpetrators used a breach of a work account that allowed remote access to the internal network. The attack caused theft of nearly 100 GB of data, disruption of the company’s accountancy and preventive closure of the distributive network. These actions resulted in a panic that led to a buyout of fuel, a steep rise in its prices and fuel shortages. Governors of several US states declared a state of emergency.
  +
  +
According to the FBI, the perpetrator is believed to be the DarkSide gang, a private Russian speaking group motivated by monetary gains. The group resides in Russia or former Soviet states and may be tolerated by the local authorities. The US president Joe Biden said the Russian government had “some responsibility”; Russia distanced itself from the incident.
  +
  +
In the Toolkit, [[Scenario 14: Ransomware campaign|Scenario 14]] explores the legal questions regarding ransomware extortion campaigns. Given the indirect involvement of a State, [[Scenario 06: Cyber countermeasures against an enabling State|Scenario 06]] deals with the possible countermeasures deployed against an enabling State.
  +
</div>
 
</option>
 
</option>
 
</choose>
 
</choose>

Revision as of 10:28, 27 October 2021

MainBanner21.jpg


Welcome to the Cyber Law Toolkit, an interactive online resource on international law and cyber operations.

Call for submissions

Cyber Law Toolkit is now inviting submissions for its next general update in 2022. Successful authors will be awarded an honorarium. This call for submissions is open until 1 November 2021. Full text of the call with submission dates and contacts is available for download here: Call for submissions (PDF)