Ukraine cyberattacks may have Geneva Convention implications, Microsoft says

Join today’s leading executives online at the Data Summit on March 9th. Register here.


Cyberattacks targeting civilians in Ukraine “raise serious concerns under the Geneva Convention,” Microsoft president Brad Smith said in a blog post today.

“We remain especially concerned about recent cyberattacks on Ukrainian civilian digital targets, including the financial sector, agriculture sector, emergency response services, humanitarian aid efforts, and energy sector organizations and enterprises,” Smith wrote. “These attacks on civilian targets raise serious concerns under the Geneva Convention, and we have shared information with the Ukrainian government about each of them.”

As the Geneva Convention aims to protect civilians, “these attacks on civilian digital targets are very closely treading the line if not crossing it,” said Danny Lopez, CEO of cybersecurity vendor Glasswall, in an email to VentureBeat. “By targeting innocent bystanders, particularly emergency response and humanitarian aid organizations, that aren’t prepared to defend their cybersecurity infrastructure against a global power, nation-state attackers may have gone a step too far.”

The four Geneva Conventions are international treaties that define the rules of war and attempt to limit barbaric behavior during wartime. The fourth Geneva Convention is focused on treatment of civilians in war situations.

While the term “war crimes” does not appear in the convention itself, the term does appear in the Rome Statute of the International Criminal Court, Article 8, which defines “war crimes” as “grave breaches of the Geneva Conventions of 12 August 1949.” The article lists several acts that would constitute a violation of the Geneva Conventions, including “willfully causing great suffering, or serious injury to body or health.” Other violations include “intentionally directing attacks against the civilian population,” according to Article 8 of the statute.

In terms of the Ukraine cyberattacks, Smith did not specify which incidents he was referring to in the blog when he mentioned cyberattacks that have raised “serious concerns under the Geneva Convention.”

Earlier in the post, however, he disclosed that Microsoft had “detected a new round of offensive and destructive cyberattacks directed against Ukraine’s digital infrastructure” on Wednesday, February 24, several hours before Russia launched its unprovoked invasion of Ukraine.

The attacks involved a new malware package, which Microsoft has dubbed FoxBlade. A separate Microsoft page, first published on February 23, says that FoxBlade is a trojan that “can use your PC for distributed denial-of-service (DDoS) attacks without your knowledge.”

Overall, in Ukraine, “these recent and ongoing cyberattacks have been precisely targeted,” Smith said, noting that the use of “indiscriminate malware technology” such as in the NotPetya attacks of 2017 has not been observed so far.

The Ukrainian government is a customer of Microsoft, and so are “many other organizations” in Ukraine, Smith said.

Microsoft has also “advised the Ukrainian government about recent cyber efforts to steal a wide range of data, including health, insurance, and transportation-related personally identifiable information (PII), as well as other government data sets,” he said.

Attacks on civilians

A number of cyberattacks have impacted targets in Ukraine that are not part of the government or military over the past several weeks.

Massive DDoS attacks on February 15 affected the web services of three banks in Ukraine — Privatbank, Oschadbank and Monobank — as well as military websites in the country. The U.S. and U.K. have attributed those attacks to Russia.

DDoS attacks are among the simplest attacks to launch, and Russian threat actors have been known to use them “as a distraction to hide more direct attempts to breach target systems,” said Nathan Einwechter, director of security research at cyber firm Vectra.

In terms of destructive cyberattacks, data-wiping malware was deployed last Wednesday against financial, aviation and IT services companies in Ukraine, along with the defense ministry, just ahead of Russia’s invasion, according to researchers at ESET and Symantec. That wiper has been referred to as “HermeticWiper” by some researchers.

The Washington Post and VentureBeat have reported that data-wiping malware also hit a Ukraine border control station over the weekend, forcing border agents to process refugees fleeing the country with pencil and paper and contributing to long waits for crossing into Romania.

HypaSec CEO Chris Kubecka, who was in Ukraine to assist with potential cyberattacks, and spoke with agents at the border crossing, told VentureBeat and Cybercrime Magazine that she has been attempting to obtain a sample of the malware for researchers to examine. The attack was first reported by the Washington Post.

Meanwhile, the State Service of Special Communication and Information Protection of Ukraine reported on February 25 that phishing emails with suspicious attachments have been targeting civilians. “The enemy forces aim to gain access to the electronic devices of Ukrainians to gather a large amount of information,” the agency said in a tweet.

“When there’s a level of uncertainty about something going on in the world, phishing can be one of the most effective tactics for attackers to use,” said Hank Schless, senior manager for security solutions at security vendor Lookout, in an email.

Other phishing attacks, which have targeted Ukrainian military personnel, have been blamed on “UNC1151″ by Ukraine’s Computer Emergency Response Team (CERT). The agency said the hacking group consists of officers in the defense ministry at Russian ally Belarus.

Still, even with the cyberattacks that have been launched against Ukraine, experts told the Washington Post that the attacks so far have been far less severe than many expected before the invasion.

In an email response to VentureBeat today, Microsoft declined to specify which cyberattack incidents in Ukraine may raise concerns related to the Geneva Conventions.

“The team at Microsoft is likely seeing cyberattack attempts on digital infrastructure with varying degrees of infiltration success — and was intentionally vague to encompass all of them,” Lopez said.

War crimes?

Amid the attacks in Ukraine, experts will undoubtedly provide analysis on whether international laws of armed conflict may have been violated with cyberattacks, said Tim Wade, deputy CTO at Vectra.

“While some of that analysis may be complex or nuanced, one thing is very simple – placing civilian well-being in the crosshairs of a conflict is wholly unacceptable, and must not be the vehicle under which military achievements are made,” Wade said in an email. “The Geneva Convention is explicit in its purpose to protect people not taking part in hostilities.”

Crimes against humanity and war crimes are typically defined broadly so that “anything that unduly impacts civilians in a conflict zone” can be considered a war crime, said John Bambenek, principal threat Hunter at IT and security operations firm Netenrich.

“Any intentional targeting of civilians certainly is the kind of thing the Geneva Convention was meant to address,” Bambenek said in an email. “The key concerns are the significance of attacks.”

For instance, a cyberattack aiming to impede the movement of refugees would be “both alarming and stunningly inhumane,” Bambenek said.

Ultimately, although it is “clear to say that these actions are harming civilians, it is up to international law and Geneva to make the official judgment on whether it’s a war crime,” said Shmulik Yehezkel, CISO at cybersecurity firm CYE.

But regardless, “we are seeing a significant uptick in the use of cyber capabilities alongside the kinetic operation and it can be assumed that this trend will continue,” Yehezkel said.

In the Microsoft blog post, Smith wrote that “in recent days, we have provided threat intelligence and defensive suggestions to Ukrainian officials regarding attacks on a range of targets, including Ukrainian military institutions and manufacturers and several other Ukrainian government agencies.”

“This work is ongoing,” Smith said.

VentureBeat’s mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Learn More

Note: This article have been indexed to our site. We do not claim legitimacy, ownership or copyright of any of the content above. To see the article at original source Click Here

Related Posts
Recenze Sifu – pořádná kung-fu mela thumbnail

Recenze Sifu – pořádná kung-fu mela

Relativně mladé francouzské studio Sloclap, založeno v roce 2015, má zatím ve svém portfoliu pouze zajímavou online akci Absolver, která vyšla v roce 2017. Pokud jste titul hráli či zkoušeli, tak víte, že jeho hlavní přednost tkvěla v opravdu povedeném soubojovém systému, jenž se zaměřoval na kontaktní boje. A právě kontaktní boje jsou základním pilířem…
Read More
TOP 10 worst optimized PC games.  These titles can discourage you from playing even with high ratings thumbnail

TOP 10 worst optimized PC games. These titles can discourage you from playing even with high ratings

Gracze PC od zarania dziejów mierzą się różnymi przeciwnościami losu. Na ich drodze do szczęścia stoi przede wszystkim ciągle niewystarczająca moc obliczeniowa - nawet, jeśli komputer jest w stanie odpalić daną grę w maksymalnych detalach, to już za kilka lat najpewniej będzie można zapomnieć o tym komforcie. Do tego doliczmy masę często niezrozumiałych ustawień, potencjalne…
Read More
Основные особенности дополнения Dawn of Ragnarok к Assassin’s Creed Valhalla собрали в 6-минутном трейлере thumbnail

Основные особенности дополнения Dawn of Ragnarok к Assassin’s Creed Valhalla собрали в 6-минутном трейлере

10.02.2022 [21:44], Дмитрий Рудь Издательство Ubisoft и студия-разработчик Ubisoft Sofia представили обзорный трейлер масштабного дополнения Dawn of Ragnarok («Заря Рагнарёка») к скандинавскому экшену в открытом мире Assassin’s Creed Valhalla. Источник изображения: Ubisoft По сюжету Эйвор — протагонист игры — погружается в сон, где принимает обличье Одина (мужчины или женщины). Верховный бог прибывает в Свартальфахейм, чтобы…
Read More
Enjoy the personal sound space Noble Audio FoKus PRO thumbnail

Enjoy the personal sound space Noble Audio FoKus PRO

究竟 Noble Audio 耳機的製作功力如何深厚?相信是人所共知,在真無線耳機當道的年代,品牌也有染指此市場,近期更推出新品 FoKus PRO,將過往於發燒級耳機中的單元技術和經驗應用在 FoKus PRO 上,為用戶提供極高質的聆聽體驗。 從 FoKus PRO 的外型就可令人聯想到品牌高階的 IEM 耳機,的確耳機參考了自家定製耳機的造型,面板用上藍色雲石花紋並配上金屬 Noble Logo,極有格調。耳機的外殼就以 3D 打印製作,以符合人體工學設計,緊貼內耳結構且有效阻擋外界噪音。的確 FoKus PRO 提供了舒適及穩固的佩戴感,IEM 造型相當貼合,筆者認為帶來了不錯的物理隔音效果。FoKus PRO 共提供三款尺寸的耳膠,個人認為已夠用,當然也可另配耳棉使用,如此一來物理隔音效果再會提高一些。 面板用上藍色雲石花紋並配上金屬 Noble Logo,極有格調。提供三款尺寸的耳膠(其中一對已經裝於耳機上),更有半透明硬式收納盒。FoKus PRO 耳機造工精緻,充電盒亦一樣,全金屬製外殼極有質感,正面具備指示燈顯示剩餘電量。續航力方面,耳機充滿電一次需約 1.5 小時,可聽約 7.5 小時,並支援快充,充電 15 分鐘即可用 70 分鐘。 使用 USB-C 介面充電,支援快充,充電 15 分鐘即可用 70 分鐘。高質聆聽體驗 既然要極高質的聆聽體驗,FoKus PRO 在單元方面當然要做足功夫。耳機採用 8.2mm 的專屬定制動圈單元,以及使用了兩個由 Knowles 所製作的動鐵單元,因此屬三混合單元設計。其他規格方面,FoKus PRO 因使用 Qualcomm…
Read More
Rogers offers $55/mo 20GB student plan thumbnail

Rogers offers $55/mo 20GB student plan

The plan is only available for students, and relies on a few slightly confusing discounts Rogers rolled out a back-to-school offer for students: a $55/mo 20GB plan with unlimited data and 5G access. The Toronto-based national telecom details the special student offer on its website, but RedFlagDeals also highlighted the offer with some additional details…
Read More
Index Of News