Slashdot Mirror
Law of Armed Conflict To Apply To Cyberwar
charter6 writes "Gen. Kevin Chilton, the head of STRATCOM, just declared that the Law of Armed Conflict will apply to cyberwar, and that the US won't rule out conventional (read: kinetic) responses to cyber-attacks. This means that we consider state-supported 'hackers' to be subject to the Geneva Conventions and Customary International Law, including the rules of proportionality and distinction (i.e. if we catch them, we can try them for war crimes). Incidentally, it also means we consider non-state cyber-attackers to be illegal enemy combatants, which means we can do all kinds of nasty stuff to them."
This seems like a great idea, until you realize that any american geek who prods too deeply will be branded an enemy combatant.
Who knows what happens to enemy combatants.
Finally, Hollywood can have all those file sharers declared state enemies. "They could be sharing terrorist plans. Ummmm, yah! That's it"
This completely explains what happened to my Commodore 64 cluster...
...if only I get to personally witness the death by execution of the people who write malware, run botnets and spam the hell out of the planet.
Those those trade freedom for security deserve neither. But I would gladly trade some freedom for some revenge against the bastards that really bring hell to the masses.
"Incidentally, it also means we consider non-state cyber-attackers to be illegal enemy combatants, which means we can do all kinds of nasty stuff to them."
the hacker thinks to himself ...hmmmm, if I hack the military, they might
1. stick me in a cold, dark, room.
2. feed me old, stale food.
3. keep me away from friends, family, and girls.
4. keep me awake all night.
...(pause), ALRIGHT! Woohooo!. I wonder if I get to play WoW too!/p?
From the the summary:
This means that we consider state-supported 'hackers' to be subject to the Geneva Conventions and Customary International Law,...
I really don't know what any of this means. First, what's with the "state-supported" bit? Why would that matter? Second, what does it mean to be subject to the Geneva Conventions - that we can't torture them if we catch them?
Originally, the Bush administration argument was that the people it was capturing were not subject to the Geneva Conventions (so it didn't have to treat them as POWs) but then later it decided to try them for war crimes. Then again, the Bush administration wasn't exactly known for avoiding contradictions.
International law is a mess - and doubly so when it comes to the international laws of war.
So, with geolocation services, we could finally make all the jokes about ICBM addresses come true?
First they tortured the terrorists,
And I felt kinda iffy about that,
Even though it worked on TV.
They they tortured Iraqi civilians,
And I felt pretty embarassed,
Even though I was safe at home in America.
Then they tortured people they thought were suspicious,
And I started to get scared,
Even though I didn't hang out with anybody like that.
Then they started torturing the spammers, the botnet herders, and the malware authors,
And I'm sorry, Professor Niemoller,
But that makes up for everything!
Sorry, when the Pentagon comes for the hackers and delivers their "kinetic response" you won't be there to see it live.
You may be able to see the smoking crater of what's left of them and their botnet command and control center on CNN though.
I do hope you won't be too disappointed.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
to bomb more countries.
-- It is the mark of an educated mind to be able to entertain a thought without accepting it. -- Aristotle
Isn't "illegal enemy combatant" a new term invented by Bush administration to describe people they sent to Guantanamo prison in violation of Geneva Convention and pretty much all other laws or treaties relevant to those people?
Contrary to the popular belief, there indeed is no God.
Launching an ICMP attack might get an ICBM response...
Time to update the RFCs.
HaX0rz, when you p0wn a computer, you cannot have sex with it. Even if it's got a pretty custom case.
Fascism trolls keeping me up every night. When I starts a preachin', he HITS ME WITH HIS REICH!
Those in charge of US CyberCommand have stated for a long time now they want the ability to a physical attack in response to a cyber attack.
They state that they want the Law of Armed Conflict to apply. This would also mean that the Rules of Engagement would apply as well. Generally, the Rules of Engagement state that they are only allowed to use deadly force if there is an imminent threat of death or injury. That means they won't be dropping bombs on hackers' houses anytime soon. But then the US military does have a record or "shoot first, ask questions later".
What they want is for a cyber attack ot be deemed an act of War. This is hardly going to stop attacks from China (where a large proportion of the attacks currently originate). Needless to say that sending a cruise missile into mainland China to take out a hacker's house would be a very bad move for the US in the current climate.
Epic win. I was wondering when they'd grow some fangs for this.
Rawr!
How in the hell is the United States government going to try ANYBODY for "War Crimes" ??? note- I am a American, and I am an OIF Veteran.
The US of A went from being total warmongering fucking idiots
to totally insane warmongering fucking idiots.
Shoo...
The Change is working already!
I think we've all seen the Terminator.
Am I to understand that using a computer can now get you bombed?
From what I understand, these machines only have control of things that can affect money.
why is money more important than human life?
What's to stop our government from suspending habeus corpus just because a hacker isn't wearing a uniform?
declaring them enemy combatants for doing nothing more than typing on a keyboard?
hacking is either about money or principle. Never war. No one hacks to cause bodily damage to others.
Since ALL of our money is in the form of bits, one can simply undo any transaction at any time.
Any computer systems that control things like the electrical grid shouldn't have access internet access at all.
When you think about it, its the unintelligent waging war on the intelligent simply because it's the only thing they know how to do.
If we really wanted to end the cyber-war, we would destroy their computers, not their bodies.
They're using their grammar skills there.
We make our lives so subservient to the machines we must imprison and kill people to protect them? Does this mean robots are allowed to kill humans? Uh oh.
Todos mis movimientos están friamente calculados
it also means we consider non-state cyber-attackers to be illegal enemy combatants
Categorizing all those in Gitmo "illegal enemy combatants" has really worked out well for us.
OK, I'm coining the phrase "World Wide Web War" 1-20. (WWWWI, WWWWII,WWWWIII,...) I should make a site and sell the domain for millions.
1. Make them use nothing but dial-up.
2. Have them build a house out of AOL CDs.
3. Make them install Windows Vista on their computers.
4. Limit their TV viewing to streaming video... on a DSL line.
Geeks will either get their house bombed, or get deported to AOL
This is not news. Most of the original work on this was done by Walter Gary Sharp.
http://www.mcgeorge.edu/documents/publications/jnslp/sharp.pdf
http://www.amazon.com/Cyberspace-Use-Force-Walter-Sharp/dp/0967032601
I think it's a perfectly good answer. You don't want to tell China that a physical response is off the table, otherwise they'll get the idea that they can contine their cyber attacks without any danger of real consequences. So long as the response is in proportion to the offense, then there is no issue.
Remember if we can't consider it an act of war, then a physical response means we just started the war.
What happens if for example, they escalate from simple intrusions and information theft to destructive acts like dropping power grids or destroying systems. If it involves significant loss of life or property? Do we simply ignore it and pretend they haven't just committed an act of war? Do we cyber-hack them back? We'd probably target the building full of PLA that are actively hacking us with something stronger than an internet feed (and yes, we already know who they are and where they are operating out of).
Who'd a thought that the Homebrewers would create something that people who like to kill would like to kill for!
World's a crazy place.
From what I understand, these machines only have control of things that can affect money
Whoa, 1983 called etc...
In the next world war, which is going to begin in less than 10 years, the first thing that is going to be shutdown is the...yes, time to buy a ham radio.
Probably a good amount of "misbehaving" black hats/botnet owners/spammers live within US. Long before even thinking going hostile over another country some house cleaning should be in order.
In the other hand, could this give a future government the perfect excuse to attack whatever country they want?
- Infiltrate agent (in the case is needed a physical person for that, a hacked pc would do the work too)
- Make him hack something thru internet
- ???
- INVADE!
I am glad there are some better defined rules for engaging the enemy on this field. Once we can ID the "hackers" and whether they are state sponsored or not we can take an action like sending a cruse missile to their little hacker training camp. Don't know if I am joking? Don't worry your not alone.
6.8SPC TR of 550, l xwind at 6, drift rt at 26" drops 77". AT has 503 ft-lbs at 1403 fps. FT 0.86
since cryptography had been classified as munitions at one point, I guess this is the next logical move.
Did ya know it's a war crime to shoot a sniper in the back? No- in American, American combatants must return fire from the front, not climb the church tower and kill the guy.
Tell me again...who else uses the Geneva Convention? Has it ever saved a single (American) life?
From what I understand, these machines only have control of things that can affect money.
Medical records. Operation of automated medical tools. Communications used for bringing police, fire departments, ambulances, and other "first responders" to sites where people are in danger and/or injured. The components of the power grid, which operates life support systems, traffic lights, refrigeration preventing food poisoning, air-conditioning and heating equipment without which the elderly may die of heatstroke or hypothermia, etc. Railroad train signaling (preventing multi-train collisions, derailment - including into nearby structures and people. Water purification equipment. Sewage treatment equipment. Reservoir level control and irrigation water routing (which could lead to massive flooding if fouled). Industrial process control - which manages processes that could cause fires, explosions, and the release of toxic chemicals if fouled.
I could go on.
why is money more important than human life?
Money is crystallized labor. It represents a fraction of lifetime that a person worked to acquire it. Stealing or destroying it is stealing that portion of the person's life - enslaving them. It is well understood that deadly force is an appropriate response to attempts to enslave a person or hold them in slavery.
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
These simple words - and so it begins.
(Yeah, yeah, Tolkien, yadda, yadda - it's my post.)
Pathological kinda promises Path + Logical - but instead, you get stuck with pathetic.
so the Law of Armed Conflict applies - great. Who are you retaliating against? The IP that attacked you? o rly? I submit that the US Armed Forces cannot even reliably identify the ultimate source of a network attack, much less the identity, motivation or affiliation of an attacker (all of which are necessary in order to provide justification for a measured physical response).
It's going to take another couple of generations before we end up with people commanding the armed forces who grew up on the Internet and have at least some basic clue that you can't just prepend "cyber-" to all your standard tactics and rules of engagement and think you're prepared.
illum oportet crescere me autem minui
Just suppose that foreign crackers penetrated the air traffic control system or the power grid and either caused massive casualties due to lack of air traffic control or they turned off the lights to major portions of the country also causing significant casualties and economic losses. Further, let's suppose that we are able to identify the source of the attack. It sounds like the majority of the posters so far think we ought to call up their ISP and ask that their account be terminated.
I think a cruise missile would be more appropriate or maybe a few precision guided weapons applied as needed. The source of such an attack is a legitimate target and sending a message that such targets well be dealt with in a manner proportionate to the damage they inflict makes a lot of sense to me. If the attack is state sponsored, retaliation that is far out of proportion is called for since the attack constitutes an act of war.
Cheers,
Dave
They that can give up essential liberty to obtain a little temporary safety deserve neither safety nor liberty.
Ben
It is.
While I totally love the idea of declaring hackers as enemy combatants, I can just see some Bad Guy spoofing the IP of a Starbucks, and Cyber-Captain Spiff calling in an airstrike.
I dare/challenge them to actually 'pull this off'....while laughing!!!
Down With Slashdot BETA!!! I've been around the corner and seen the oliphant; you can only abuse me from your perspecti
What would you consider "patriotic Chinese hackers" and "Russian hackers" closely connected and in some cases controlled by the governments or powers that control those countries?
There is no such groups of independent "patrotic hackers" in the US or EU that I know of.
It sounds good in theory, but like the parent, I also look at our country's history of using good judgment in situations like this, and worry.
I suspect that this law is mostly a diplomatic message being sent to China, to let them know we mean business if they use extra-military actors to engage in cyberwarfare. There have been a number of announcements from the pentagon that Chinese hackers have been actively poking at the military systems.
This is the polite heads up to their intelligence service to let them know that we are going to hold their China responsible for the activities of their nationalistic and zealous hackers and if they don't ease up, the counter stroke will be to park a cruse missile in the block of apartments that they are operating out of.
It sounds heavy handed, but States don't fuck around with playing games in courts when they view other states as being hostile. So if it seems like a pretty drastic measure, it is because it was likely a response crafted to deal with another state on the levels that states operate. It's possible that another Kevin Mitnik type could get dragged off to federal prison using this, but that would probably be some local prosecutor trying to show how 'tough' they were on cybercrime.
HA! I just wasted some of your bandwidth with a frivolous sig!
If I code in my underwear, am I a nonuniformed combatant?
I would not rule out a "kinetic" response if someone messed with my computer, either! Where's the surprise?
Try this without the "cyber". Imagine a Slashdot article which says "the General has determined that the law of armed conflict applies to enemy armies with guns. This also means that we consider non-state gun attackers to be illegal enemy combatants". The article then goes on to suggest that we will now be sending bank robbers to Guantanamo.
Would that make sense? Of course not. Just because sending people with guns at us is an act of war doesn't mean that non-state actors with guns are all illegal enemy combatants. Why does this change when you replace guns with cyber-?
Note also that the illegal enemy combatant thing was made up by Slashdot for the summary and isn't actually part of the article.
Maybe it's the idealism talking, but I've always thought these laws/rules were a joke. War is genocide, plain and simple. If someone is looking to destroy me and everyone that looks, talks and walks like me, there is no piece of paper in the world that will protect them from my wrath. Fuck the Geneva Convention, fuck the rules of engagement - wearing a uniform, waving a flag and following arbitrary rules doesn't automagically pardon mass murder. This ain't fucking Parcheesi!
We already have laws to define criminal activities. If some foreigner breaks into a few servers, you arrest and prosecute them for computer abuse. They didn't hold a gun to your head, they didn't threaten thousands of lives with religious zealotry... so why call it war ?
-Billco, Fnarg.com
Money is pure debt.
Centralized banking is the enslavement.
If you are stupid enough to put these things on the internet in the first place....
Does that mean that you will get bit boarded when they catch your IP address in the logs?
If a thousand "hackers" (and if you can set a digital clock - you are a hacker) "torrent" a single episode of Simpsons each - they would be stealing so much money to effectively ruin FOX Broadcasting Company financially, thereby destroying the only reliable news source in America (possibly the only one in the world) and disrupting the communication across the entire planet.
Mit der Dummheit kämpfen Götter selbst vergebens
This would actually be a cool hack. You'd have to pwn Lexis and Westlaw, and print up some bogus law books (numbered reporters of legal decisions such as Federal Reporter 3d and United States Reports) and plant them in all the law libraries and courthouses (just mail them out in official-looking West Publishing cardboard boxes). Presto, habeas corpus is back. Your legal brief in your next case would read something like this: "We hereby overrule our previous precedent in Jones v. Fatootie denying habeas corpus. Potrzebie v. Holder, 779 U.S 998 (2009)."
"Further, let's suppose that we are able to identify the source of the attack."
And, do tell, dear citizen, how do we do that, when the destructive instructions can be "sent" from and through any botted computer in the world to the target that you consider so precious that you wish to "retaliate" against your "supposed" enemy?
Seriously, fuck you and the horse you rode in on.
Applying LoC to a "suppose" makes you a wilful murderer. You sure seem eager to throw those missiles around, and that sounds a more plausible rationale for the change of scope - more excuses to bomb the crap out of foreigners that won't let "us" take "their" shit for free. Maybe just give someone a plausible cover for assassination.
I can't think of anything good from such an attitude nor from such a policy - it can only be abused - it's just a matter of time.
Money is crystallized labor. It represents a fraction of lifetime that a person worked to acquire it. Stealing or destroying it is stealing that portion of the person's life - enslaving them. It is well understood that deadly force is an appropriate response to attempts to enslave a person or hold them in slavery.
Right - that's why we execute CEOs who embezzle millions, too, right?
We rely on computers those days a lot. And in many cases computer failure or unexpected behavior might cost lives. Its almost like blowing up something.
Also, if some1 steals some confident information and that will cause loses in - for example - actual war, then why not punish them like spies?
If the German government would take the same stance, what would the meaning of installations such as ECHELON be?
Hypocrites!
woman with 6 kids from 8 different child-support paying fathers
Please explain...
Those who can make you believe absurdities can make you commit atrocities. - Voltaire
(i.e. if we catch them, we can try them for war crimes).
What about our own political people. When are they going to be tried for War Crimes. Bush? Chaney?
None of your examples have anything to do with the discussion in question. Or did I miss something? The acts which you link to are not retaliation for cyber-attacks. The French action wasn't even retaliation at all.
You mean we can burn then with jet fuel in their offices? Or just dunk their heads in water a few times...
You might prefer believing US citizens can't be called enemy combatants, but if the past (as of 2008) is any indication, they certainly can. And it's a narrow mind that supports the US government in deciding which people of other political parties or religions can carry a gun in in any other country.
Finally we don't need ANY proof of being "under attack" (TM by Herman Göring) anymore to start a war... just say "they opened cyberwar on us - here are the logs that (ahem) proove it!"
The MAFIAA is a bunch of mindless jerks who will be the first up against the wall when the revolution comes
I don't get the part about trying state-sponsored hackers for "war crimes". If you're going to treat this as a form of warfare, then why aren't they (the hackers) ordinary soldiers? Why are they "war criminals"? Why is this a war crime and not just ordinary war?
Thank you, Tackhead!
That's not usually the objective of war. War with intent to exterminate the enemy population is uncommon. More usually, war is fought as a result of disputes over land or resources. Your ideal outcome in such a war is that the territory in dispute is seized and becomes firmly yours, and that you are then able to agree a peace treaty with the enemy that recognises this state of affairs and prevents further wasteful violence. The enemy's ideal outcome is exactly the same, except that he ends up in control of the disputed territory.
In such a war it makes sense for both sides to observe rules of conduct with regard to civilians, prisoners of war, and so forth. They expect the war to end relatively soon, and afterwards they expect to have to live as reasonably good neighbours, so committing gross atrocities is a major long-term negative.
Now, since you're speaking English and arguing in favour of extreme belligerence and unrestrained violence, I'm going to go out on a limb and assume you're American. Let me now point out that right now there is only one country on earth capable of destroying all the Americans and that country is Russia. They have absolutely no interest in doing anything of the sort. There are also large stockpiles of WMDs, along with delivery mechanisms that can reach the USA, in Britain, France and China. None of these nations have any particular intention of blowing up America either. So I'm not sure who it is that you're afraid of, but if you can identify this genocidal bogeyman then I'm sure it would be most illuminating.
Real Daleks don't climb stairs - they level the building.
unfortunately for these idiots who want to declare cyber attacks as an "act of war", the implications are that that means it _becomes_ a declaration of war.
and when you do that, it's a whole new ballgame.
not least is the fact that when you declare war on a citizen of a country, that citizen has the right - the RIGHT - to attack and kill any citizens of the country that has declared war.
by making this "a war", the united states government can expect these "cyber criminals" to have some serious weaponry to hand, and, importantly, if the united states army, police or even ordinary united states citizens turn up on the doorstep of the "crimminnall" and the "crimmminnalll" kills them, the "crimmminnalll" can claim, "well, the united states declared war on me, what do you expect??"
and they will be allowed to walk away, having killed everyone that was sent to stop them, because, under international law, that's what you're allowed to do, in war.
so i don't think the united states government has really thought this one through. if it's left as a "crime", then they can be tried for "crimes".
but if they try to treat them as "war criminals", then that's _actual_ war, and they're absolutely entitled, under international law, to defend themselves and kill anyone that tries to attack them.
> My point being that some countries (in this case both
> of them modern Western democracies) would have no
> problem at all with doing this.
It's still a non sequitor since the reasons for the attacks have nothing to do with the particular kind of retaliation this whole discussion is about, namely, physical retaliation as a reply to cyber-attack. Your assumption that just because France was willing to sink a ship in order to be able to carry out a nuclear test this necessarily means that it would assassinate a foreign hacker who defaced some government website (or even who did actual damage to French intelligence interests) is just silly. And the same goes for the Israeli example (BTW, the fact that Israel mistakenly killed an innocent during that operation is also totally off-topic).
"Money is crystallized labor. It represents a fraction of lifetime that a person worked to acquire it. Stealing or destroying it is stealing that portion of the person's life - enslaving them. It is well understood that deadly force is an appropriate response to attempts to enslave a person or hold them in slavery."
Holy balls. Did you come up with that yourself? That's an awesome quote right there.