List of articles: Difference between revisions

From International cyber law: interactive toolkit
Jump to navigation Jump to search
Content added Content deleted
VisualWikitext
(editing real world scenarios)
(Austria)
 
(166 intermediate revisions by 11 users not shown)
Line 5: Line 5:
* [[FAQ]]
* [[FAQ]]
* [[Note on the structure of articles]]
* [[Note on the structure of articles]]
* [[Editing rules]]
<!--* [[Editing rules]]-->
* [[Glossary]]
* [[Glossary]]
* [[Short form citation]]
* [[Bibliography]]
* [[Bibliography]]
* [[People]]


== Scenarios ==
== Scenarios ==
<div style="column-count:3;-moz-column-count:3;-webkit-column-count:3">
* [[Scenario 01: Election interference]]
* [[Scenario 01: Election interference]]
* [[Scenario 02: Cyber espionage against government departments|Scenario 02: Political espionage]]
* [[Scenario 02: Cyber espionage against government departments|Scenario 02: Political espionage]]
Line 23: Line 26:
* [[Scenario 12: Cyber operations against computer data|Scenario 12: Computer data]]
* [[Scenario 12: Cyber operations against computer data|Scenario 12: Computer data]]
* [[Scenario 13: Cyber operations as a trigger of the law of armed conflict|Scenario 13: Armed conflict]]
* [[Scenario 13: Cyber operations as a trigger of the law of armed conflict|Scenario 13: Armed conflict]]
* [[Scenario 14: Ransomware campaign]]
* [[Scenario 15: Cyber deception during armed conflict|Scenario 15: Cyber deception]]
* [[Scenario 16: Cyber attacks against ships on the high seas|Scenario 16: High seas]]
* [[Scenario 17: Collective responses to cyber operations|Scenario 17: Collective responses]]
* [[Scenario 18: Legal status of cyber operators during armed conflict|Scenario 18: Cyber operators]]
* [[Scenario 19: Hate speech]]
* [[Scenario 20: Cyber operations against medical facilities|Scenario 20: Medical facilities]]
* [[Scenario 21: Misattribution caused by deception|Scenario 21: Misattribution]]
* [[Scenario 22: Cyber methods of warfare|Scenario 22: Methods of warfare]]
* [[Scenario 23: Vaccine research and testing|Scenario 23: Vaccine research]]
* [[Scenario 24: Internet blockage]]
* [[Scenario 25: Cyber disruption of humanitarian assistance|Scenario 25: Humanitarian assistance]]
* [[Scenario 26: Export licensing of intrusion tools|Scenario 26: Export licensing]]
* [[Scenario 27: Contesting and redirecting ongoing attacks|Scenario 27: Redirecting attacks]]
* [[Scenario 28: Extraterritorial incidental civilian cyber harm|Scenario 28: Incidental harm]]
* [[Scenario 29: Cyber operations against water and water infrastructure|Scenario 29: Water infrastructure]]
</div>


== Legal concepts ==
== Legal concepts ==
=== General international law ===
=== General international law ===
* [[Applicability of international law]]
* [[Jurisdiction]]
* Jurisdiction
* [[State responsibility]]
* [[State responsibility]]
** [[Attribution]]
** [[Attribution]]
*** [[Attribution#State organs and persons and entities in exercise of governmental authority|State organs]]
*** State organs
*** Non-State actors
*** [[Attribution#Non-State actors|Non-State actors]]
*** Evidence
*** [[Attribution#Evidentiary standards|Evidence]]
*** [[Responsibility of a State for the conduct of another State]]
*** [[Mistake of fact (Law of State responsibility)|Mistake of fact]]
** [[Breach of an international obligation]]
** [[Breach of an international obligation]]
** Responses and justifications
** Responses and justifications
Line 40: Line 63:
**** ''Force majeure''
**** ''Force majeure''
**** Distress
**** Distress
**** [[Necessity]]
**** [[Plea of necessity]]
*** [[Retorsion]]
*** [[Retorsion]]
**** [[Targeted restrictive measures]]
* [[Due diligence]]
* [[Due diligence]]
* [[Sovereignty]]
* [[Sovereignty]]
* [[Prohibition of intervention]]
* [[Prohibition of intervention]]
* [[Prohibition of genocide]]
* [[Transboundary harm]]
* [[Voluntary, non-binding norms of responsible state behavior]]
* [[Legally binding unilateral declarations of States]]
* Cyber operations not ''per se'' regulated by international law
* Cyber operations not ''per se'' regulated by international law
** [[Peacetime cyber espionage]]
** [[Peacetime cyber espionage]]
** [[Peacetime cyber espionage#Economic cyber espionage|Economic cyber espionage]]


=== Specialised regimes of peacetime international law ===
=== Specialised regimes of peacetime international law ===
* [[International human rights law]]
* [[Diplomatic and consular law]]
* [[Diplomatic and consular law]]
** [[Diplomatic and consular law#Inviolability of documents and archives of diplomatic missions and consular posts|Inviolability of documents and archives of diplomatic missions and consular posts]]
** [[Diplomatic and consular law#Premises of the mission|Premises of the mission]]
** [[Diplomatic and consular law#Persona non grata|Persona non grata]]
* [[Law of the sea]]
* [[Law of the sea]]
* [[Air law]]
** [[Flag State jurisdiction]]
* [[Space law]]
** [[Freedom of navigation]]
** [[Sovereign immunity]]
* [[International telecommunications law]]
** [[Maritime law enforcement]]
* Air law
* Space law
* [[International telecommunication law]]
* [[International human rights law]]
** [[Right to life]]
* [[Individual criminal responsibility under international law|International criminal law]]
** [[Crime of genocide]]
** [[Crimes against humanity]]
** [[War crimes]]
* [[International export control law]]


=== Use of force, conflict and international law ===
=== Use of force, conflict and international law ===
* [[Peaceful settlement of disputes]]
* [[Use of force|International law on the use of force (''jus ad bellum'')]]
* International law on the use of force (''jus ad bellum'')
** [[Armed attack]]
** [[Self-defence (''jus ad bellum'')]]
** [[Use of force]]
** [[Self-defence|Armed attack and self-defence]]
* [[International humanitarian law|International humanitarian law (''jus in bello'')]]
* [[International humanitarian law (jus in bello)|International humanitarian law (''jus in bello'')]]
** Conflict qualification
** Conflict qualification
*** [[International armed conflict]]
*** [[International armed conflict]]
*** [[Non-international armed conflict]]
*** [[Non-international armed conflict]]
** Conduct of hostilities
** [[Conduct of hostilities]]
*** [[Principle of precautions]]
**** [[Principle of precautions#Precautionary obligations under international humanitarian law|Precautionary obligations under international humanitarian law]]
**** [[Principle of precautions#Obligations to take precautions in attack|Obligations to take precautions in attack]]
**** [[Principle of precautions#Obligations to take precautions against the effects of attacks|Obligations to take precautions against the effects of attacks]]
*** [[Military objectives]]
*** [[Military objectives]]
**** [[Military_objectives#Qualification_of_data_as_a_military_objective_under_IHL|Data as a military objective]]
*** Means and methods of warfare
*** [[Proportionality]]
*** [[Attack (international humanitarian law)|The notion of ‘attack’ under international humanitarian law]]
*** [[Combatancy]]
**** [[Direct participation in hostilities]]
*** [[Attacks against persons]]
*** [[Means and methods of cyber warfare]]
**** [[Perfidy and ruses of war]]
**** [[Misuse of established indicators]]
**** [[Legal review of cyber weapons]]
**** [[Legal review of cyber weapons]]
** Certain persons, objects and activities
** [[Specially protected persons, objects, and activities (international humanitarian law)|Specially protected persons, objects, and activities]]
*** [[Protection of medical units during armed conflict]]
** [[Occupation]]
*** [[Humanitarian relief operations]]
*** [[Objects indispensable to the survival of the civilian population]]
*** [[Protection of the natural environment in armed conflict]]
** Occupation
** [[Neutrality]]
** [[Neutrality]]
** [[Criminal responsibility]]


== Real-world examples ==
== Real-world examples ==
* 2023
* [[Cyber attacks against Estonia (2007)]]
** [[Cyber operations against NATO’s aid mission in Turkey and Syria (2023)]]
* [[Georgia-Russia conflict (2008)]]
* [[Stuxnet (2010)]]
** [[ICC data breach (2023)]]
* 2022
* [[DigiNotar (2011)]]
* [[Shamoon (2012)]]
** [[Costa Rica ransomware attack (2022)]]
** [[Homeland Justice operations against Albania (2022)]]
* [[Ukrainian parliamentary election interference (2014)]]
** [[Kazakhstan internet blockage (2022)]]
* [[Chinese PLA Unit 61398 indictments (2014)]]
** [[Predatory Sparrow operation against Iranian steel maker (2022)]]
* [[Sony Pictures Entertainment attack (2014)]]
* [[Steel mill in Germany (2014)]]
** [[Viasat KA-SAT attack (2022)]]
* [[The Hacking Team Hack (2015)]]
** [[HermeticWiper malware attack (2022)]]
* [[Power grid cyberattack in Ukraine (2015)]]
** [[Cyber operations against government systems in Ukraine (January 2022)]]
* 2021
* [[Bundestag Hack (2015)]]
* [[DNC email leak (2016)]]
** [[Colonial Pipeline ransomware attack (2021)]]
** [[UN data breach (2021)]]
* [[The Shadow Brokers publishing the NSA vulnerabilities (2016)]]
* [[French presidential election leak (2017)]]
** [[Waikato Hospitals ransomware attack (2021)]]
** [[Ireland’s Health Service Executive ransomware attack (2021)]]
* [[WannaCry (2017)]]
* [[NotPetya (mock ransomware)|NotPetya (mock ransomware) (2017)]]
** [[Kaseya VSA ransomware attack (2021)]]
** [[Microsoft Exchange Server data breach (2021)]]
* [[Operation Cloudhopper (2017)]]
* [[African Union headquarters hack (2018)]]
** [[Pegasus Project revelations (2021)]]
<!--
*[[Ethiopian surveillance of journalists abroad (2017)]]
** Water treatment plants https://www.schneier.com/blog/archives/2021/10/ransomware-attacks-against-water-treatment-plants.html
*
** Ghostwriter-->
* 2020
** [[German hospital ransomware attack (2020)]]
** [[African Union headquarters hack (2020)]]
** [[Brno University Hospital ransomware attack (2020)]]
** [[Google shutting down an active counterterrorism operation (2020)]]
** [[SolarWinds (2020)]]
** [[Pfizer/BioNTech vaccine data modification and leak (2020)]]
** [[Israel’s water facilities attack (2020)]]
** [[APT32 attacks on Chinese government (2020)]]
* 2019
** [[Cyber interference against vessels in the Persian Gulf and Gulf of Oman (2019)]]
** [[Iranian internet blackout (2019)]]
** [[Israeli attack against Hamas cyber headquarters in Gaza (2019)]]
** [[Russia's sovereign internet (2019 onward)]]
** [[Springhill Medical Center ransomware attack (2019)]]
** [[Texas Municipality ransomware attack (2019)]]
* 2018
** [[African Union headquarters hack (2018)]]
** [[Olympic Destroyer (2018)]]
** [[SamSam ransomware incidents (2018)]]
* 2017
** [[Ethiopian surveillance of journalists abroad (2017)]]
** [[French presidential election leak (2017)]]
** [[Hate speech in India (since 2017)]]
** [[Operation Cloudhopper (2017)]]
** [[NotPetya (2017)]]
** [[Triton (2017)]]
** [[WannaCry (2017)]]
** [[Wu Yingzhuo, Dong Hao and Xia Lei indictment (2017)]]
* 2016
** [[Surveillance of Civil Society Groups/Ahmed Mansoor (2016)]]
** [[DNC email leak (2016)]]
** [[Industroyer – Crash Override (2016)]]
** [[Operation Glowing Symphony (2016)]]
** [[The Shadow Brokers publishing the NSA vulnerabilities (2016)]]
* 2015
** [[Bundestag Hack (2015)]]
** [[Office of Personnel Management data breach (2015)]]
** [[Power grid cyberattack in Ukraine (2015)]]
** [[The Hacking Team Hack (2015)]]
* 2014
** [[Alleged hacking of Patriot missiles (2014-2015)]]
** [[Chinese PLA Unit 61398 indictments (2014)]]
** [[Sony Pictures Entertainment attack (2014)]]
** [[Steel mill in Germany (2014)]]
** [[Ukrainian parliamentary election interference (2014)]]
** [[Use of malware to track and target Ukrainian artillery units (2014-2016)]]
* 2012
** [[Shamoon (2012)]]
* 2011
** [[Caucasus internet outage (2011)]]
** [[Syria’s ‘social media war’ (since 2011)]]
** [[DigiNotar (2011)]]
* 2010
** [[Hate speech in Myanmar (since early 2010s)]]
** [[Stuxnet (2010)]]
** [[SuperMicro supply chain breach (since 2010)]]
* 2008
** [[Georgia-Russia conflict (2008)]]
** [[Bangladesh internet outage (2008)]]
* 2007
** [[Cyber attacks against Estonia (2007)]]
** [[Operation Orchard/Outside the Box (2007)]]
<!--


<!-- The following examples will be created as a priority, in this order:
The following examples should be created as a priority, in this order:
* [[Pegasus Project revelations (2021)]] work in progress (NÚKIB)
* [[Office of Personnel Management data breach (2015)]]
* [[Chinese infiltration into EU parliamentary proceedings (2018)]]
* [[Wu Yingzhuo, Dong Hao and Xia Lei indictments (2017)]]

* [[Ethiopian surveillance of journalists abroad (2017)]]
The following were proposed to be added to SCN02:
* [[APT-29 attacks on ministries (2016-2017)]] (CCDCOE WIP)
* Bugging Device found in UN Offices (2004)
* [[SamSam ransomware attack (2018)]] (KUBO WILL ASSIGN)
* Bugging Devices found in EU Offices (2003)
* Operation Titan Rain (2003-2007)
* U.S. spying on Angela Merkel and other European leaders (2012-2014)
* Spying on G20 delegations using hacked USB sticks in gift bags (2013)


The following examples are to be considered before being created:
The following examples are to be considered before being created:
* [[APT-29 attacks on ministries (2016-2017)]] (scarce information, difficult to fit in a table)
* [[China Telecom internet traffic misdirection (2010-2017)]]
* [[Attempted hack of the OPCW (2018)]] : operation stopped in preparatory phase, not many technical details
* [[Attempted hack of the OPCW (2018)]] : operation stopped in preparatory phase, not many technical details
* [[Operation Ababil (2012-2013)]] : not very well-known, similar to Estonia (2007)
* [[Operation Ababil (2012-2013)]] : not very well-known, similar to Estonia (2007)
Line 110: Line 239:
* [[1718 sanctions committee hack (2016)]] : not too well-known
* [[1718 sanctions committee hack (2016)]] : not too well-known
* [[Shamoon 2.0 (2016)]] : similar to Shamoon (2012)
* [[Shamoon 2.0 (2016)]] : similar to Shamoon (2012)
* [[APT Turla hijacking systems of APT-34]] - see https://www.zdnet.com/article/russian-apt-turla-targets-35-countries-on-the-back-of-iranian-infrastructure/


The following examples are too vague due to their being long-term and comprising various activities; however specific incidents from these campaigns could be singled out and described:
The following examples are too vague due to their being long-term and comprising various activities; however specific incidents from these campaigns could be singled out and described:
Line 115: Line 245:
* [[Ukraine-Russia conflict (2014-)]]
* [[Ukraine-Russia conflict (2014-)]]
-->
-->

==National positions==
<div style="column-count:3;-moz-column-count:3;-webkit-column-count:3">
* [[Common position of the African Union (2024)|African Union (2024)]]
* [[National position of Australia (2020)|Australia (2020)]]
* [[National position of Austria (2024)|Austria (2024)]]
* [[National position of Brazil (2021)|Brazil (2021)]]
* [[National position of Canada (2022)|Canada (2022)]]
* [[National position of the People's Republic of China (2021)|China (2021)]]
* [[National position of Costa Rica (2023)|Costa Rica (2023)]]
* Czech Republic ([[National position of the Czech Republic (2020)|2020]] and [[National position of the Czech Republic (2024)|2024]])
* [[National position of Denmark (2023)|Denmark (2023)]]
* Estonia ([[National position of Estonia (2019)|2019]] and [[National position of Estonia (2021)|2021]])
* [[National position of Finland (2020)|Finland (2020)]]
* [[National position of France (2019)|France (2019)]]
* [[National position of Germany (2021)|Germany (2021)]]
* [[National position of Iran (2020)|Iran (2020)]]
* [[National position of Ireland (2023)|Ireland (2023)]]
* [[National position of Israel (2020)|Israel (2020)]]
* [[National position of the Italian Republic (2021)|Italy (2021)]]
* [[National position of Japan (2021)|Japan (2021)]]
* [[National position of Kazakhstan (2021)|Kazakhstan (2021)]]
* [[National position of Kenya (2021)|Kenya (2021)]]
* [[National position of the Netherlands (2019)|Netherlands (2019)]]
* [[National position of New Zealand (2020)|New Zealand (2020)]]
* [[National position of Norway (2021)|Norway (2021)]]
* [[National position of Pakistan (2023)|Pakistan (2023)]]
* [[National position of the Republic of Poland (2022)|Poland (2022)]]
* [[National position of Romania (2021)|Romania (2021)]]
* [[National position of the Russian Federation (2021)|Russia (2021)]]
* [[National position of Singapore (2021)|Singapore (2021)]]
* [[National position of the Kingdom of Sweden (2022)|Sweden (2022)]]
* [[National position of Switzerland (2021)|Switzerland (2021)]]
* United Kingdom ([[National position of the United Kingdom (2018)|2018]], [[National position of the United Kingdom (2021)|2021]] and [[National position of the United Kingdom (2022)|2022]])
* United States ([[National position of the United States of America (2012)|2012]], [[National position of the United States of America (2016)|2016]], [[National position of the United States of America (2020)|2020]] and [[National position of the United States of America (2021)|2021]])
</div>


==Keywords==
==Keywords==
<tagcloud>
[[Special:Categories|List of keywords]]
exclude=Pages_using_invalid_self-closed_HTML_tags
include=Category:Threats
increase_factor=250
</tagcloud>

Latest revision as of 12:21, 28 June 2024

This page serves as the equivalent of a table of contents in a printed book. It contains an updated list of all substantive articles in the Toolkit.

About the project[edit | edit source]

Scenarios[edit | edit source]

Legal concepts[edit | edit source]

General international law[edit | edit source]

Specialised regimes of peacetime international law[edit | edit source]

Use of force, conflict and international law[edit | edit source]

Real-world examples[edit | edit source]

National positions[edit | edit source]

Keywords[edit | edit source]

2007  2008  2010  2011  2012  2014  2015  2016  2017  2018  2019  2020  2021  2022  2023  Advanced persistent threat  Applicability of international law  Article 36  Attack (international humanitarian law)  Attacks against persons  Attribution  Breach of an international obligation  Causation  Combatancy  Computer data  Conduct of hostilities  Countermeasures  Crime of genocide  Crimes against humanity  Critical infrastructure  Cyber weapons  Cybercrime  DDoS  Deception  Defacement  Diplomatic and consular law  Direct participation in hostilities  Distinction  Due diligence  Economic cyber espionage  Effective control  Election interference  Evidence  Example  Flag State jurisdiction  Freedom of navigation  Hospitals  Humanitarian assistance  Hybrid threats  Indiscriminate attack  Individual criminal responsibility under international law  Industrial control system  International armed conflict  International cooperation  International export control law  International human rights law  International humanitarian law  International organization  International sanctions  International telecommunication law  Internationalization  Internet access  Inviolability  Law of the sea  Legal concepts  Legal personality  Legal review of cyber weapons  Legally binding unilateral declarations of States  Malware  Maritime law enforcement  Means and methods of cyber warfare  Medical units  Methods and means of warfare  Military objectives  Misattribution  Mistake of fact  Misuse of established indicators  National position  Neutrality  Non-State actors  Non-international armed conflict  Object  Objects indispensable to the survival of the civilian population  Overall control  Pages transcluding nonexistent sections  Peaceful settlement of disputes  Peacetime cyber espionage  Perfidy and ruses of war  Persona non grata  Plea of necessity  Premises of the mission  Principle of precautions  Prohibition of genocide  Prohibition of intervention  Proportionality  Ransomware  Retorsion  Right to life  Scenario  Self-defence  Sovereign immunity  Sovereignty  Specially protected persons, objects and activities  State organs  State responsibility  Stuxnet  Supply chain  Surveillance  Targeted restrictive measures  Targeting  Threats  Transboundary harm  Use of force  Voluntary norms  War crimes  Weapons review 
Retrieved from "https://cyberlaw.ccdcoe.org/wiki/List_of_articles?oldid=4218"