Why cyber attacks from syria matter

The pressures of the conflict have forced all sides to find new ways to take on their opponents. The cyber domain is no exception. The war in Syria is perhaps the first civil war where the use of social media, the internet, mass communication, and satellite news have been harnessed by all sides to wage a coordinated cyber warfare campaign.

This feat is accomplished now, thanks to the hour news cycle, internet and the availability of telecommunication at a very low cost and at a relatively low degree of risk to the fighters. Today the same smartphone that allows loosely linked terrorist cells to coordinate an attack across international borders on one day can be used as a detonation device for a roadside bomb the next day.

A video can be taken on the same smartphone immediately after a barrel bomb attack in Aleppo, and then can be easily uploaded to YouTube. In a matter of minutes, millions of viewers around the world can watch. ISIL uses the cyber domain for recruitment and to promote their shock propaganda videos.

This is all connected to a savvy strategic communications cyber campaign. Similarly, the Syrian Electronic Army — with suspected links to the Assad regime — carries out cyberattacks against international media outlets and organisations to achieve the same effect.

All Sections. About Us. B2B Publishing. Business Visionaries. Hot Property. Times Events. The involvement of civilians would usually go against Just War Theory. If there are such blurred lines between non-combatant and combatant, as well as the forced service, what sort of capability does the state, in this case, SEA, have to attack with surgical precision?

Or, should they at least limit what type of attacks they can perform? The broad term cyber-attack conjures too many ideas and understandings not to be defined in this paper, let alone the greater debate regarding the ethical execution of such attacks.

The discussion regarding ethically permissible actions in cyber-war requires a definition. The most important parts of this definition are threefold: clarification of domain, goal of cyber-attacks, and who may commit cyber-attacks.

First, the definition explains the domain in which cyber-warfare may be conducted—the use of the internet and advanced technology.

Modern weapon systems that use sophisticated technology could fall into this category. Likewise, if a rebel group uses a drone controlled over the internet is it also a cyber-attack? Even though they are using the internet and some advanced computer technologies, we will rule this out. If a rebel group had the resources to create a reliable satellite infrastructure capable of secure communications, like countries often possess to control their drones, they would certainly do so.

They are using the internet as a means to an end, not as an end itself. However, if somehow the group was identifying targets through IP traffic and striking them with the same type of drone, we could call this a cyber-attack since the goal was virtually locating a target based on their internet traffic. Second, Orend , p. These categories give little technical difficulty to execute, as an act of espionage and disinformation can be performed by malware developed by one person or small groups.

This definition contrasts with the beliefs of Neil C. Rowe as cited in Lucas, , p. Lucas , p. He cites the Stuxnet attack, explaining those attacks require not only coding skills but also test equipment, like Siemens centrifuge systems to study their weaknesses.

This point of view is a problematic way to classify the potential actors in cyber-warfare. In Syria, for instance, rebel groups are fighting in traditional war zones with equipment that is neither sophisticated nor modern. Kalashnikov rifles are the primary weapon for many rebel fighters, supplemented not by technologically innovative weapons systems, but rather Soviet-era remnants and improvised artillery. Their lack of resources puts them in no less of a war than between two superpowers.

It all depends on the nature, scope and potential scale of the cyber-attack. The key difference between cyber-warfare and cyber-crime boils down to a key problem when scholars and professionals try to attempt many aspects of cyber ethics—attribution. As Orend states in the definition, the goal of a cyber-attack is to harm the fundamental interests of a political community substantially. However, the reason for making the club a target was due to their sponsor—Qatar Airways, wholly owned by the government of Qatar.

An important delineation to make between cyber-warfare from traditional warfare is that they are hardly the same. It involves infiltration, stealth, stealing, and manipulating. There is an element of surprise in many attacks, like DDoS, that resemble more to the unconventional guerilla war, hit and run tactics.

Most importantly, unlike conventional war, cyber-war is almost never declared or announced prior to attack. There are times where a cyber-attack can fall into a clear act of war. The analogy between a rifle and an advanced weapon system buckles under this as both can result in the destruction of property or life. However, the availability, and intentions of a rebel group using a Kalashnikov and a phishing scam keeps the analogy alive. Fortunately, from an international perspective of governance, there are already laws in place to rule on any cyber-attack.

This statement creates a contradiction of sorts—how can an international body apply the law to an event that is not agreed upon?

For someone to shoot another in cold blood is a blatant act of murder—an objectively understood taking of a human life. Therefore, a legal definition of cyber-warfare must be created. While values may or may not be unique to a culture, perspective often is. To address the confusion, a NATO-led effort to academically construct guidelines for what constitutes cyber-warfare documented their results in the Tallinn Manual, a non-binding document applying existing law to cyber-warfare Schmitt, , p.

This document was the product of a three-year project by twenty renowned international law scholars and practitioners. Interestingly, this Western-backed document was written mostly without consultation from Russia and China, superpowers in both the virtual and real world Lucas, , p.

Due to the neglect, there is still the absence of an internationally understood and mutually agreed upon definition of cyber-warfare, as well as a distinction from cyber-crime. A Utilitarian would argue that the West is only looking out for their own interests and fear that opposing powers might get some leverage, should they be included in the discussion.

It reaffirms the role of cyber capabilities in the future both for vying superpowers and those with few military resources to develop their capacities. Despite the abundance of International Humanitarian Law IHL that could be applied to a cyber-attack and cyber-warfare, it will be near impossible to legally address any cyber-attack in an international tribunal without a universal definition. Efforts need to be made on an international level to define what a cyber-attack can be legally and for what purposes.

There will always be a way to manipulate or overlook vagueness in legislation; with such an abstract concept such as cyber-warfare, lawmakers may never be able to define it completely.

However, this known limitation cannot hamper international efforts to draft a globally accepted definition. The United Nations must look beyond a NATO-centric thought process to define cyber-warfare as loosely or as tightly as they deem necessary so that going forward, countries can be held accountable for their actions.

Over the past six years, new research has flooded academia regarding cyber-warfare on a greater level, as Lucas would suggest while neglecting the type of cyber-warfare plaguing Syria. Authors, including Randall Dipert , p. It proves a useful template to help guide this work as well. For now, this is an essential and inescapable problem tying into attribution.

As seen in Syria, realistic cyber-warfare will consist more and more of acts that look like espionage than an assault on a physical property with an immediate loss of life. An example is when the Syrian opposition forces fell victim to a well-executed hacking operation targeting secret communications and plans in mid Arthur, The threat group stole hundreds of documents hacking Skype chat sessions. The victims of these attacks were opposition members, media activists, and humanitarian aid workers located in Syria and the region.

Jeffrey Tiel and Tony Pfaff , p. We can translate this into a cyber-combat scenario by stating that if you are near a war zone and you have an internet connection, you are consenting to be an ethical target of the least dangerous modes of cyber-warfare. Tiel and Pfaff explain that this level in the physical world is intelligence gathering—we can extend that to the virtual world by hacking a computer to use background processes.

An example of this would be a mother whose son went to fight with a rebel faction. If the opposition learns that her son is the enemy, it would not be permissible to attempt and gain access to her personal information to freeze her bank account or render her computer inoperational. Alternatively, locating the mother and inflicting harm on her might give them the leverage to stop her son. In an interview with GlobalPost last October , Boaz Dolev, who was head of Israel's cyber security office for 13 years, mentioned attacks on water systems as one of his nightmare scenarios.

My nightmare is that a lot of people would be killed," he said. This development — the second attack on Israeli targets by Syrian forces this week — has opened up new fronts in the Syrian war.