• This is a political forum that is non-biased/non-partisan and treats every person's position on topics equally. This debate forum is not aligned to any political party. In today's politics, many ideas are split between and even within all the political parties. Often we find ourselves agreeing on one platform but some topics break our mold. We are here to discuss them in a civil political debate. If this is your first visit to our political forums, be sure to check out the RULES. Registering for debate politics is necessary before posting. Register today to participate - it's free!

Report For NATO Justifies Killing Of Hackers In A Cyberwar

TheDemSocialist

Gradualist
DP Veteran
Joined
Apr 13, 2011
Messages
34,951
Reaction score
16,311
Gender
Undisclosed
Political Leaning
Socialist
The U.S. government has taken a hard line on hackers lately, charging them with federal crimes that carry lengthy prison sentences.But a new report argues that a hacker who helps a hostile country commit computer sabotage could face a much a harsher penalty: death.
The report, prepared for NATO by a group of independent military law experts, says that countries have legal justification to use military force against hackers who help another country launch a cyberattack. The report is the first formal attempt to define a set of rules that countries should follow in the event of a cyberwar.
International law prohibits attacks against civilians during wartime. But the 282-page report says that hackers who help foreign adversaries could lose that legal protection and be legally targeted by another country's military. As an example, one nation could target an individual hacker with force if the hacker found a security flaw or wrote malicious software that helped another country sabotage computer networks, the report said.
The attack would merit such a response if the results posed a national security threat. For example, the report outlined a scenario in which a foreign adversary hacked a chemical plant to cause an explosion that led to widespread injuries or deaths.


Read more @: Report For NATO Justifies Killing Of Hackers In A Cyberwar

So i get the cyberwarfare can **** up a lot of things, but death i believe is a bit much... With drone warfare now these days and hackers i believe this can be used as a very bad combo. There are a lot of issues also in this report, and what makes a hacker "fair game" for killing them?
 
Read more @: Report For NATO Justifies Killing Of Hackers In A Cyberwar

So i get the cyberwarfare can **** up a lot of things, but death i believe is a bit much... With drone warfare now these days and hackers i believe this can be used as a very bad combo. There are a lot of issues also in this report, and what makes a hacker "fair game" for killing them?[/FONT][/COLOR]

Don't worry, no one is gonna get droned for hacking an xbox.

If someone is about to cause a chemical explosion in an industrial plant... we need to stop them, no doubt.
 
Don't worry, no one is gonna get droned for hacking an xbox.

If someone is about to cause a chemical explosion in an industrial plant... we need to stop them, no doubt.

I agree but what is considered a "dangerous hacker"? Is someone who gets into classified documents such as documents Wikileaks publishes considered dangerous? What do they deserve? There are a lot of unanswered questions in this document that need to be answered.
 
Read more @: Report For NATO Justifies Killing Of Hackers In A Cyberwar

So i get the cyberwarfare can **** up a lot of things, but death i believe is a bit much... With drone warfare now these days and hackers i believe this can be used as a very bad combo. There are a lot of issues also in this report, and what makes a hacker "fair game" for killing them?[/FONT][/COLOR]

The problem I have with this is the difference between criminal hackers and terrorist hackers and where the line will be drawn between them.
 
I agree but what is considered a "dangerous hacker"? Is someone who gets into classified documents such as documents Wikileaks publishes considered dangerous? What do they deserve? There are a lot of unanswered questions in this document that need to be answered.

Having only read the quote you provided, I think those questions are clearly answered. I dunno, try reading it again?
 
The problem I have with this is the difference between criminal hackers and terrorist hackers and where the line will be drawn between them.

The article cleary states: "a threat to national security", presumably such must be in-the-act.
 
I agree but what is considered a "dangerous hacker"?
A nerd that uses his skills to do harm to others.

Is someone who gets into classified documents such as documents Wikileaks publishes considered dangerous?
That would be espionage.

What do they deserve?
A very long prison term depending on the severity of the leak. If it gets our own people killed, they should also put execution on the table.
 
Having only read the quote you provided, I think those questions are clearly answered. I dunno, try reading it again?

I don thtink they are because they bring up the same scenario and question i asked. ""The law is unclear as to the precise point at which the extent of death, injury, damage, destruction or suffering caused by a cyber operation" qualifies as an armed attack that justifies retaliation"
 
The article cleary states: "a threat to national security", presumably such must be in-the-act.

Yeah, but that's awfully broad. I'd rather have a more stringent and detailed set of criteria to label someone a terrorist hacker. Theoretically, anything could be considered a threat to national security.
 
Frankly, Ive always believed hackers and those that write viruses should be killed.
 
Not really.

Yes, really.

A hacker who gets into the banking system could be considered a terrorist for attacking the nation's financial system - even if all he wants to do is steal money.

It's really broad - I'd feel more comfortable if there were distinct criteria.
 
1) No critical infrastructure should be connected to the internet period. There is no sane reason it should even be physically possible to hack a water treatment plant.
2) Lethal force should be a proportional response. If someone manages to make something explode over the internet and it kills people, then its reasonable to respond in kind. A power outage hardly justifies the use of violence.
2) Cyber warfare assets should be considered a valid target during wartime. However, by wartime I mean an actual declared war against a specific enemy, not the current "we are at war with anyone anywhere" nonsense.
 
Yes, really.

A hacker who gets into the banking system could be considered a terrorist for attacking the nation's financial system - even if all he wants to do is steal money.

No, not really.

No, he couldn't.


Stewart Baker, a former assistant secretary at the Department of Homeland Security, said the military needs the right to retaliate with physical force -- not just digital force -- against hackers who could shut down a power grid or a water treatment plant.

"If Americans are dying because of terrorist hackers and we have chance to kill them, then we should kill them," Baker said, adding, "It would be nuts to say that no matter what you do in cyberspace we will only respond in cyberspace."

Let's not be nuts.
 
Nothing in your quote explains how he couldn't be considered a terrorist hacker.

Hacking a bank =/= terrorist.

Obviously.
 
Add email spammers!
 
hacking does not work that way. let us say for a moment you could remote control a chemical plant from a remote location to blow it up. Part of hacking is covering your identity which often involves making it seem like the attempt is coming from somewhere it is not, or using someone else's connection. In order to trace things you often need to investigate which takes time. So even if you were within distance to physically strike at what you thought was the hacker, you would probably hit the wrong person.

Most dangerous systems require on site access to the computer systems involved. This would probably be accomplished by some sort of infection of those computers, or an operator who happened to infiltrate the site. If it is some sort of virus like what damaged iran's uranium enriching centrifuges killing the hacker to stop it would make no difference. These independent military law experts are obviously trying to pull something, or they have no business being called experts. Now if they want to add a death penalty to the punishment of caught hackers who do things that kill people like causing a chemical explosion then I can see that. If they are implying that you could drone strike a hacker in real time to stop such an attack they are better off drone striking the chemical plant.

yet another in a long line of computer hacker paranoia that is trying to enable the military to kill without trial by claiming an immediate threat. At least that is what i hope it is and that our country's computer experts watching dangerous things are not so stupid to allow offsite control of those computer systems. If you are already on site then they already have you in a spot where they can kill you pretty easily for being a threat.

As for data leaks that is not the same sort of issue as initiating a explosion. Most leaks are not immediately threatening to life or national security.
 
hacking does not work that way. let us say for a moment you could remote control a chemical plant from a remote location to blow it up. Part of hacking is covering your identity which often involves making it seem like the attempt is coming from somewhere it is not, or using someone else's connection. In order to trace things you often need to investigate which takes time. So even if you were within distance to physically strike at what you thought was the hacker, you would probably hit the wrong person.

Most dangerous systems require on site access to the computer systems involved. This would probably be accomplished by some sort of infection of those computers, or an operator who happened to infiltrate the site. If it is some sort of virus like what damaged iran's uranium enriching centrifuges killing the hacker to stop it would make no difference. These independent military law experts are obviously trying to pull something, or they have no business being called experts. Now if they want to add a death penalty to the punishment of caught hackers who do things that kill people like causing a chemical explosion then I can see that. If they are implying that you could drone strike a hacker in real time to stop such an attack they are better off drone striking the chemical plant.

yet another in a long line of computer hacker paranoia that is trying to enable the military to kill without trial by claiming an immediate threat. At least that is what i hope it is and that our country's computer experts watching dangerous things are not so stupid to allow offsite control of those computer systems. If you are already on site then they already have you in a spot where they can kill you pretty easily for being a threat.

As for data leaks that is not the same sort of issue as initiating a explosion. Most leaks are not immediately threatening to life or national security.

Computer Network Attacks can indeed be launched real-time. In a conflict, taking out the manner in which the enemy is attempting to destroy your C4I (or other) capabilities is indeed a lawful strike.
 
Computer Network Attacks can indeed be launched real-time. In a conflict, taking out the manner in which the enemy is attempting to destroy your C4I (or other) capabilities is indeed a lawful strike.

Again, if the attack were occurring it would most likely involve proxies and or multiple different systems. The best bet would actually be to secure at the site rather than to attempt to find out where a hacker is you do not know about. It would make no difference at all if the infiltration was viral as the process is not killed because the hacker dies. Again, you would be better off working at the site to eliminate that infection than to actually try to blow up the hacker. After those things are all done you can track down the hacker with investigations and charge them, but you are not going to do that without a miracle in real time with a hacker that has the talent to cut through military encryption. this is just an excuse to get a ignorant public to endorse a strike on a target that the military will claim is an immediate thereat which they will never have to prove or be questioned on. Either that or all of our computer controlled military equipment is so hopelessly insecure it is more of a danger to us than it is to our enemy.
 
Again, if the attack were occurring it would most likely involve proxies and or multiple different systems.

:lol: there's an app for that ;)

The best bet would actually be to secure at the site rather than to attempt to find out where a hacker is you do not know about.

If you didn't know where the hacker was. This is akin to attempting to defeat enemy artillery by digging in without responding with counterbattery. However you are forgetting yourself. If we don't know where the hacker is, then whether or not to bomb his position isn't really that much of an issue, now, is it? :)

Again, you would be better off working at the site to eliminate that infection than to actually try to blow up the hacker

No, a smart response involves defense and offense. Information Assurance and Computer Network Defense are important pieces of the puzzle, but they are not the puzzle. If I could suggest some reading. Make sure you also cover application.

After those things are all done you can track down the hacker with investigations and charge them, but you are not going to do that without a miracle in real time with a hacker that has the talent to cut through military encryption

Especially given that lots of those hackers are foreign military; and you would be amazed how non-seriously the PRC takes our extradition requests for their top performers.

this is just an excuse to get a ignorant public to endorse a strike on a target that the military will claim is an immediate thereat which they will never have to prove or be questioned on.

You are making pretense to a world of which you know little.

Either that or all of our computer controlled military equipment is so hopelessly insecure it is more of a danger to us than it is to our enemy.

No, but only fools ignore the capabilities of their enemies.
 
2) Lethal force should be a proportional response. If someone manages to make something explode over the internet and it kills people, then its reasonable to respond in kind. A power outage hardly justifies the use of violence.

Power outages kill people. Between hospital patients and potential rioting, a well-placed power outage could kill hundreds.
 
Power outages kill people. Between hospital patients and potential rioting, a well-placed power outage could kill hundreds.

Bingo. In combat operations, we don't target enemy's power systems because we want to ruin their video gaming. That's also why CDE requires Intelligence Buy-In.
 
Back
Top Bottom