Rules for 'Civilian Hackers' in war | Casino attack root cause - social engineering
CyberInsights #114 - With Disinformation and Hacktivism by civilians increasing, IHL comes up with rules of engagement | Social Engineering is the way hackers managed to get into Caesar's Palace
International Humanitarian Law comes up with 8 rules for Civilian Hackers
With hacktivism and disinformation becoming standard operating procedures of war, rules for civilians engaged in cyber warfare should be welcomed and adopted by all countries.
If you’ve not been living under a rock, you are aware of the Israel - Hamas war.
Modern warfare has multiple elements of cyber warfare.
One of them is disinformation campaigns by both sides. Read the article on the Wired that talks of how X (the erstwhile Twitter) is failing to stop disinformation. [LINK]
The other is an increasing involvement of ‘Civilian Hackers’. Read these two articles about hacktivism in the Israel - Hamas war. [LINK1] [LINK2]
What’s interesting is that the International Humanitarian Law (IHL) has released a set of rules for Civilians involved in Cyber Warfare on the 4th of this Month. [LINK].
International humanitarian law (IHL) is a set of rules that seeks, for humanitarian reasons, to limit the effects of armed conflict. It protects persons who are not, or are no longer, directly or actively participating in hostilities, and imposes limits on the means and methods of warfare.
There are 8 rules:
Do not direct cyber attacks against civilian objects
Do not use malware or other tools or techniques that spread automatically and damage military objectives and civilian objects indiscriminately.
When planning a cyber attack against a military objective, do everything feasible to avoid or minimize the effects your operation may have on civilians.
Do not conduct any cyber operation against medical and humanitarian facilities.
Do not conduct any cyber attack against objects indispensable to the survival of the population or that can release dangerous forces.
Do not make threats of violence to spread terror among the civilian population.
Do not incite violations of international humanitarian law.
Comply with these rules even if the enemy does not.
IHL further states this:
IHL sets out essential rules to limit the effects of armed conflicts on civilians. No one that participates in war is beyond these rules. In particular, every hacker that conducts operations in the context of an armed conflict must respect them, and States must ensure this is the case to protect civilian populations against harm. Read the rules of war here [LINK]
Take Action:
Circulate the 8 rules widely. Patriotic hackers need to know the rules of engagement and the limitations. Also, read up on the IHL also known as the law of armed conflict -for a better understanding of what is acceptable.
US Casino attacks in August were due to, well, social engineering
Social Engineering attack at on outsourced IT services vendor lead to the data breach
When you hear about social engineering at a casino, you expect to see suave criminals pull of a heist and escape with bags full of cash. Reality, sadly, is much less Ocean’s Eleven.
The cyber attack at Caesar’s Palace where attackers stole data about customer rewards members was a banal social engineering attack on an IT services vendor. Yawn! [LINK]
Take Action:
You know that the only reason I included this news is because it is a ‘teachable moment’ for continuous education and awareness among employees and vendors.
Also, it is imperative to have a strong vendor security program. Create a strong vendor management program that prioritises security and awareness at high risk vendors.
If you are a cyber insurer - do a check on the vendor management program of your insured, should that be a significant threat.