The International Committee of the Red Cross (ICRC) published the first-ever rules of engagement for civilian hackers in conflict. Following the invasion of Ukraine, the organization issued the guideline in response to an unprecedented number of civilians joining patriotic cyber-gangs. The rulebook consists of eight guidelines, including prohibitions on hospital attacks, uncontrollable hacking tools, and threats that may terrorize citizens. The regulation also warns hackers that their actions may endanger lives, including their own, if they are classified as legitimate military targets.
According to reports, several cyber gangs seek to break the restrictions.
The ICRC’s eight rules for ‘hackitvists’
The rules are based on international humanitarian law and are as follows:
- Do not target civilian targets with cyber-attacks.
- Do not employ malware or other tools or techniques that spread automatically and indiscriminately harm military goals and civilian items.
- When preparing a cyber-attack against a military target, do everything possible to avoid or minimize the impact on civilians.
- Conduct no cyber-attacks on medical and humanitarian facilities.
- Do not launch any cyber-attacks against things critical to the existence of the population or that have the potential to unleash hazardous forces.
- Do not make violent threats in order to instill fear in the civilian population.
- Do not inspire anyone to violate international humanitarian law.
- Obey these guidelines even if your opponent does not.
‘Patriotic hacking’: A new form of warfare
The ICRC has sent the new rules to hacker groups active in the Russia-Ukraine conflict. Hacking has historically been used as a weapon of war. Over the last decade, a new type of hacking known as ‘patriotic hacking’ has emerged. The ICRC statement emphasizes pro-Syrian cyber attacks on Western press organizations in 2013. According to ICRC legal expert Tilman Rodenhäuser, this concerning trend has been intensified by the Russia-Ukraine war and is now spreading globally. “Some experts consider civilian hacking activity as ‘cyber-vigilantism’ and argue that their operations are technically not sophisticated and unlikely to cause significant effects,” he says.
The ICRC also urges nations to limit hacking and enforce existing rules. The Ukraine crisis has blurred the distinction between civilian and military hacking, with civilian organizations like as the IT Army of Ukraine formed and encouraged by the government to attack Russian targets. The Ukrainian IT Army, which has 160,000 members on its Telegram channel, also targets public services like railway networks and banks. Large organizations in Russia have similarly assaulted Ukraine and its allies, including disruptive but temporary attacks on hospitals, such as knocking websites offline.