Written by Tilman Rodenhäuser and Mauro Vignati:
As digital technology is changing how militaries conduct war, a worrying trend has emerged in which a growing number of civilians become involved in armed conflicts through digital means. Sitting at some distance from physical hostilities, including outside the countries at war, civilians – including hacktivists, to cyber security professionals, ‘white hat’, ‘black hat’ and ‘patriotic’ hackers – are conducting a range of cyber operations against their ‘enemy’. Some have described civilians as ‘first choice cyberwarriors’ because the ‘vast majority of expertise in cyber(defence) lies with the private (or civilian) sector’.
Examples of civilian hackers operating in to the context of armed conflicts are diverse and many (see here, here, here). In particular in the international armed conflict between Russia and Ukraine, some groups present themselves as a ‘worldwide IT community’ with the mission to, in their words, ‘help Ukraine win by crippling aggressor economies, blocking vital financial, infrastructural and government services, and tiring major taxpayers’. Others have reportedly ‘called for and carried out disruptive – albeit temporary – attacks on hospital websites in both Ukraine and allied countries’, among many other operations. With many groups active in this field, and some of them having thousands of hackers in their coordination channels and providing automated tools to their members, the civilian involvement in digital operations during armed conflict has reached unprecedented proportions.
This is not the first time that civilian hackers operate in to the context of an armed conflict, and likely not the last. In this post, we explain why this trend must be of concern to States and societies. Subsequently, we present 8 international humanitarian law-based rules that all hackers who carry out operations in the context of an armed conflict must comply with, and recall States’ responsibility to restrain them.
Read the 8 rules and discussion at EJIL.
Some groups have told BBC that they will not comply or will not comply with all the rules.