The Convention on Cybercrime, also known as the Budapest Convention on Cybercrime, is the first international treaty aimed at combating Internet and computer crime (cybercrime) by harmonizing national legislation, improving investigative methods and expanding cooperation between countries. It was developed by the Council of Europe in Strasbourg, France, with the active participation of observer states under the Council of Europe - Canada, Japan, the Philippines, South Africa and the United States of America.
Since the entry into force of the Convention, influential countries such as Brazil and India have refused to adopt it on the grounds that they did not participate in its development. Russia opposes the convention, saying its adoption would violate Russian sovereignty, and usually refuses to cooperate in law enforcement investigations related to cybercrime.
The convention was signed by Canada, Japan, the United States of America and South Africa on November 23, 2001 in Budapest. As of October 2022, the following non-member states have ratified the treaty: Australia, Argentina, Cape Verde, Ghana, Dominican Republic, Israel, Canada, Colombia, Costa Rica, Mauritius, Morocco, Nigeria, Panama, Paraguay, Peru, USA, Senegal, Tonga, Philippines In, Chile, Sri Lanka, Philippines, Chile and Japan.
Among other things, the Budapest Convention criminalized cybercrime such as illegal access to a computer system, fraud and forgery, as well as illegal interception of data. While the Budapest Convention has been the subject of controversy over the years, including concerns that it undermines privacy rights, it is generally seen as a useful tool setting an international standard for combating cybercrime.
Budapest vs UN
In 2019, the UN General Assembly passed a resolution that launched a multi-year negotiation process on what could become a global cybercrime treaty more widely accepted and influential than the Budapest Convention. The driver of negotiations on the UN instrument was russia. Together with China, they held a resolution that divided the hall almost in half.
In 2022, the committee began work on the text of the resolution. The received comments from the states demonstrated a number of controversial issues:
China and Russia want to use a new tool to increasingly regulate the Internet, punishing freedom of speech online
Western states are wary of information-sharing procedures without a verification system to ensure that sharing information with authoritarian regimes does not harm human rights.
There are disputes over the regulation of such an instrument of cyber attacks and national security issues.
Most Western states still adhere to the Budapest Convention, as does Ukraine.
In addition, the Ukrainian government wants to change the legal interpretation of aggression, first defined by the UN in 1974, involving the use of cyber weapons. "Together with our partners, we now have to rethink equipment, new methods of warfare, because now the element of cyber defense is an integral part of military operations," said Yuriy Shchyhol, Head of the State Special Communications Service of Ukraine.
Ukrainian authorities are gathering evidence of cyberattacks on critical systems by Russian hackers to provide to the International Criminal Court in The Hague as part of a broader investigation into Russian war crimes.
Ukraine joined the Additional Protocol to the Convention on Cybercrime, like many other countries. In particular, the protocol was signed by: Austria, Belgium, Bulgaria, Spain, Estonia, Finland, Italy, Iceland, Lithuania, Luxembourg, North Macedonia, Montenegro, the Netherlands, Portugal, Romania, Serbia, Sweden, as well as Chile, Colombia, USA, Japan and Morocco. The Protocol is open for signature by the Parties to the Convention and will enter into force when ratified by five States.
This Protocol provides tools to strengthen cooperation and disclosure of electronic evidences, such as direct cooperation with service providers and registrars, effective ways of obtaining subscriber information and traffic data, immediate cooperation in emergency situations or joint investigations that fall within the scope of human rights and the rule of law, including data protection safeguards.
On May 14, 2021, the National Security and Defense Council of Ukraine (NSDC) adopted a cyber defense strategy for Ukraine for the next five years.
On August 26, 2021, President Volodymyr Zelenskyy put into effect the NSDC decision on the updated cybersecurity strategy of Ukraine and approved the creation of cyberwarfare in the structure of the Ministry of Defense.
On September 14, 2021, the National Security and Defense Council began preparations for the creation of cyber troops in Ukraine. On February 1, 2022, President Volodymyr Zelenskyy put into effect the NSDC decision on the plan for implementing the Cybersecurity Strategy.
On March 4, 2022, the State Service for Special Communications and Information Protection announced that Ukraine will join the Joint Advanced Technologies Center for Cyber Defense (CCDCOE). This was unanimously voted by the 27 countries members of the CCDCOE Committee.
Ukraine is calling for a single global organization to help share threat information and prepare for future attacks as Russia attacks Ukraine's critical infrastructure and seeks to create "maximum chaos."
“We need the Cyber United Nations, nations united in cyberspace in order to protect ourselves, effectively protect our world for the future, the cyber world, and our real, conventional world,” Shchyhol said in an interview with POLITICO.
After a year of constant Russian cyberattacks on Ukraine's critical infrastructure, such as energy systems and satellite communications, there is a need for a "single cyberspace" in which the countries of the "civilized world" will be. That would almost certainly mean excluding Russia and its allies.
Russia's war against Ukraine: Cyberfront
The CERT-UA (Computer Emergency Response Team), which operates under the State Service for Special Communications, has registered and investigated 2100 cyber incidents and cyber attacks during 2022. And since the beginning of Russia's full-scale military invasion of Ukraine - more than 1,500.
According to CERT-UA, most often hostile hackers attack the public sector: it accounts for about a quarter of all investigated cases.
Under the special attention of Russian hackers remains the energy sector. Also under the constant eye are companies that are service providers, hardware and software for energy companies. In addition, enemy hackers actively attacked the logistics, telecom, commercial, defense sectors, etc. Since the beginning of the year, the Security Service has neutralized hundreds of Russian cyber attacks on Ukrainian energy facilities, of which almost 30 could become supercritical.
Since the beginning of the year, the Security Service of Ukraine has neutralized more than 4.5 thousand cyber attacks and cyber incidents.
Last year, according to the Computer Emergency Response Team, more than 2,000 cyber attacks were carried out, including:
500 attacks on government resources and management systems;
400 attacks against commercial, energy, financial, telecommunications and software sectors;
300 attacks (that is, less than a sixth of them) were aimed at military targets.
Russia’s tactics
ON THE EVE OF A FULL-SCALE INVASION
Deputy Prime Minister - Minister of Digital Transformation Mykhailo Fedorov said that the Action team repelled the attack of hackers from four countries - Russia, China, the Czech Republic and Uzbekistan.
"At about 20:00 on February 15, following the banks, a powerful DDoS attack began on the Diia portal, which was expected. The initial vector is Russia and China. Somewhere 600 thousand packets of malicious traffic per second. Our experts quickly "cut off" this direction, but the attack returned from the Czech Republic and Uzbekistan. And again it was "repulsed." For Diia users, the attack remained invisible," Fedorov wrote in his telegram channel on the evening of February 15.
On the evening of February 15, interruptions in the work of official sites due to a cyber attack were reported by the Ministry of Defense and the Armed Forces of Ukraine. Several banks stopped their mobile applications activity or websites of financial institutions. In particular, Privatbank and Oschadbank were subject to cyber attacks.
This attack was followed by a series of powerful DDoS attacks in mid-February and cyber attacks in the run-up to the invasion. The purpose of these attacks was both the destruction of infrastructure and the sowing of panic and mistrust among the population. However, even during the war, Russian hackers did not succeed.
In addition, the study revealed clear ties between Russia's failures on the military or diplomatic front and the subsequent revenge attacks. For example, on march 1, Russia fired missiles at the Kyiv tv tower, which led to the suspension of television broadcasting. At the same time, the Russians carried out a cyber attack on the Broadcasting, Radio Communications and Television Concern.
The key pro-Russian hacktivist group Killnet, a group that promotes political ideas through the illegal use of networks, constantly attacks critical infrastructure of NATO countries with complex DDoS attacks.
THE MOST POWERFUL ATTACKS IN 2022:
January. Ukraine suffered from a large-scale cyber attack, as a result of which several sites of the government and ministries were liquidated.
February. Ukraine was at the center of a series of targeted DDoS attacks on the Armed Forces, websitesб ministries, public radio and banks. The US government officially blamed the attacks on the Main Intelligence Directorate of the General Staff of Russia (GRU GSh).
April. A powerful cyberattack on Ukrainian power grids, similar to the attempt to hack the power grid of Ivano-Frankivsk region in 2015.
August. The most powerful attack on the Enerhoatom (state-owned nuclear energy operator) website since the beginning of the full-scale war, carried out by the Russian group People's Cyber Army, using 7.25 million bots. During the attack, hackers for three hours simulated hundreds of millions of views of the main page of this state-owned company.
According to the head of the US Cyber Mission, Major General John Hartman, before the withdrawal of all US military from Ukraine on the eve of the Russian full-scale intervention in February 2022, there was a team of about 40 cyber specialists from the United States in Ukraine. However, even after that, Hartman emphasizes, the United States continued to support Ukraine by providing assistance in the fight against Russian hackers.
However, Ukraine was not the only target of Russian hackers. The website of the European Parliament suffered a cyber attack after the recognition of Russia as a sponsor of terrorism on 23 november 2022.
"The European Parliament is under a sophisticated cyberattack. A pro-Kremlin group has claimed responsibility," the parliament's president, Roberta Metsola, said on Twitter. "Our IT experts are pushing back against it and protecting our systems. This, after we proclaimed Russia as a State-sponsor of terrorism. My response: #SlavaUkraini (Glory to Ukraine)."
INCOMPLETE LIST OF RUSSIAN CYBER ATTACKS IN THE FIRST MONTHS OF THE INVASION:
25.02 cyberattack on the border control point in order to prevent refugees from entering Romania
25.02 Facebook disinformation campaign
28.02 attacks on Ukraine's digital infrastructure, resulting in blocking access to financial services and energy facilities
01.03 attack on the Broadcasting, radio and Television Concern
04.03 distribution of malware in public organizations
07.03 phishing attack against media companies
09.03 cyberattack on telecommunications providers
14.03 CaddyWiper malware reportedly infiltrated the systems of several Ukrainian public and financial sector organizations.
16.03 hacking of the Red Cross site in Ukraine
17.03 attack with phishing emails targeting the government and military
18.03 attack with phishing emails targeting a number of Ukrainian organizations
20.03 using the LoadEdge backdoor to install tracking software
23.03 devastating cyber attack on the transport company of the West of Ukraine
28.03 cyber attacks on Ukrtelecom and WordPress sites caused communication disruptions and limited access to financial and government sites
30.03 using the MarsStealer information thief, access to the credentials of Ukrainian citizens and organizations was obtained
07.04 cyber attack on Ukrainian media
14.04 illegal acquisition of banking and payment data of citizens using a Trojan program.
22.04 DDoS-attack on Ukrposhta
07.05 attack on Odesa City Council during rocket attack on residential areas of the city
09.05 DDoS attack on Ukrainian telecommunications providers
14.12 Russian hackers attacked the site and other services of Lvivoblenergo
Deputy Head of the State Service for Special Communications on Digital Development Viktor Zhora explained that there is a certain consistency between Russia's cyber attacks and the aggressor's military attacks on Ukraine. Zhora said that Kyiv considers the actions of the aggressor in digital space a war crime. For example, he mentioned the attacks on the facilities of the energy company DTEK in July 2022. Then the invaders carried out a coordinated attack on one of the CHP. The Russians fired at this object and simultaneously attacked the company's corporate network. Similar coordinated activity of the occupiers was also observed in Odesa, Lviv and Mykolaiv, where the shelling of the Russian Federation was accompanied by cyber attacks on local authorities, websites or Internet providers. Such attacks disrupted the functioning of IT infrastructure, the power grid, telecommunications and critical infrastructure. Ukrainian officials are collecting evidence of cyberattacks related to military strikes of the Russian Federation, and transmitting information to the International Criminal Court in The Hague to prosecute such actions by Russia. If Russia's cyber attacks on Ukrainian infrastructure are recognized as part of war crimes, this will be the first such classification.
It is already known that there are opportunities to poison the water supply, break through the dam, shoot down the plane or disable the life-supporting equipment of the hospital only with the help of cyber means. While Russia has made clear that it has no intention of complying with international humanitarian law, pursuing its cyberattacks against Ukraine's critical infrastructure could have an important deterrent effect on other state actors.
Legal responsibility
There are several measures that can be taken now to better prepare the international legal order for current and future wars.
First of all, international criminal lawyers and investigators need to think about cyber-war crimes from a practical perspective to determine what types of data have probative value and where that evidence will be located. Just as in the case of a physical crime scene in the field, after an attack on a computer network, there is a "golden hour" when evidence can be collected and stored, after which it is easier to change or destroy it.
Second, cybersecurity researchers with potentially important evidence should understand their importance, know how to preserve them in a way that preserves their integrity and chain of transmission, and share them with the appropriate investigative authorities.
Finally, there must be a means to share knowledge between the global criminal justice and cybersecurity communities. There are already models of successful public-private partnerships that can maintain an open line of communication between cybersecurity researchers and prosecutors investigating war crimes.
As noted by Yurii Shchyhol, head of the State Service for Special Communications and Information Protection of Ukraine, "the Russian-Ukrainian war is the world's first full-scale cyber war, but it will not be the last. On the contrary, all future conflicts will have a powerful cyber component. " In the absence of accountability mechanisms to clarify and enforce the law, states can escalate with impunity, creating new vulnerabilities and invisible risks for civilians in an increasingly interconnected world. Prosecutors investigating war crimes must innovate and foster legal evolution to fit the new nature of war.
Russia's cyber war against Ukraine is taking place right now, and the ICC Prosecutor has an unprecedented opportunity to deliver justice for Ukrainians, prevent future harm by deterring, strengthen the laws of war, ensure that international law is in line with technological development, and demonstrate the relevance, legitimacy and potential of the ICC.
The head of the Ukrainian cybersecurity branch calls for the creation of a single global organization, CyberUN, which would help share information about threats and prepare for future attacks, as Russia targets the infrastructure of Ukraine.
Shchyhol said that our partners, especially the United States of America, approve the proposal to find space to safely coordinate work on new technologies.
ความคิดเห็น