Slashdot Mirror
Law of Armed Conflict To Apply To Cyberwar
charter6 writes "Gen. Kevin Chilton, the head of STRATCOM, just declared that the Law of Armed Conflict will apply to cyberwar, and that the US won't rule out conventional (read: kinetic) responses to cyber-attacks. This means that we consider state-supported 'hackers' to be subject to the Geneva Conventions and Customary International Law, including the rules of proportionality and distinction (i.e. if we catch them, we can try them for war crimes). Incidentally, it also means we consider non-state cyber-attackers to be illegal enemy combatants, which means we can do all kinds of nasty stuff to them."
This seems like a great idea, until you realize that any american geek who prods too deeply will be branded an enemy combatant.
Who knows what happens to enemy combatants.
Finally, Hollywood can have all those file sharers declared state enemies. "They could be sharing terrorist plans. Ummmm, yah! That's it"
This completely explains what happened to my Commodore 64 cluster...
...if only I get to personally witness the death by execution of the people who write malware, run botnets and spam the hell out of the planet.
Those those trade freedom for security deserve neither. But I would gladly trade some freedom for some revenge against the bastards that really bring hell to the masses.
"Incidentally, it also means we consider non-state cyber-attackers to be illegal enemy combatants, which means we can do all kinds of nasty stuff to them."
the hacker thinks to himself ...hmmmm, if I hack the military, they might
1. stick me in a cold, dark, room.
2. feed me old, stale food.
3. keep me away from friends, family, and girls.
4. keep me awake all night.
...(pause), ALRIGHT! Woohooo!. I wonder if I get to play WoW too!/p?
So, with geolocation services, we could finally make all the jokes about ICBM addresses come true?
First they tortured the terrorists,
And I felt kinda iffy about that,
Even though it worked on TV.
They they tortured Iraqi civilians,
And I felt pretty embarassed,
Even though I was safe at home in America.
Then they tortured people they thought were suspicious,
And I started to get scared,
Even though I didn't hang out with anybody like that.
Then they started torturing the spammers, the botnet herders, and the malware authors,
And I'm sorry, Professor Niemoller,
But that makes up for everything!
Sorry, when the Pentagon comes for the hackers and delivers their "kinetic response" you won't be there to see it live.
You may be able to see the smoking crater of what's left of them and their botnet command and control center on CNN though.
I do hope you won't be too disappointed.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
OK by me...
Isn't "illegal enemy combatant" a new term invented by Bush administration to describe people they sent to Guantanamo prison in violation of Geneva Convention and pretty much all other laws or treaties relevant to those people?
Contrary to the popular belief, there indeed is no God.
Launching an ICMP attack might get an ICBM response...
Time to update the RFCs.
Those in charge of US CyberCommand have stated for a long time now they want the ability to a physical attack in response to a cyber attack.
They state that they want the Law of Armed Conflict to apply. This would also mean that the Rules of Engagement would apply as well. Generally, the Rules of Engagement state that they are only allowed to use deadly force if there is an imminent threat of death or injury. That means they won't be dropping bombs on hackers' houses anytime soon. But then the US military does have a record or "shoot first, ask questions later".
What they want is for a cyber attack ot be deemed an act of War. This is hardly going to stop attacks from China (where a large proportion of the attacks currently originate). Needless to say that sending a cruise missile into mainland China to take out a hacker's house would be a very bad move for the US in the current climate.
From the the summary:
This means that we consider state-supported 'hackers' to be subject to the Geneva Conventions and Customary International Law,...
I really don't know what any of this means. First, what's with the "state-supported" bit? Why would that matter? Second, what does it mean to be subject to the Geneva Conventions - that we can't torture them if we catch them?
It means a foreign government is attacking the United States, either directly or by outsourcing the task to private contractors. This decision says that just because they're doing the attack over the Internet instead of physically doesn't mean we should treat it any differently.
On the other hand, if it's just some Chinese script kiddie in his basement, acting alone (without the support of the Chinese government), we're not going to retaliate by bombing Beijing, because that would be stupid.
$x='S24;r)>63/* h@<5+oZ)32"5cz';$me='phroggy'x$];
$x=~y+ -xz+\0-Tx+;print$_^chop$me for split'',$x;
You must be a weapons contractor.
“Common sense is not so common.” — Voltaire
Epic win. I was wondering when they'd grow some fangs for this.
Rawr!
How in the hell is the United States government going to try ANYBODY for "War Crimes" ??? note- I am a American, and I am an OIF Veteran.
I think we've all seen the Terminator.
How is it insane to begin regarding cyber attacks as equal to any other already-addressed form of attack (such as military, terrorism, and intelligence)? Cyber attacks are damaging and disruptive to a degree that SHOULD be taken seriously.
Let me guess, you will care when the internet faces intermittent shutdowns and your investments are dropping because the companies you've invested in have suffered massive database damages and cannot maintain progress...
If I deleted all your digital photos, or I go to your house and stole/burned all your photographs I could find.... Whats the difference?
We make our lives so subservient to the machines we must imprison and kill people to protect them? Does this mean robots are allowed to kill humans? Uh oh.
Todos mis movimientos están friamente calculados
it also means we consider non-state cyber-attackers to be illegal enemy combatants
Categorizing all those in Gitmo "illegal enemy combatants" has really worked out well for us.
Actually, with a Real Doll case mod, some misunderestimated types may be able to.
Geeks will either get their house bombed, or get deported to AOL
I think it's a perfectly good answer. You don't want to tell China that a physical response is off the table, otherwise they'll get the idea that they can contine their cyber attacks without any danger of real consequences. So long as the response is in proportion to the offense, then there is no issue.
Remember if we can't consider it an act of war, then a physical response means we just started the war.
What happens if for example, they escalate from simple intrusions and information theft to destructive acts like dropping power grids or destroying systems. If it involves significant loss of life or property? Do we simply ignore it and pretend they haven't just committed an act of war? Do we cyber-hack them back? We'd probably target the building full of PLA that are actively hacking us with something stronger than an internet feed (and yes, we already know who they are and where they are operating out of).
I really don't know what any of this means. ... what does it mean to be subject to the Geneva Conventions - that we can't torture them if we catch them?
The traditional responses to spys and saboteurs varied, summary execution was very popular, especial after prolonged torture to extract information. This wasn't the pseudo-torture we're seeing in modern times, but real stuff like thumb-screws, racking, eye-googing ect. The Geneva Convention applies to uniformed combatants engaged in declaired hostilities between states.
Apocalypse Cancelled, Sorry, No Ticket Refunds
Espionage is damaging, too, however it is never treated as an act of war.
Contrary to the popular belief, there indeed is no God.
Who'd a thought that the Homebrewers would create something that people who like to kill would like to kill for!
World's a crazy place.
You're buying the bombs? Jesus H. Fucking Christ, you must be rich!
Just callin' it like I see it.
From what I understand, these machines only have control of things that can affect money
Whoa, 1983 called etc...
The Geneva Convention also gives a much lower standard of protection, if any at all, to those combatants who DON'T go around in uniforms, work for a nation or non-nation organization that can negotiate a cease-fire surrender which the combatant will honor, adhere to the principles of the Geneva Convention themselves, etc. Spies and saboteurs are still largely fair game.
This is at least partly to encourage everybody to play by the same rules.
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
Probably a good amount of "misbehaving" black hats/botnet owners/spammers live within US. Long before even thinking going hostile over another country some house cleaning should be in order.
In the other hand, could this give a future government the perfect excuse to attack whatever country they want?
- Infiltrate agent (in the case is needed a physical person for that, a hacked pc would do the work too)
- Make him hack something thru internet
- ???
- INVADE!
I am glad there are some better defined rules for engaging the enemy on this field. Once we can ID the "hackers" and whether they are state sponsored or not we can take an action like sending a cruse missile to their little hacker training camp. Don't know if I am joking? Don't worry your not alone.
6.8SPC TR of 550, l xwind at 6, drift rt at 26" drops 77". AT has 503 ft-lbs at 1403 fps. FT 0.86
two words
Extraordinary Rendition
From what I understand, these machines only have control of things that can affect money.
Medical records. Operation of automated medical tools. Communications used for bringing police, fire departments, ambulances, and other "first responders" to sites where people are in danger and/or injured. The components of the power grid, which operates life support systems, traffic lights, refrigeration preventing food poisoning, air-conditioning and heating equipment without which the elderly may die of heatstroke or hypothermia, etc. Railroad train signaling (preventing multi-train collisions, derailment - including into nearby structures and people. Water purification equipment. Sewage treatment equipment. Reservoir level control and irrigation water routing (which could lead to massive flooding if fouled). Industrial process control - which manages processes that could cause fires, explosions, and the release of toxic chemicals if fouled.
I could go on.
why is money more important than human life?
Money is crystallized labor. It represents a fraction of lifetime that a person worked to acquire it. Stealing or destroying it is stealing that portion of the person's life - enslaving them. It is well understood that deadly force is an appropriate response to attempts to enslave a person or hold them in slavery.
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
These simple words - and so it begins.
(Yeah, yeah, Tolkien, yadda, yadda - it's my post.)
Pathological kinda promises Path + Logical - but instead, you get stuck with pathetic.
so the Law of Armed Conflict applies - great. Who are you retaliating against? The IP that attacked you? o rly? I submit that the US Armed Forces cannot even reliably identify the ultimate source of a network attack, much less the identity, motivation or affiliation of an attacker (all of which are necessary in order to provide justification for a measured physical response).
It's going to take another couple of generations before we end up with people commanding the armed forces who grew up on the Internet and have at least some basic clue that you can't just prepend "cyber-" to all your standard tactics and rules of engagement and think you're prepared.
illum oportet crescere me autem minui
Just suppose that foreign crackers penetrated the air traffic control system or the power grid and either caused massive casualties due to lack of air traffic control or they turned off the lights to major portions of the country also causing significant casualties and economic losses. Further, let's suppose that we are able to identify the source of the attack. It sounds like the majority of the posters so far think we ought to call up their ISP and ask that their account be terminated.
I think a cruise missile would be more appropriate or maybe a few precision guided weapons applied as needed. The source of such an attack is a legitimate target and sending a message that such targets well be dealt with in a manner proportionate to the damage they inflict makes a lot of sense to me. If the attack is state sponsored, retaliation that is far out of proportion is called for since the attack constitutes an act of war.
Cheers,
Dave
They that can give up essential liberty to obtain a little temporary safety deserve neither safety nor liberty.
Ben
While I totally love the idea of declaring hackers as enemy combatants, I can just see some Bad Guy spoofing the IP of a Starbucks, and Cyber-Captain Spiff calling in an airstrike.
I dare/challenge them to actually 'pull this off'....while laughing!!!
Down With Slashdot BETA!!! I've been around the corner and seen the oliphant; you can only abuse me from your perspecti
Sure it is. FIS agents, if caught, will be tried for their crimes.
I called that an "intelligence" attack in my previous post.
The world is involved in intelligence wars, but I am sure the players are working independently of the'response in kind' combat model and are more in the realm of 'fuck me? I already fucked you!'.
It sounds good in theory, but like the parent, I also look at our country's history of using good judgment in situations like this, and worry.
I suspect that this law is mostly a diplomatic message being sent to China, to let them know we mean business if they use extra-military actors to engage in cyberwarfare. There have been a number of announcements from the pentagon that Chinese hackers have been actively poking at the military systems.
This is the polite heads up to their intelligence service to let them know that we are going to hold their China responsible for the activities of their nationalistic and zealous hackers and if they don't ease up, the counter stroke will be to park a cruse missile in the block of apartments that they are operating out of.
It sounds heavy handed, but States don't fuck around with playing games in courts when they view other states as being hostile. So if it seems like a pretty drastic measure, it is because it was likely a response crafted to deal with another state on the levels that states operate. It's possible that another Kevin Mitnik type could get dragged off to federal prison using this, but that would probably be some local prosecutor trying to show how 'tough' they were on cybercrime.
HA! I just wasted some of your bandwidth with a frivolous sig!
If I code in my underwear, am I a nonuniformed combatant?
I would not rule out a "kinetic" response if someone messed with my computer, either! Where's the surprise?
Try this without the "cyber". Imagine a Slashdot article which says "the General has determined that the law of armed conflict applies to enemy armies with guns. This also means that we consider non-state gun attackers to be illegal enemy combatants". The article then goes on to suggest that we will now be sending bank robbers to Guantanamo.
Would that make sense? Of course not. Just because sending people with guns at us is an act of war doesn't mean that non-state actors with guns are all illegal enemy combatants. Why does this change when you replace guns with cyber-?
Note also that the illegal enemy combatant thing was made up by Slashdot for the summary and isn't actually part of the article.
Maybe it's the idealism talking, but I've always thought these laws/rules were a joke. War is genocide, plain and simple. If someone is looking to destroy me and everyone that looks, talks and walks like me, there is no piece of paper in the world that will protect them from my wrath. Fuck the Geneva Convention, fuck the rules of engagement - wearing a uniform, waving a flag and following arbitrary rules doesn't automagically pardon mass murder. This ain't fucking Parcheesi!
We already have laws to define criminal activities. If some foreigner breaks into a few servers, you arrest and prosecute them for computer abuse. They didn't hold a gun to your head, they didn't threaten thousands of lives with religious zealotry... so why call it war ?
-Billco, Fnarg.com
If a thousand "hackers" (and if you can set a digital clock - you are a hacker) "torrent" a single episode of Simpsons each - they would be stealing so much money to effectively ruin FOX Broadcasting Company financially, thereby destroying the only reliable news source in America (possibly the only one in the world) and disrupting the communication across the entire planet.
Mit der Dummheit kämpfen Götter selbst vergebens
This would actually be a cool hack. You'd have to pwn Lexis and Westlaw, and print up some bogus law books (numbered reporters of legal decisions such as Federal Reporter 3d and United States Reports) and plant them in all the law libraries and courthouses (just mail them out in official-looking West Publishing cardboard boxes). Presto, habeas corpus is back. Your legal brief in your next case would read something like this: "We hereby overrule our previous precedent in Jones v. Fatootie denying habeas corpus. Potrzebie v. Holder, 779 U.S 998 (2009)."
We rely on computers those days a lot. And in many cases computer failure or unexpected behavior might cost lives. Its almost like blowing up something.
Also, if some1 steals some confident information and that will cause loses in - for example - actual war, then why not punish them like spies?
If the German government would take the same stance, what would the meaning of installations such as ECHELON be?
Hypocrites!
woman with 6 kids from 8 different child-support paying fathers
Please explain...
Those who can make you believe absurdities can make you commit atrocities. - Voltaire
None of your examples have anything to do with the discussion in question. Or did I miss something? The acts which you link to are not retaliation for cyber-attacks. The French action wasn't even retaliation at all.
Finally we don't need ANY proof of being "under attack" (TM by Herman Göring) anymore to start a war... just say "they opened cyberwar on us - here are the logs that (ahem) proove it!"
The MAFIAA is a bunch of mindless jerks who will be the first up against the wall when the revolution comes
Normally ACs aren't worth replying to, but just a couple of points. The article he linked to describes a citizen of Qatar, not an American citizen. So that doesn't have anything to do with anything. My point was that your average geek is not engaged in armed conflict against U.S. military personnel, and is therefore NOT in danger of being labeled an "illegal enemy combatant."
Now, the AC might have linked to something on Hamdi v. Rumsfeld, which would be a little closer to the point. Like I said, there are those who would like to hold Hamdi as a combatant without the benefit of habeus corpus. But the Supreme Court held (rightly, I believe) that a U.S. citizen has constitutional rights, even if he's captured while fighting with the enemy. So AC, what's your point?
Today's Sesame Street was brought to you by the number e.
I don't get the part about trying state-sponsored hackers for "war crimes". If you're going to treat this as a form of warfare, then why aren't they (the hackers) ordinary soldiers? Why are they "war criminals"? Why is this a war crime and not just ordinary war?
Sure it is. FIS agents, if caught, will be tried for their crimes.
Tried according to a local law, not sent to a torture-and-death camp.
Contrary to the popular belief, there indeed is no God.
Thank you, Tackhead!
That's not usually the objective of war. War with intent to exterminate the enemy population is uncommon. More usually, war is fought as a result of disputes over land or resources. Your ideal outcome in such a war is that the territory in dispute is seized and becomes firmly yours, and that you are then able to agree a peace treaty with the enemy that recognises this state of affairs and prevents further wasteful violence. The enemy's ideal outcome is exactly the same, except that he ends up in control of the disputed territory.
In such a war it makes sense for both sides to observe rules of conduct with regard to civilians, prisoners of war, and so forth. They expect the war to end relatively soon, and afterwards they expect to have to live as reasonably good neighbours, so committing gross atrocities is a major long-term negative.
Now, since you're speaking English and arguing in favour of extreme belligerence and unrestrained violence, I'm going to go out on a limb and assume you're American. Let me now point out that right now there is only one country on earth capable of destroying all the Americans and that country is Russia. They have absolutely no interest in doing anything of the sort. There are also large stockpiles of WMDs, along with delivery mechanisms that can reach the USA, in Britain, France and China. None of these nations have any particular intention of blowing up America either. So I'm not sure who it is that you're afraid of, but if you can identify this genocidal bogeyman then I'm sure it would be most illuminating.
Real Daleks don't climb stairs - they level the building.
unfortunately for these idiots who want to declare cyber attacks as an "act of war", the implications are that that means it _becomes_ a declaration of war.
and when you do that, it's a whole new ballgame.
not least is the fact that when you declare war on a citizen of a country, that citizen has the right - the RIGHT - to attack and kill any citizens of the country that has declared war.
by making this "a war", the united states government can expect these "cyber criminals" to have some serious weaponry to hand, and, importantly, if the united states army, police or even ordinary united states citizens turn up on the doorstep of the "crimminnall" and the "crimmminnalll" kills them, the "crimmminnalll" can claim, "well, the united states declared war on me, what do you expect??"
and they will be allowed to walk away, having killed everyone that was sent to stop them, because, under international law, that's what you're allowed to do, in war.
so i don't think the united states government has really thought this one through. if it's left as a "crime", then they can be tried for "crimes".
but if they try to treat them as "war criminals", then that's _actual_ war, and they're absolutely entitled, under international law, to defend themselves and kill anyone that tries to attack them.
> My point being that some countries (in this case both
> of them modern Western democracies) would have no
> problem at all with doing this.
It's still a non sequitor since the reasons for the attacks have nothing to do with the particular kind of retaliation this whole discussion is about, namely, physical retaliation as a reply to cyber-attack. Your assumption that just because France was willing to sink a ship in order to be able to carry out a nuclear test this necessarily means that it would assassinate a foreign hacker who defaced some government website (or even who did actual damage to French intelligence interests) is just silly. And the same goes for the Israeli example (BTW, the fact that Israel mistakenly killed an innocent during that operation is also totally off-topic).
Also, in case the movies have distorted your understanding, most people convicted of espionage are local to the nation they spied against.