Red Cross Releases Wartime Hacktivist Rules

The International Committee of the Red Cross (ICRC) has published a new set of rules urging hacktivists to abide by international humanitarian law in times of conflict.

Writing in the European Journal of International Law (EJIL), the ICRC warned that cyber-attacks carried out by civilians during wartime are increasingly causing disruption to non-military targets such as hospitals, pharmacies and banks – impacting blameless members of society.

Such attacks could also mean hacktivists are putting themselves in danger by signalling to opposing forces that they are a legitimate military target, the non-profit added.

The ICRC is therefore asking governments to limit this hacktivist activity. It published new rules of engagement in cyberspace to clarify what should be off-limits to civilian hackers:

Read more on cyber-warfare: Anonymous Hacking Group Declares “Cyber War” Against Russia.

The ICRC’s intervention is seen as a response to the escalating offensive activity coming from both pro-Russia groups and the IT Army of Ukraine – which has tens of thousands of members on its Telegram channel.

However, it’s unlikely that the ICRC’s calls will be heard, as web defacements, DDoS attacks and other hacktivist efforts are a useful propaganda tool for nations involved in conflict, which also goes some way to disrupting the enemy’s way of life.

Several groups the BBC spoke to said they had no intention of following the ICRC’s rules.

ESET global cybersecurity advisor, Jake Moore, argued that the difficulty of attributing attacks means the rules will probably be ignored.

“The enhancement of being able to act in war under an invisibility cloak adds a dimension that sets up rules to fail,” he said. “Furthermore, the way some targets are chosen in cybercrime means there is often collateral damage miles away simply due to how the networks are set up and which third parties are used.”