The Red Cross Appeals to Hacktivists to Spare Health Institutions

Share

Cyberattacks have evolved into a significant worldwide challenge. Cybercriminals ranging from state-sponsored groups to independent hackers increasingly targeting critical infrastructure, healthcare systems, and even humanitarian organizations. These attacks not only disturb important services but are also a significant threat to human lives. The Red Cross International Committee has asked hacker groups to cease the attack on civilians. Recognizing the urgent need for cyber security and coordinated action, the Red Cross has issued a compelling appeal to governments, asking them to take stringent measures against hacker groups.

Civilian hackers and ‘armies’ have attacked many civilian entities including business organizations, financial institutions, pharmacies, hospitals, civilian government services, critical infrastructure, etc. ICRC advisors Tilman Rodenhauser and Mauro Vignati, in the European Journal of International Law, introduce eight fundamental guidelines that hacktivists should embrace in their endeavors. Civilian hackers must obey the law of the countries and should not attack any medical and humanitarian organization and facilities.

Over the last three years, Rodenhauser has led an initiative that is supported by the Red Cross International Committee. Its aim is to create a digital system for marking the assets, services, and data of medical and humanitarian operations. This system will be used as a digital counterpart to the universally recognized red cross or red crescent symbol.

cybersecurity hacktivist

This question has become more important when populist hacktivist groups following Russia’s military actions in Ukraine. In response, Kyiv has formed an “IT Army,” comprising around 400,000 personnel who are committed to supporting Ukraine through distributed denial-of-service attacks. These attacks have disrupted Russian financial institutions including banks and the Moscow Stock Exchange. Intelligence agencies from the West expressed support for the cause but raised legal concerns, especially regarding civilian participants whom Russia might consider enemies.

Aiden Render-Katolik authored a report from the Centre for Strategic and International Studies, has expressed concern as the IT Army group has transformed from an informal organization to a very organized group. It had undergone an evolution phase and divided into two apparent divisions. One group is a public call to action, rallying individuals willing to engage and attack in coordinated DDoS attacks against Russia. The other section is an internal team, purportedly composed of Ukrainian defense and intelligence personnel.

The CyberPeace Institute, an independent organization monitoring the impact of cyberattacks and operations related to the conflict since Russia’s invasion of Ukraine, reported that up to the end of July, third parties attributed 76 out of 2,356 known online attacks or cyber operations to the IT Army. However, a report by CSIS suggested that the actual number could be much higher. According to the CyberPeace Institute, the group primarily focuses on conducting DDoS attacks against Russian entities associated with the ongoing conflict. This includes organizations in the finance, government, military, and telecommunications sectors.

According to the CyberPeace Institute, among supporters of Russia, third parties have credited NoName057 with 924 attacks, the People’s CyberArmy with 221, Anonymous Russia with 135, and KillNet with 95 attacks. These self-declared hacktivist groups target the infrastructure of both governments and corporations, including healthcare, in any nation they perceive as opposing President Vladimir Putin’s administration. KillNet, a faction that has openly endorsed the targeting of medical facilities in Ukraine and allied nations, has affirmed its unwillingness to comply with the guidelines established by the Red Cross. The group’s leader, operating under the alias “KillMilk,” challenged, “Why should I heed the Red Cross?” during an interview with the BBC.

Hacktivism is a term that defines the fusion of hacking techniques and skills with political or social activism. It usually attempts to disrupt the services of critical infrastructure and important organizations through Distributed Denial of Service (DDoS) attacks. Hacktivist consider their actions as public demonstrations or even PR stunts, but the impact of these attacks can be severe and felt far beyond the digital realm. The dynamics of hacktivism and the significant need for accountability are important in an ever-evolving cyber landscape.

DDoS Attacks

DDoS attacks are a frequent strategy by hacktivists. It usually appears to be a public relations stunt, which means that Distributed Denial of Service (DDoS) attacks are employed by hacktivists as a way to gain attention or make a statement, rather than primarily focusing on causing damage or stealing information. Targets like the Eurovision Song Contest and, more notably, the official website of Britain’s Royal Family, even the arrival kiosks at Canadian airports were temporarily taken offline by a DDoS attack orchestrated by the group NoName057. While these incidents garner attention, their true significance lies in what they reveal about the defenses of the targeted organizations.

Accountability

While hacktivists may employ digital means to further their causes, it is crucial to hold them accountable for their cybercrime activities. Targeting civilians or engaging in cyber activities that infringe upon the rights and well-being of individuals should be unacceptable, regardless of the underlying motivations.

Responsibilities of Countries

Nations also bear a significant responsibility. They must take appropriate steps to mitigate the local cyber criminals and enforce cybercrime laws effectively. This responsibility extends beyond the Russia-Ukraine War, as it pertains to any future conflicts in the digital age.

Red Lines and Moral Boundaries

Creating redlines for hacktivists is a dire need of time which may not have an immediate effect. However, these limitations will serve as a reminder of the moral and legal boundaries that should not be crossed. While cybercriminals wielding ransomware often ignore computer crime laws, setting ethical guidelines remains a necessary step.

Justice System

In the ongoing battle against hacktivism, the ultimate goal is to bring cybercriminals to justice. If the measures will not be taken their activities will continue to grow and civilians will suffer. It is our collective responsibility to look after the complex terrain of hacktivism, prioritizing accountability, cybersecurity, and the protection of individuals’ rights.

Preventive Measures by Countries to Mitigate Hacktivism

Enhanced Cybersecurity: Invest in robust cybersecurity measures to safeguard critical infrastructure and sensitive data.

Education and Awareness: Promote cybersecurity education and awareness campaigns for the public, businesses, and government agencies. Knowledge about cyber threats and safe online practices can help prevent attacks.

Legislation and Law Enforcement: Enforce and strengthen cybercrime laws, ensuring that hacktivists and cybercriminals face legal consequences for their actions. This includes international cooperation for extradition and prosecution.

International Collaboration: Collaborate with other nations to address transnational hacktivist threats. Sharing threat intelligence and coordinating responses can be more effective in combating cyberattacks.

Public-Private Partnerships: Foster partnerships between government agencies and private sector organizations to share information and resources for cybersecurity. This can help in early threat detection and mitigation.

Ethical Hacking: Use ethical hacking procedures to proactively identify vulnerabilities in critical systems and infrastructure. It helps patch vulnerabilities before exploited by hacktivists.

Incident Response Plans: Develop and regularly update comprehensive incident response plans to swiftly mitigate the impact of cyberattacks. These plans should include communication strategies, recovery procedures, and legal actions.

Ethical Guidelines: Establish clear ethical guidelines and red lines for hacktivist activities. This helps set expectations for what is considered acceptable behavior in the digital realm and defines the limits of hacktivist actions.

Engagement and Dialogue: Governments can engage in dialogue with hacktivist groups when possible, addressing their concerns through diplomatic channels rather than cyberattacks. This approach may help reduce hostilities.

International Organizations: Work with international organizations like the United Nations and the International Committee of the Red Cross to establish norms and standards for behavior in cyberspace. Encourage adherence to international laws and conventions.

Capacity Building: Provide support for countries with limited cybersecurity capabilities to build their capacity to defend against cyber threats. This can include training and technology transfer.

Crisis Communication: Develop effective crisis communication strategies to manage public perception during cyberattacks. This can help mitigate the potential PR impact of hacktivist actions.

Monitoring and Attribution: Invest in advanced technologies for monitoring and attributing cyberattacks. Identifying the perpetrators can help deter future attacks and hold them accountable.

Peaceful Conflict Resolution: Encourage peaceful conflict resolution and diplomacy to address political and social issues rather than resorting to cyberattacks.

Preventing and addressing hacktivism requires a multifaceted approach, involving technical measures, legal frameworks, international cooperation, and a commitment to ethical behavior in cyberspace. These measures should aim to protect digital infrastructure, individual rights, and international stability.

This Post Has 6 Comments

  1. Imtiaz Chaudhry

    Sir it’s very informative keep it up

  2. Shahid Hussain

    Excellent
    Well written.This article covers all basic information about hacktivism and it also talks about its remedies as well.

  3. Faraz khan

    Informative

  4. Muhammad Tahir Malik

    Sir a very comprehensive account of hactivists activities have been highlighted by your article. An eye opener for the cyber crimes being committed every now and then… Well done,, keep it up

  5. Fatima

    Best article on this topic yet🙌🏻

  6. Muhammad Tahir Malik

    Sir your article gives a detailed insight into the hactivists activities across the globe. An eye opener for the cyber crimes happening every now and then.. Well done sir keep it up 👍

Leave a Reply