As investigations into attempts to influence the 2016 U.S. presidential election continue, more aspects of Russia’s approach to information warfare are coming to light. A steady stream of new disclosures is revealing a complex blend of hacking, public disclosures of private emails, and use of bots, trolls, and targeted advertising on social media designed to interfere in political processes and heighten societal tensions.
The top down UN GGE process appears dead in the water. International norms and laws for responding to cyber attacks must now be built from the bottom up.
Rules must be binding, violations must be punished, and words must mean something. The UN GGE failed on all three accounts.
In 2004, the United Nations established a Group of Governmental Experts with the aim of strengthening the security of global information and telecommunications systems (UN GGE). To date the UN GGE has held five sessions, which are widely credited for successfully outlining the global cybersecurity agenda and introducing the applicability of international law to state behaviour in cyberspace.
However, during the UN GGE’s fifth session in June 2017, fundamental disagreements emerged between the Group’s 25 members, particularly on the right to self-defence and the applicability of international humanitarian law to cyber conflicts. In the end, the fifth and possibly last session concluded without the release of a consensus report. With no plans to pick up the pieces, the question now is, where do we go from here?
This article was originally published by the S. Rajaratnam School of International Studies (RSIS) on 7 November 2016.
The so-called Islamic State (IS) is the most innovative terrorist group the world has seen. In the backdrop of its loss on the ground, IS is expanding its cyber capabilities to conduct more cyber-attacks and hacking. This and its migration into the ‘darknet’ will make IS more dangerous than before.
TERRORIST AND non-state actors have used different modes and mediums to spread their message and communicate with their comrades. The dawn of the Internet has also provided such groups with unparalleled opportunities to establish communications and operational links that were not possible before. Starting from websites, terrorist groups moved to more interactive mediums like chatrooms and forums. It was social media platforms, such as Facebook and Twitter that truly revolutionised how militants, terrorists and non-state actors communicated with each other, recruited sympathisers and supporters and disseminated their propaganda.
Late in May 2014, a group calling itself CyberBerkut leaked a map of the Ukrainian Dnipropetrovsk Oblast administration’s IT resources, information on the Central Election Commission of Ukraine’s servers, and the correspondence of its staff. In the following days, which included the country’s presidential election, CyberBerkut claimed they had again compromised the election commission’s servers, leaked more confidential information, conducted a distributed denial of service (DDoS) attack the commission’s website (which instructed potential voters how and where to vote), and blocked the phones of election organizers. The group also released documents implying that the recently appointed governor of the Dnipropetrovsk Oblast, Igor Kolomoisky, was complicit in pro-European Ukrainian plans to promote the “correct” candidate for president of Ukraine.
Despite the best effort of the Russian group behind CyberBerkut, the center-right, pro-European Petro Poroshenko won the Ukrainian presidency. But CyberBerkut wasn’t finished. Almost exactly five months later, the group used similar tactics in the days preceding the Ukrainian parliamentary elections. The results were largely the same: Pro-European candidates won the majority of seats. An uninitiated observer might be keen to discard these events as failed electioneering. After all, Moscow did not succeed in getting its men elected. But to label the operation a failure is to assume that the primary goal was to get pro-Russia officials elected. Over the course of the past four months, we have seen similar operations unfold in the United States, and — as was the case in Ukraine — there are reasons to believe that swaying the election is not the primary objective. Just as in the case of the CyberBerkut incidents, among the key observers of these operations in the United States have been cyber-security firms like FireEye. The manager of their information operations analysis team recently shared some of their findings with me, which informs the analysis below.