This article has been written by Kiran Chauhan pursuing Diploma in Advanced Contract Drafting, Negotiation and Dispute Resolution and edited by Shashwat Kaushik.
This article has been published by Sneha Mahawar.
Table of Contents
A cyberwar is a cyberattack that is launched by one nation-state against another nation-state. Sometimes these attacks are carried out by terrorist organizations. Cyberwar does not include spying on other government activities, stealing information, or creating controversy in private and economic sectors like the espionage that the US has long accused China of carrying out. “The US Department of Defence recognises the threat to national security posed by the malicious use of the internet but does not provide a clear definition of the cyber war”.
Cyberwar is also known as cyberwarfare. It means one state or more states conduct attacks from computers and networks that are connected by cyberspace. The main motive of cyberwarfare is to wage war against the government (that is, cyber espionage or military cyber warfare) and to stop them from using computers by destroying or disrupting computer networks. The threat of cyberwar is an important issue for governments or militaries around the world because the whole world is dependent on the computer network, which is collectively known as the domain of cyberspace.
US President Bill Clinton said in 2001 that “today our critical systems, from power structure to air traffic control are connected and run by computers and that someone can sit at the same computer, hack into a computer system, and potentially paralyse a company activity or government activities”.
The 2010 Book of Cyber War, written by Richard Clarke, who was later appointed cyber security advisor to President Obama, defines cyber war as an action by a nation and computers or networks for the purpose of causing damage or disruption.
Purpose of cyber warfare
The purpose of cyber warfare or cyberwar, is to paralyse other state’s computer networks and destroy their essential functions.
As we see, there is always war between the country’s militaries. They try to get control over other countries and cyberwarfare is the easiest and best method to get victory in war and it provides a huge aid to getting easy control over the enemy nation.
Civil cyber warfare simply generates fear in the country’s people by attacking the infrastructure of the nation. Sometimes it causes a revolt against the government and if there is any protest in the country, it helps weaken the opponent from a political standpoint.
Hacktivism simply means a group of criminals who unite to carry out cyber attacks in support of political causes by breaking into a computer system and discouraging secret information by leaking the organization’s websites. These groups of criminals may be civilians or appointed by the government. If government-sponsored hacktivism has become more prominent, i.e., the Russia and Ukraine war. Hacktivism caused by the DoS is a denial of service attack that shuts down a system to prevent customer access. It also includes data theft, distributed denial of service (DDoS) attacks, and website defacements
The cyber attacker, through various techniques, attacks the enemy country for their own financial benefit, whether they are appointed by the government or they themselves can destroy the defence of financial institutions and steal money for them.
Non profit research
Here, hackers have only one purpose: to steal information regarding anything that is not available to anyone in the whole world, instead of attacking nations. So the purpose is only to reveal the valuable information that a country can use to solve a critical problem or to get information pertaining to their solution.
Types of cyber warfare
There are several types of cyberwarfare that help to understand cyberwar.
Propaganda attacks: Propaganda attacks mean to control or manipulate the target country’s people to change their point of view against any circumstances, situation, or incident continuing in the country through fake news, video, or the creation of fake scenarios. The Internet is now a means of communication through which lies and misinformation are spread easily.
Espionage: Espionage is a stealth attack that can be started by a government-backed intelligence organisation To acquire an economic, political, security, business, or technology edge. Attack factors include downstream software from supply chain partners. It can continue for months or longer. These attacks were not started by the military commanders.
Examples of espionage attacks:
- In the US government, organizations and agencies were attacked by nation-states. It was a SolarWinds back door attack (the SolarWinds back door allowed the hackers to access system files and hide their tracks by blending into the Orion activity, masking the malicious code from antivirus packages) that had an impact on security, tech, and the world at large, resulting from a massive supply chain on SolarWinds.
- North Korea has launched many espionage attacks targeting countries like South Korea, Vietnam, and Japan. North Korea is also responsible for Sony Pictures, a hack conducted by malware, and many message-blocking tools like server message block (SMB) worm tools.
Sabotage: Sabotage refers to destroying the sensitive information of the government. The government or terrorists steal the information, destroy it or leverage insider threats such as dissatisfied or careless employees or government employees with affiliations to attack the country.
Denial of Service (DoS): DoS includes attacks on individual computers or websites with the intent to deny service to users or make the computer unavailable to its users by flooding it with fake requests and forcing the website to handle these requests.
History of cyber warfare
Over the past few decades, there have been many cyberattacks by state nations on enemy nations.
Estonia attack: The proto-cyber war known as the “web war”. In 2007, strange DDOs (Distributed Denial of Service) attacked more than a hundred ESTONIA websites, which have been targeting the government or government sites, six news organisations and media, two online banking systems, and any other websites that had been presented in that country, whether government or private. These attacks lasted not only for one or two days but continued for weeks. Although there is no conclusive evidence, Estonia’s government still blames Moscow for the attacks.
The 2008 Russia and Georgia War: Russia-Georgia War continued in July and August 2008. Georgian Government authorities accused Russia of attacks but the Russian government denied all the allegations and stated that individual groups from Russia may attack Georgia. Cyber security experts claim that it was prepared by the group known as the ‘Russian business network’.
Russia had attacks by various cyber techniques, including the distribution of denial of service. To ensure the cyber war between Georgia and Russia forced shaping and maintaining public opinion on the internet, it was the first war in which military and hacker forces were combined.
2010 Stuxnet Attack
Stuxnet is known as the first cyberattack ever that was created to directly damage physical equipment. It is also alleged that the Stuxnet attack was the creation of America and Israel. In 2009 or 2010, Stuxnet destroyed more than a thousand of the six-and-a-half-foot tall aluminium centrifuges installed in Iran’s underground nuclear enrichment facility in Natanz. At that time, Natanz was air-gapped because Iran was developing nuclear at the ‘uranium enrichment facility’, and no one knows how the Stuxnet came out.
2012 Shamoon Malware
Shamoon malware is W32, DisTrack, an aggressive disk-wiping malware programme. It is a compound of a number of factors used to infect the computer, like a dropper, wiper, and reporter. In August 2012, Shamoon malware attacked the Saudi Arabian firm “Saudi Aramco,” which is one of the largest companies. It was attacked by pieces of malware known as Shamoon (or w32. DistTrack) by antivirus that wiped 30,000 computers. The Shamoon was created to follow up on two steps, first, it erased the data from the hard drives and replaced the data with a burning image of the American flag; second, it also reported the addresses of the infected computers back to a computer inside the company’s network. Those files destroyed by the malware were reported back by this. While erasing the data, files are overwritten with the corrupted files so that they can not be recovered. The result of this is that the company was forced to shut down the company’s internal corporate network, disabling employees’ email and internet access, to stop the virus from spreading. In 2016, Shamoon malware was reformed into a new version and focused on Saudi Arabia. Again in 2018, it appeared after the modification and became more disastrous.
Sony Pictures Hack, 2014
Sony Pictures Entertainment (SPE) New York was targeted by wiping malware. This wiping malware was physically introduced into the company’s network and used in Microsoft Windows to manage the network file-sharing features to propagate and totally shut down network services. Later, it was found that the effects were attributed to North Korea. The hackers took revenge on Sony Pictures. Sony’s picture did not meet the demand of the hackers to halt the release of ‘the interview’. This movie describes the CIA assassination attempt against Kim-jong-un, the North Korean supreme leader.
Yahoo Data Breach, 2014
In the Yahoo data breach, 500 million accounts were hacked in 2014. The company said that through these cyber attacks, the attacker stole the names of the victims, email addresses, telephone numbers, dates of birth, and encrypted passwords. A Latvian hacker, Aleksey Belan, was hired by the Russian agents to gain access to the Yahoo database or management tools through a spearphishing campaign that targets Yahoo employees. These data breaches have had a huge impact on Sony Picture’s reputation, business, and finances.
Russia-Ukraine Cyber Warfare, 2022
The Russia-Ukraine war started in 2020. This is also a combination of cyberwarfare and military war. Russia used the new wiper malware to attack Ukrainian targets and installed it on at least hundreds of machines across Ukraine.
The Budapest Convention
In the modern era, cybercrime is a challenging aspect for countries. Nations and states have to work together and cooperate to stop cybercrime or cyberwar. We have already seen many incidents. Here are some treaties on cyber warfare;
The Budapest Convention is the first international convention on cybercrime and was drawn by the COE in Strasbourg, France, also known as the Council of Europe (COE). It was formatted in 2001 and came into force on July 1, 2004. The explanatory report and convention were adopted by the committed ministers of the Council of Europe at its 109th session on November 8, 2001. It is approved by 64 countries, i.e., Canada, Japan, the Philippines, South Africa, the United States, and others. The Budapest Convention was adopted to fulfil three purposes:
- to harmonise the national laws on internet crime,
- increasing cooperation among the states, and
- for investigation of cybercrime.
It provides guidelines to countries that want to make legislation on cybercrime. The Budapest Convention adopted some cyber crimes like illegal access, data interference, illegal interference, misuse of the devices, system interference, cyber fraud, Computer related fraud, procedures for investigations, and securing of E- evidence in relation to any crime.
India is concerned over the signing of the convention:
- The first concern is that India did not participate in the negotiation of the convention so India is worried about it.
- Under Article 32 (b) of the convention, it is defined that they allow for transborder access to data that infringes on national sovereignty.
- The regime of the convention is not that effective; the promise of cooperation is not enough and there are grounds for refusal to cooperate.
Cyberwar, or cyberwar, is a concern all over the world. As we know, artificial intelligence is becoming smarter day by day, and it will surely be involved in cybercrime in the coming days. So it is necessary to protect the world from cyberwarfare. Here, it is important to use the various tools, protocols, exploits, and resources. The Budapest Convention also defines how countries protect themselves from cybercrime.
Students of Lawsikho courses regularly produce writing assignments and work on practical exercises as a part of their coursework and develop themselves in real-life practical skills.
LawSikho has created a telegram group for exchanging legal knowledge, referrals, and various opportunities. You can click on this link and join: