SlideShare a Scribd company logo

Lesson7-Hacktivism, Terrorism, Espionage, Disinformation Campaigns and Warfare in Cyberspace.pptx

Download as PPTX, PDF
A
adnis1

Lesson7-Hacktivism, Terrorism, Espionage, Disinformation Campaigns and Warfare in Cyberspace.pptx

Technology
1 of 25
Lesson seven  Hacktivism, Terrorism, Espionage, Disinformation Campaigns and Warfare in Cyberspace
Hacktivism, Terrorism, Espionage, Disinformation Campaigns and Warfare in Cyberspace  This Module of the on Cybercrime examines topics, such as hacktivism, terrorism, espionage, disinformation campaigns, and warfare in cyberspace, as well as national and international perspectives and responses to these cyber activities. The purpose of this Module is to discuss these topics and identify current debates and conflicting views on these topics within and between countries.  Learning Outcomes  Critically examine hacktivism, cyberespionage, cyberterrorism, cyberwarfare, information warfare, disinformation, and electoral fraud  Critically discuss and analyse the legal frameworks governing these activities  Critically assess the lawfulness of responses to these activities  Propose lawful responses to some of these activities
Hacktivism
Hacktivism  Information and communication technology have been used in campaigns for social or political change (i.e., online activism). These types of campaigns have involved the signing of online petitions, hashtag campaigns, creating a campaign website, recruiting volunteers, obtaining funds from members and supporters, and organizing and planning offline protests.  There are, however, individuals and groups that have considered these methods to be insufficient to drawing attention to their cause and have instead resorted to strategies that directly affect the functioning or accessibility of websites and online services as a means of political protest (i.e., hacktivists) (Maras, 2016).
Hacktivism  While there is no universally agreed upon definition of hacktivism, it has been described as the intentional access to systems, websites, and/or data without authorization or having exceeded authorized access, and/or the intentional interference with the functioning and/or accessibility of systems, websites, and data without authorization or having exceeded authorized access, in order to effect social or political change (Maras, 2016).  The cybercrimes hacktivists have committed include website defacements, website redirects, denial-of-service (DoS) attacks or distributed denial of service (DDoS) attacks, malware distribution, data theft and disclosure, and sabotage (Li, 2013; Maras, 2016). All of these tactics involve unauthorized access to targets' systems, websites and/or data.
Cyberespionage
Cyberespionage  While there is no single, universal definition of espionage, espionage has been described as a method of intelligence collection: particularly, as a "process of obtaining information that is not normally publicly available, using human sources (agents) or technical means (like hacking into computer systems)“  Cyberespionage involves the use of information and communication technology (ICT) by individuals, groups, or businesses for some economic benefit or personal gain. Cyberespionage may also be perpetrated by government actors, state-sponsored or state-directed groups, or others acting on behalf of a government, seeking to gain unauthorized access to systems and data in an effort to collect intelligence on their targets in order to enhance their own country's national security, economic competitiveness, and/or military strength (Maras, 2016).
Cyberespionage  While espionage is not a new phenomenon, ICT have enabled illicit intelligence collection efforts directed and/or orchestrated by other countries at an unprecedented speed, frequency, intensity, and scale , as well as a reduction of risks associated with committing espionage (i.e., being caught by the country that is being targeted by the collection efforts).  The primary tactics used by perpetrators of cyberespionage have been identified. These include (but are not limited to) malware distribution, social engineering , spear phishing , and watering hole attacks . For example, a piece of malware known as Flame targeted government computer systems and collected information from its targets, including remotely turning on webcams and microphones of infected systems; taking screen shots of the infected systems' screens; and transferring/receiving data and commands via Bluetooth among others (Bencsáth, 2012).
Cyberespionage tactics  Social engineering is a tactic, whereby a perpetrator tricks the target into divulging information or performing another action. A social engineering tactic that has been used in several cyberespionage incidents is spear phishing, whichinvolves the sending of emails with infected attachments or links that are designed to dupe the receiver into clicking on the attachments or links  Watering hole attack, is "an attack whereby a cybercriminal monitors and determines the websites most frequented by members of particular organization or group and infects those sites with malware in an attempt to gain access to its networks" (Maras, 2016, p. 382). For instance, the modification of the "Thought of the Day" widget on the Forbes website, a US financial information and news magazine, made a watering hole attack targeting common users of the site, particularly individuals in finance and defence, possible (Peterson, 2012; Rashid, 2012).
How its made possible  Cyberespionage has been made possible by the numerous hacking tools that are widely available online. These tools include:  exploits (e.g., zero day - that is, previously unknown vulnerabilities exploited once identified - or those that can penetrate systems and bypass firewalls) and  implants (e.g. backdoor, secret portal used to gain unauthorized access to systems, or a remote access tool ). Since 2016, a group known as Shadow Brokers has been releasing hacking tools (Peterson, 2016; Newman, 2018).
Cyberespionage and the law  The Convention on Cybercrime of the Council of Europe requires signatory States to adopt legislation to criminalize illegal access to computer systems, networks, and data and interception of communications data, among other cybercrimes  Indeed, countries have national laws that criminalize these and other forms of cybercrime that could be used in collection efforts and espionage. In addition, some countries have a general criminal prohibition on espionage (e.g., in Germany, § 94-99 of the German Penal Code; in China, Articles 110-111 of the Chinese Criminal Law); these laws have been used to indict perpetrators of cyberespionage.  These indictments often do not lead to successful prosecutions unless the perpetrators who conducted cyberespionage are physically located in the prosecuting country and/or in a country that cooperates with the prosecuting country (Maras, 2016).
 Cyberterrorism
Cyberterrorism  Information and communication technology (ICT) can be used to facilitate the commission of terrorist-related offences (a form of cyber-enabled terrorism) or can be the target of terrorists (a form of cyber-dependent terrorism). Specifically, ICT can be used to promote, support, facilitate, and/or engage in acts of terrorism.  Particularly, the Internet can be used for terrorist purposes such as the spreading of "propaganda (including recruitment, radicalization and incitement to terrorism); [terrorist] financing; [terrorist] training; planning [of terrorist attacks] (including through secret communication and open-source information); execution [of terrorist attacks]; and cyberattacks" (UNODC, 2012, p. 3).  The term cyberterrorism has been applied by some to describe the use of the Internet for terrorist purposes
Cyberterrorism  The narrow understanding of cyberterrorism has been described as "pure cyberterrorism" by some (e.g., Conway, 2002; Gordon, 2003; Neumann, 2009; Jarvis and Macdonald, 2014; Jarvis, Macdonald, and Nouri, 2014). This narrow definition considers cyberterrorism as a cyber-dependent crime perpetrated for political objectives to provoke fear, intimidate and/or coerce a target government or population, and cause or threaten to cause harm (e.g., sabotage) (Denning, 2001; Jarvis, Macdonald, and Nouri, 2014; Jarvis and Macdonald, 2015.).  Examples of this narrow conception of cyberterrorism include "attacks that lead to death or bodily injury, explosions, plane crashes, water contamination, or severe economic loss....  Serious attacks against critical infrastructures could be acts of cyberterrorism, depending on their impact. Attacks that disrupt nonessential services or that are mainly a costly nuisance would not"
Cyberterrorism and the law  While certain countries have national cyberterrorism laws (e.g., India, Section 66-F, Information Technology Act of 2000; Pakistan, Section 10, Prevention of Electronic Crimes Act of 2016; and Kenya, Section 33, Computer Misuse and Cybercrimes Act of 2018), cyberterrorism is not explicitly prohibited under international law (NATO CCD COE, 2012, p. 156).  Even though there is no universally accepted definition of cyberterrorism and international law does not explicitly criminalize cyberterrorism, "most …[laws] contain offence-creating provisions directly targeting malicious acts aimed at destroying or interfering with the functioning of" critical infrastructure (UNSC CTED and UNOCT, 2018, p. 70).  Specifically, acts of terrorism against critical infrastructure sectors, such as the transportation (e.g., aviation and maritime), nuclear, and government sectors, are prohibited under certain provisions of the following United Nations international conventions and protocols (UNSC CTED and UNOCT, 2018, pp. 70-73) (for further information about these counter-terrorism legal instruments
 Cyberwarfare
Cyberwarfare  The media, politicians, academics, and practitioners have labeled numerous incidents of cybercrime as a form of "cyberwar" or "cyberwarfare" (Maras, 2014; Maras, 2016). Like other topics discussed in this unit, there is no single, universal definition of cyberwarfare. For the purpose of this unit, cyberwarfare is used to describe cyber acts that compromise and disrupt critical infrastructure systems, which amount to an armed attack (Maras, 2016). An armed attack intentionally causes destructive effects (i.e., death and/or physical injury to living beings and/or destruction of property) (Maras, 2016). Only governments, organs of the state, or state-directed or state-sponsored individuals or groups can engage in cyberwarfare.
Cyberwarfare  When engaging in cyberwarfare, jus in bello (i.e., the right conduct during war) is required. Here, the cyber acts that amount to a use of force must be: proportionate (both to the threat that justified this response and in light of the potential collateral damage); aimed at minimizing casualties through the adoption of certain precautionary measures; discriminating in its targets (i.e., only the actual target should be subjected to the cyber act); and used only as a last resort, after lesser invasive means have been exhausted and/or ruled out as unfeasible options (Maras, 2016).
 Information warfare
Information warfare  Information warfare is a term used to describe the collection, distribution, modification, disruption, interference with, corruption, and degradation of information in order to gain some advantage over an adversary (Marlatt, 2008; Prier, 2017). The purpose of this information is to utilize and communicate it in a way that alters the target's perception of an issue or event in order to achieve some desired outcome (Wagnsson and Hellman, 2018).  Two tactics used in information warfare are disinformation (i.e., the deliberate spreading of false information) and fake news (i.e., propaganda and disinformation masquerading as real news)
Information warfare  Declining levels of trust have contributed to the rapid spread and consumption of fake news by the public (Morgan, 2018, p. 39). Disinformation and fake news are spread on social media platforms, and mainstream and non-mainstream media (Prier, 2017, p. 52).  Social media platforms enable disinformation to spread faster and to a larger audience than other online platforms; depending on the platform, this can occur in real-time (e.g., Twitter).  Automated bot accounts assist in this endeavour by spreading information at a faster and more frequent rate than individual users can
Responses to cyberinterventions as prescribed by international law  A rule of customary international law is non-intervention in internal or external affairs of another state ( Nicaragua v. United States, 1986).This rule is included in various treaties and conventions.  Certain forms of cyberinterventions can undermine the public's confidence in the ability of government to maintain essential services, public order, and economic stability.  These forms of cyberinterventions can include:  conducting DDoS attacks against critical infrastructure systems;  using malware to infect critical infrastructure sectors with the intention of damaging systems, stealing, deleting, and modifying data, and/or disrupting services;  and spreading disinformation, fake news, and propaganda in order to undermine the authority of the state and elicit a desired response by the target government and population.
Responses to cyberinterventions as prescribed by international law  According to Rule 6 of Tallinn Manual 2.0 International Law Applicable to Cyber Operations, 2017, "a state must exercise due diligence in not allowing its territory, or territory or cyber infrastructure under its governmental control, to be used for cyber operations that affect the rights of, and produce serious adverse consequences for, other States." Indeed, states are obligated to prevent their territory from being used to commit cyberattacks on other countries ( Corfu Channel case, 1949).  Pursuant to the due diligence principle, states are obligated to act to terminate cyber operations conducted from their state using reasonably available means when notified of them (Rule 7 of Tallinn Manual 2.0).
Responses to cyberinterventions as prescribed by international law  Rule 14 of Tallinn Manual 2.0 holds that "[a] [s]tate bears international responsibility for a cyber-related act that is attributable to the State and that constitutes a breach of an international legal obligation." The cyber acts of state organs, organs of other states, and non-state actors could be attributed to the state (see Rules 15 through 17 of Tallinn Manual 2.0; and Articles 4, 6, 8, and 11 of the International Law Commission's Responsibility of States for Internationally Wrongful Acts of 2001 included in the below box).
 end

Recommended

Running head METHODS USED IN CYBER WARFARE1METHODS USED IN CYB.docx
Running head METHODS USED IN CYBER WARFARE1METHODS USED IN CYB.docxRunning head METHODS USED IN CYBER WARFARE1METHODS USED IN CYB.docx
Running head METHODS USED IN CYBER WARFARE1METHODS USED IN CYB.docxglendar3
 
Running head METHODS USED IN CYBER WARFARE1METHODS USED IN CYB.docx
Running head METHODS USED IN CYBER WARFARE1METHODS USED IN CYB.docxRunning head METHODS USED IN CYBER WARFARE1METHODS USED IN CYB.docx
Running head METHODS USED IN CYBER WARFARE1METHODS USED IN CYB.docxtodd581
 
Lesson2a-General types of CyberCrime.pptx
Lesson2a-General types of CyberCrime.pptxLesson2a-General types of CyberCrime.pptx
Lesson2a-General types of CyberCrime.pptxadnis1
 
28658043 cyber-terrorism
28658043 cyber-terrorism28658043 cyber-terrorism
28658043 cyber-terrorismDharani Adusumalli
 
Cyberterrorism Research Paper
Cyberterrorism Research PaperCyberterrorism Research Paper
Cyberterrorism Research PaperRachel Phillips
 
Cyber Security Cooperation
Cyber Security CooperationCyber Security Cooperation
Cyber Security Cooperationসানজিদা ইয়াসমিন
 
Running headEMERGING THREATS AND COUNTERMEASURES .docx
Running headEMERGING THREATS AND COUNTERMEASURES .docxRunning headEMERGING THREATS AND COUNTERMEASURES .docx
Running headEMERGING THREATS AND COUNTERMEASURES .docxrtodd599
 
Cyber Terrorism Essay
Cyber Terrorism EssayCyber Terrorism Essay
Cyber Terrorism EssayCustom Paper Services
 

Recommended

Running head METHODS USED IN CYBER WARFARE1METHODS USED IN CYB.docx
Running head METHODS USED IN CYBER WARFARE1METHODS USED IN CYB.docxRunning head METHODS USED IN CYBER WARFARE1METHODS USED IN CYB.docx
Running head METHODS USED IN CYBER WARFARE1METHODS USED IN CYB.docxglendar3
 
Running head METHODS USED IN CYBER WARFARE1METHODS USED IN CYB.docx
Running head METHODS USED IN CYBER WARFARE1METHODS USED IN CYB.docxRunning head METHODS USED IN CYBER WARFARE1METHODS USED IN CYB.docx
Running head METHODS USED IN CYBER WARFARE1METHODS USED IN CYB.docxtodd581
 
Lesson2a-General types of CyberCrime.pptx
Lesson2a-General types of CyberCrime.pptxLesson2a-General types of CyberCrime.pptx
Lesson2a-General types of CyberCrime.pptxadnis1
 
28658043 cyber-terrorism
28658043 cyber-terrorism28658043 cyber-terrorism
28658043 cyber-terrorismDharani Adusumalli
 
Cyberterrorism Research Paper
Cyberterrorism Research PaperCyberterrorism Research Paper
Cyberterrorism Research PaperRachel Phillips
 
Cyber Security Cooperation
Cyber Security CooperationCyber Security Cooperation
Cyber Security Cooperationসানজিদা ইয়াসমিন
 
Running headEMERGING THREATS AND COUNTERMEASURES .docx
Running headEMERGING THREATS AND COUNTERMEASURES .docxRunning headEMERGING THREATS AND COUNTERMEASURES .docx
Running headEMERGING THREATS AND COUNTERMEASURES .docxrtodd599
 
Cyber Terrorism Essay
Cyber Terrorism EssayCyber Terrorism Essay
Cyber Terrorism EssayCustom Paper Services
 
Briefly define cyber-terrorism. Define hacktivism. Illustrate ex.docx
Briefly define cyber-terrorism. Define hacktivism. Illustrate ex.docxBriefly define cyber-terrorism. Define hacktivism. Illustrate ex.docx
Briefly define cyber-terrorism. Define hacktivism. Illustrate ex.docxjackiewalcutt
 
Cyber security and cyber laws
Cyber security and cyber lawsCyber security and cyber laws
Cyber security and cyber lawsDr. Prashant Vats
 
The Hacked World Order By Adam Segal
The Hacked World Order By Adam SegalThe Hacked World Order By Adam Segal
The Hacked World Order By Adam SegalLeslie Lee
 
Computer security incidents
Computer security incidentsComputer security incidents
Computer security incidentsassanesignate
 
Trend of cyber terrorism in the present world.pptx
Trend of cyber terrorism in the present world.pptxTrend of cyber terrorism in the present world.pptx
Trend of cyber terrorism in the present world.pptxBini R A
 
An Exploratory Study on Mechanisms in Place to Combat Hacking In South Africa...
An Exploratory Study on Mechanisms in Place to Combat Hacking In South Africa...An Exploratory Study on Mechanisms in Place to Combat Hacking In South Africa...
An Exploratory Study on Mechanisms in Place to Combat Hacking In South Africa...AJHSSR Journal
 
Cyber crime
Cyber crimeCyber crime
Cyber crimeMukul Kumar
 
How Safe is Governmental Infrastructure: A Cyber Extortion and Increasing Ran...
How Safe is Governmental Infrastructure: A Cyber Extortion and Increasing Ran...How Safe is Governmental Infrastructure: A Cyber Extortion and Increasing Ran...
How Safe is Governmental Infrastructure: A Cyber Extortion and Increasing Ran...IJCSIS Research Publications
 
document on cyber terrorism
document on cyber terrorismdocument on cyber terrorism
document on cyber terrorismKirti Temani
 
Final presentation cyber security submit copy
Final presentation cyber security submit copyFinal presentation cyber security submit copy
Final presentation cyber security submit copysmita mitra
 
Francesca Bosco, Le nuove sfide della cyber security
Francesca Bosco, Le nuove sfide della cyber securityFrancesca Bosco, Le nuove sfide della cyber security
Francesca Bosco, Le nuove sfide della cyber securityAndrea Rossetti
 
R41674
R41674R41674
R41674Dr Lendy Spires
 
R41674
R41674R41674
R41674Dr Lendy Spires
 
Cyberterrorism
CyberterrorismCyberterrorism
CyberterrorismBuy A Paper Gallatin
 
E crime thesis Cyber Crime and its several types
E crime thesis Cyber Crime and its several typesE crime thesis Cyber Crime and its several types
E crime thesis Cyber Crime and its several typesAssignment Studio
 
Vol. 6(1), pp. 1-12, August 2016 DOI 10.5897JIIS2015.0
Vol. 6(1), pp. 1-12, August 2016 DOI 10.5897JIIS2015.0 Vol. 6(1), pp. 1-12, August 2016 DOI 10.5897JIIS2015.0
Vol. 6(1), pp. 1-12, August 2016 DOI 10.5897JIIS2015.0drennanmicah
 
Vol. 6(1), pp. 1-12, August 2016 DOI 10.5897JIIS2015.0
Vol. 6(1), pp. 1-12, August 2016 DOI 10.5897JIIS2015.0Vol. 6(1), pp. 1-12, August 2016 DOI 10.5897JIIS2015.0
Vol. 6(1), pp. 1-12, August 2016 DOI 10.5897JIIS2015.0alisondakintxt
 
Required topic cyberlaw documentpresentation document .docx
Required topic cyberlaw documentpresentation document .docxRequired topic cyberlaw documentpresentation document .docx
Required topic cyberlaw documentpresentation document .docxheunice
 
HacktivismPaper.docx
HacktivismPaper.docxHacktivismPaper.docx
HacktivismPaper.docxDesarae Veit
 
Cyber Space
Cyber SpaceCyber Space
Cyber SpaceKashif Latif
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 

More Related Content

Similar to Lesson7-Hacktivism, Terrorism, Espionage, Disinformation Campaigns and Warfare in Cyberspace.pptx

Briefly define cyber-terrorism. Define hacktivism. Illustrate ex.docx
Briefly define cyber-terrorism. Define hacktivism. Illustrate ex.docxBriefly define cyber-terrorism. Define hacktivism. Illustrate ex.docx
Briefly define cyber-terrorism. Define hacktivism. Illustrate ex.docxjackiewalcutt
 
Cyber security and cyber laws
Cyber security and cyber lawsCyber security and cyber laws
Cyber security and cyber lawsDr. Prashant Vats
 
The Hacked World Order By Adam Segal
The Hacked World Order By Adam SegalThe Hacked World Order By Adam Segal
The Hacked World Order By Adam SegalLeslie Lee
 
Computer security incidents
Computer security incidentsComputer security incidents
Computer security incidentsassanesignate
 
Trend of cyber terrorism in the present world.pptx
Trend of cyber terrorism in the present world.pptxTrend of cyber terrorism in the present world.pptx
Trend of cyber terrorism in the present world.pptxBini R A
 
An Exploratory Study on Mechanisms in Place to Combat Hacking In South Africa...
An Exploratory Study on Mechanisms in Place to Combat Hacking In South Africa...An Exploratory Study on Mechanisms in Place to Combat Hacking In South Africa...
An Exploratory Study on Mechanisms in Place to Combat Hacking In South Africa...AJHSSR Journal
 
How Safe is Governmental Infrastructure: A Cyber Extortion and Increasing Ran...
How Safe is Governmental Infrastructure: A Cyber Extortion and Increasing Ran...How Safe is Governmental Infrastructure: A Cyber Extortion and Increasing Ran...
How Safe is Governmental Infrastructure: A Cyber Extortion and Increasing Ran...IJCSIS Research Publications
 
document on cyber terrorism
document on cyber terrorismdocument on cyber terrorism
document on cyber terrorismKirti Temani
 
Final presentation cyber security submit copy
Final presentation cyber security submit copyFinal presentation cyber security submit copy
Final presentation cyber security submit copysmita mitra
 
Francesca Bosco, Le nuove sfide della cyber security
Francesca Bosco, Le nuove sfide della cyber securityFrancesca Bosco, Le nuove sfide della cyber security
Francesca Bosco, Le nuove sfide della cyber securityAndrea Rossetti
 
E crime thesis Cyber Crime and its several types
E crime thesis Cyber Crime and its several typesE crime thesis Cyber Crime and its several types
E crime thesis Cyber Crime and its several typesAssignment Studio
 
Vol. 6(1), pp. 1-12, August 2016 DOI 10.5897JIIS2015.0
Vol. 6(1), pp. 1-12, August 2016 DOI 10.5897JIIS2015.0 Vol. 6(1), pp. 1-12, August 2016 DOI 10.5897JIIS2015.0
Vol. 6(1), pp. 1-12, August 2016 DOI 10.5897JIIS2015.0drennanmicah
 
Vol. 6(1), pp. 1-12, August 2016 DOI 10.5897JIIS2015.0
Vol. 6(1), pp. 1-12, August 2016 DOI 10.5897JIIS2015.0Vol. 6(1), pp. 1-12, August 2016 DOI 10.5897JIIS2015.0
Vol. 6(1), pp. 1-12, August 2016 DOI 10.5897JIIS2015.0alisondakintxt
 
Required topic cyberlaw documentpresentation document .docx
Required topic cyberlaw documentpresentation document .docxRequired topic cyberlaw documentpresentation document .docx
Required topic cyberlaw documentpresentation document .docxheunice
 
HacktivismPaper.docx
HacktivismPaper.docxHacktivismPaper.docx
HacktivismPaper.docxDesarae Veit
 

Similar to Lesson7-Hacktivism, Terrorism, Espionage, Disinformation Campaigns and Warfare in Cyberspace.pptx (20)

Briefly define cyber-terrorism. Define hacktivism. Illustrate ex.docx
Briefly define cyber-terrorism. Define hacktivism. Illustrate ex.docxBriefly define cyber-terrorism. Define hacktivism. Illustrate ex.docx
Briefly define cyber-terrorism. Define hacktivism. Illustrate ex.docx
 
Cyber security and cyber laws
Cyber security and cyber lawsCyber security and cyber laws
Cyber security and cyber laws
 
The Hacked World Order By Adam Segal
The Hacked World Order By Adam SegalThe Hacked World Order By Adam Segal
The Hacked World Order By Adam Segal
 
Computer security incidents
Computer security incidentsComputer security incidents
Computer security incidents
 
Trend of cyber terrorism in the present world.pptx
Trend of cyber terrorism in the present world.pptxTrend of cyber terrorism in the present world.pptx
Trend of cyber terrorism in the present world.pptx
 
An Exploratory Study on Mechanisms in Place to Combat Hacking In South Africa...
An Exploratory Study on Mechanisms in Place to Combat Hacking In South Africa...An Exploratory Study on Mechanisms in Place to Combat Hacking In South Africa...
An Exploratory Study on Mechanisms in Place to Combat Hacking In South Africa...
 
Cyber crime
Cyber crimeCyber crime
Cyber crime
 
How Safe is Governmental Infrastructure: A Cyber Extortion and Increasing Ran...
How Safe is Governmental Infrastructure: A Cyber Extortion and Increasing Ran...How Safe is Governmental Infrastructure: A Cyber Extortion and Increasing Ran...
How Safe is Governmental Infrastructure: A Cyber Extortion and Increasing Ran...
 
document on cyber terrorism
document on cyber terrorismdocument on cyber terrorism
document on cyber terrorism
 
Final presentation cyber security submit copy
Final presentation cyber security submit copyFinal presentation cyber security submit copy
Final presentation cyber security submit copy
 
Francesca Bosco, Le nuove sfide della cyber security
Francesca Bosco, Le nuove sfide della cyber securityFrancesca Bosco, Le nuove sfide della cyber security
Francesca Bosco, Le nuove sfide della cyber security
 
R41674
R41674R41674
R41674
 
R41674
R41674R41674
R41674
 
Cyberterrorism
CyberterrorismCyberterrorism
Cyberterrorism
 
E crime thesis Cyber Crime and its several types
E crime thesis Cyber Crime and its several typesE crime thesis Cyber Crime and its several types
E crime thesis Cyber Crime and its several types
 
Vol. 6(1), pp. 1-12, August 2016 DOI 10.5897JIIS2015.0
Vol. 6(1), pp. 1-12, August 2016 DOI 10.5897JIIS2015.0 Vol. 6(1), pp. 1-12, August 2016 DOI 10.5897JIIS2015.0
Vol. 6(1), pp. 1-12, August 2016 DOI 10.5897JIIS2015.0
 
Vol. 6(1), pp. 1-12, August 2016 DOI 10.5897JIIS2015.0
Vol. 6(1), pp. 1-12, August 2016 DOI 10.5897JIIS2015.0Vol. 6(1), pp. 1-12, August 2016 DOI 10.5897JIIS2015.0
Vol. 6(1), pp. 1-12, August 2016 DOI 10.5897JIIS2015.0
 
Required topic cyberlaw documentpresentation document .docx
Required topic cyberlaw documentpresentation document .docxRequired topic cyberlaw documentpresentation document .docx
Required topic cyberlaw documentpresentation document .docx
 
HacktivismPaper.docx
HacktivismPaper.docxHacktivismPaper.docx
HacktivismPaper.docx
 
Cyber Space
Cyber SpaceCyber Space
Cyber Space
 

Recently uploaded

Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsUnlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsPrecisely
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxnull - The Open Security Community
 

Recently uploaded (20)

Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsUnlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power Systems
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
 

Lesson7-Hacktivism, Terrorism, Espionage, Disinformation Campaigns and Warfare in Cyberspace.pptx

  • 1. Lesson seven  Hacktivism, Terrorism, Espionage, Disinformation Campaigns and Warfare in Cyberspace
  • 2. Hacktivism, Terrorism, Espionage, Disinformation Campaigns and Warfare in Cyberspace  This Module of the on Cybercrime examines topics, such as hacktivism, terrorism, espionage, disinformation campaigns, and warfare in cyberspace, as well as national and international perspectives and responses to these cyber activities. The purpose of this Module is to discuss these topics and identify current debates and conflicting views on these topics within and between countries.  Learning Outcomes  Critically examine hacktivism, cyberespionage, cyberterrorism, cyberwarfare, information warfare, disinformation, and electoral fraud  Critically discuss and analyse the legal frameworks governing these activities  Critically assess the lawfulness of responses to these activities  Propose lawful responses to some of these activities
  • 4. Hacktivism  Information and communication technology have been used in campaigns for social or political change (i.e., online activism). These types of campaigns have involved the signing of online petitions, hashtag campaigns, creating a campaign website, recruiting volunteers, obtaining funds from members and supporters, and organizing and planning offline protests.  There are, however, individuals and groups that have considered these methods to be insufficient to drawing attention to their cause and have instead resorted to strategies that directly affect the functioning or accessibility of websites and online services as a means of political protest (i.e., hacktivists) (Maras, 2016).
  • 5. Hacktivism  While there is no universally agreed upon definition of hacktivism, it has been described as the intentional access to systems, websites, and/or data without authorization or having exceeded authorized access, and/or the intentional interference with the functioning and/or accessibility of systems, websites, and data without authorization or having exceeded authorized access, in order to effect social or political change (Maras, 2016).  The cybercrimes hacktivists have committed include website defacements, website redirects, denial-of-service (DoS) attacks or distributed denial of service (DDoS) attacks, malware distribution, data theft and disclosure, and sabotage (Li, 2013; Maras, 2016). All of these tactics involve unauthorized access to targets' systems, websites and/or data.
  • 7. Cyberespionage  While there is no single, universal definition of espionage, espionage has been described as a method of intelligence collection: particularly, as a "process of obtaining information that is not normally publicly available, using human sources (agents) or technical means (like hacking into computer systems)“  Cyberespionage involves the use of information and communication technology (ICT) by individuals, groups, or businesses for some economic benefit or personal gain. Cyberespionage may also be perpetrated by government actors, state-sponsored or state-directed groups, or others acting on behalf of a government, seeking to gain unauthorized access to systems and data in an effort to collect intelligence on their targets in order to enhance their own country's national security, economic competitiveness, and/or military strength (Maras, 2016).
  • 8. Cyberespionage  While espionage is not a new phenomenon, ICT have enabled illicit intelligence collection efforts directed and/or orchestrated by other countries at an unprecedented speed, frequency, intensity, and scale , as well as a reduction of risks associated with committing espionage (i.e., being caught by the country that is being targeted by the collection efforts).  The primary tactics used by perpetrators of cyberespionage have been identified. These include (but are not limited to) malware distribution, social engineering , spear phishing , and watering hole attacks . For example, a piece of malware known as Flame targeted government computer systems and collected information from its targets, including remotely turning on webcams and microphones of infected systems; taking screen shots of the infected systems' screens; and transferring/receiving data and commands via Bluetooth among others (Bencsáth, 2012).
  • 9. Cyberespionage tactics  Social engineering is a tactic, whereby a perpetrator tricks the target into divulging information or performing another action. A social engineering tactic that has been used in several cyberespionage incidents is spear phishing, whichinvolves the sending of emails with infected attachments or links that are designed to dupe the receiver into clicking on the attachments or links  Watering hole attack, is "an attack whereby a cybercriminal monitors and determines the websites most frequented by members of particular organization or group and infects those sites with malware in an attempt to gain access to its networks" (Maras, 2016, p. 382). For instance, the modification of the "Thought of the Day" widget on the Forbes website, a US financial information and news magazine, made a watering hole attack targeting common users of the site, particularly individuals in finance and defence, possible (Peterson, 2012; Rashid, 2012).
  • 10. How its made possible  Cyberespionage has been made possible by the numerous hacking tools that are widely available online. These tools include:  exploits (e.g., zero day - that is, previously unknown vulnerabilities exploited once identified - or those that can penetrate systems and bypass firewalls) and  implants (e.g. backdoor, secret portal used to gain unauthorized access to systems, or a remote access tool ). Since 2016, a group known as Shadow Brokers has been releasing hacking tools (Peterson, 2016; Newman, 2018).
  • 11. Cyberespionage and the law  The Convention on Cybercrime of the Council of Europe requires signatory States to adopt legislation to criminalize illegal access to computer systems, networks, and data and interception of communications data, among other cybercrimes  Indeed, countries have national laws that criminalize these and other forms of cybercrime that could be used in collection efforts and espionage. In addition, some countries have a general criminal prohibition on espionage (e.g., in Germany, § 94-99 of the German Penal Code; in China, Articles 110-111 of the Chinese Criminal Law); these laws have been used to indict perpetrators of cyberespionage.  These indictments often do not lead to successful prosecutions unless the perpetrators who conducted cyberespionage are physically located in the prosecuting country and/or in a country that cooperates with the prosecuting country (Maras, 2016).
  • 13. Cyberterrorism  Information and communication technology (ICT) can be used to facilitate the commission of terrorist-related offences (a form of cyber-enabled terrorism) or can be the target of terrorists (a form of cyber-dependent terrorism). Specifically, ICT can be used to promote, support, facilitate, and/or engage in acts of terrorism.  Particularly, the Internet can be used for terrorist purposes such as the spreading of "propaganda (including recruitment, radicalization and incitement to terrorism); [terrorist] financing; [terrorist] training; planning [of terrorist attacks] (including through secret communication and open-source information); execution [of terrorist attacks]; and cyberattacks" (UNODC, 2012, p. 3).  The term cyberterrorism has been applied by some to describe the use of the Internet for terrorist purposes
  • 14. Cyberterrorism  The narrow understanding of cyberterrorism has been described as "pure cyberterrorism" by some (e.g., Conway, 2002; Gordon, 2003; Neumann, 2009; Jarvis and Macdonald, 2014; Jarvis, Macdonald, and Nouri, 2014). This narrow definition considers cyberterrorism as a cyber-dependent crime perpetrated for political objectives to provoke fear, intimidate and/or coerce a target government or population, and cause or threaten to cause harm (e.g., sabotage) (Denning, 2001; Jarvis, Macdonald, and Nouri, 2014; Jarvis and Macdonald, 2015.).  Examples of this narrow conception of cyberterrorism include "attacks that lead to death or bodily injury, explosions, plane crashes, water contamination, or severe economic loss....  Serious attacks against critical infrastructures could be acts of cyberterrorism, depending on their impact. Attacks that disrupt nonessential services or that are mainly a costly nuisance would not"
  • 15. Cyberterrorism and the law  While certain countries have national cyberterrorism laws (e.g., India, Section 66-F, Information Technology Act of 2000; Pakistan, Section 10, Prevention of Electronic Crimes Act of 2016; and Kenya, Section 33, Computer Misuse and Cybercrimes Act of 2018), cyberterrorism is not explicitly prohibited under international law (NATO CCD COE, 2012, p. 156).  Even though there is no universally accepted definition of cyberterrorism and international law does not explicitly criminalize cyberterrorism, "most …[laws] contain offence-creating provisions directly targeting malicious acts aimed at destroying or interfering with the functioning of" critical infrastructure (UNSC CTED and UNOCT, 2018, p. 70).  Specifically, acts of terrorism against critical infrastructure sectors, such as the transportation (e.g., aviation and maritime), nuclear, and government sectors, are prohibited under certain provisions of the following United Nations international conventions and protocols (UNSC CTED and UNOCT, 2018, pp. 70-73) (for further information about these counter-terrorism legal instruments
  • 17. Cyberwarfare  The media, politicians, academics, and practitioners have labeled numerous incidents of cybercrime as a form of "cyberwar" or "cyberwarfare" (Maras, 2014; Maras, 2016). Like other topics discussed in this unit, there is no single, universal definition of cyberwarfare. For the purpose of this unit, cyberwarfare is used to describe cyber acts that compromise and disrupt critical infrastructure systems, which amount to an armed attack (Maras, 2016). An armed attack intentionally causes destructive effects (i.e., death and/or physical injury to living beings and/or destruction of property) (Maras, 2016). Only governments, organs of the state, or state-directed or state-sponsored individuals or groups can engage in cyberwarfare.
  • 18. Cyberwarfare  When engaging in cyberwarfare, jus in bello (i.e., the right conduct during war) is required. Here, the cyber acts that amount to a use of force must be: proportionate (both to the threat that justified this response and in light of the potential collateral damage); aimed at minimizing casualties through the adoption of certain precautionary measures; discriminating in its targets (i.e., only the actual target should be subjected to the cyber act); and used only as a last resort, after lesser invasive means have been exhausted and/or ruled out as unfeasible options (Maras, 2016).
  • 20. Information warfare  Information warfare is a term used to describe the collection, distribution, modification, disruption, interference with, corruption, and degradation of information in order to gain some advantage over an adversary (Marlatt, 2008; Prier, 2017). The purpose of this information is to utilize and communicate it in a way that alters the target's perception of an issue or event in order to achieve some desired outcome (Wagnsson and Hellman, 2018).  Two tactics used in information warfare are disinformation (i.e., the deliberate spreading of false information) and fake news (i.e., propaganda and disinformation masquerading as real news)
  • 21. Information warfare  Declining levels of trust have contributed to the rapid spread and consumption of fake news by the public (Morgan, 2018, p. 39). Disinformation and fake news are spread on social media platforms, and mainstream and non-mainstream media (Prier, 2017, p. 52).  Social media platforms enable disinformation to spread faster and to a larger audience than other online platforms; depending on the platform, this can occur in real-time (e.g., Twitter).  Automated bot accounts assist in this endeavour by spreading information at a faster and more frequent rate than individual users can
  • 22. Responses to cyberinterventions as prescribed by international law  A rule of customary international law is non-intervention in internal or external affairs of another state ( Nicaragua v. United States, 1986).This rule is included in various treaties and conventions.  Certain forms of cyberinterventions can undermine the public's confidence in the ability of government to maintain essential services, public order, and economic stability.  These forms of cyberinterventions can include:  conducting DDoS attacks against critical infrastructure systems;  using malware to infect critical infrastructure sectors with the intention of damaging systems, stealing, deleting, and modifying data, and/or disrupting services;  and spreading disinformation, fake news, and propaganda in order to undermine the authority of the state and elicit a desired response by the target government and population.
  • 23. Responses to cyberinterventions as prescribed by international law  According to Rule 6 of Tallinn Manual 2.0 International Law Applicable to Cyber Operations, 2017, "a state must exercise due diligence in not allowing its territory, or territory or cyber infrastructure under its governmental control, to be used for cyber operations that affect the rights of, and produce serious adverse consequences for, other States." Indeed, states are obligated to prevent their territory from being used to commit cyberattacks on other countries ( Corfu Channel case, 1949).  Pursuant to the due diligence principle, states are obligated to act to terminate cyber operations conducted from their state using reasonably available means when notified of them (Rule 7 of Tallinn Manual 2.0).
  • 24. Responses to cyberinterventions as prescribed by international law  Rule 14 of Tallinn Manual 2.0 holds that "[a] [s]tate bears international responsibility for a cyber-related act that is attributable to the State and that constitutes a breach of an international legal obligation." The cyber acts of state organs, organs of other states, and non-state actors could be attributed to the state (see Rules 15 through 17 of Tallinn Manual 2.0; and Articles 4, 6, 8, and 11 of the International Law Commission's Responsibility of States for Internationally Wrongful Acts of 2001 included in the below box).