Russian hackers’ cyberattacks on Ukraine could breach Geneva Conventions, Microsoft chief warns

There have been ‘precise’ attacks on the ‘emergency response services [and] humanitarian aid efforts’, company president Brad Smith said

Adam Smith
Tuesday 01 March 2022 13:57 GMT
Comments
(POOL/AFP via Getty Images)

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

The cyberattacks targeting civilians in Ukraine could raise “serious concerns under the Geneva Convention”, the president of Microsoft has said.

Brad Smith said in a blog post that there had been a round of “offensive and destructive cyberattacks directed against Ukraine’s digital infrastructure” hours before the launch of missiles and tanks on 24 February.

The attacks have been “precisely targeted”, with the company especially concerned about targets “including the financial sector, agriculture sector, emergency response services, humanitarian aid efforts, and energy sector organizations”

The Ukrainian government has also been warned about cyber attacks that could steal health, insurance, and transportation data that could personally identify citizens, Mr Smith went on.

Already, global technologies such as Google are limiting the amount of data that can be gathered from their products.

The search giant blocked Google Maps’ live traffic overlay and Live Busyness feature, which keeps track how many people are in a particular location at one time, to avoid them being used by invaders to coordinate military attacks.

“The past few days have seen kinetic warfare accompanied with a well-orchestrated battle ongoing in the information ecosystem where the ammunition is disinformation, undermining truth and sowing seeds of discord and distrust”, Mr Smith also said.

“This requires decisive efforts across the tech sector – both individually by companies and in partnership with others – as well as with governments, academia and civil society.”

The Geneva Conventions are treaties and international protocols that safeguard humanitarian treatment in war, such as protections for the wounded and sick, as well as civilians.

However, international humanitarian law generally only applies in the context of an armed conflict, but practitioners of the law “hardly ... disputes that IHL applies to cyber operations during armed conflict”, expert Tilman Rodenhäuser has said.

In Ukraine, the internet still works and power plants and other critical infrastructure continues to operate, leading some experts have pushed back against the view that Russia’s cyber campaign has been as organised and decisive as it could be.

Devastating cyberattacks have “not played as large a component as some people thought it might and it definitely has not been seen outside of Ukraine to the extent that people feared,” said Michael Daniel, a former White House cybersecurity coordinator, but added that the situation could “still change.”

Instead, Russia’s campaign seems improvised, according to Dr Lennart Maschmeyer at the Center for Security Studies at the university ETH Zurich.

“A plausible scenario for more devastating cyber-attacks was that Russia had planned this invasion for a long time, and prepositioned implants across Ukraine’s critical infrastructure in order to cause mass disruptions coinciding with the military invasion”, Dr Maschmeyer told The Guardian.

“That does not seem to be the case. The cyber operations we have seen do not show long preparation, and instead look rather haphazard,”

Activist hackers have been fighting against Russia with the intention of distracting operatives to prevent them launching attacks, but it is not entirely clear how successful such actions have been.

The hacking group Anonymous has claimed responsibility for 1,500 attacks on Russian and Belarusian government websites, banks, and state media – although that figure should be taken with the caveat that anyone can claim to be a member of the group due to their anonymity.

Russian state broadcaster RT was taken down three days ago. “After the statement by Anonymous, RT’s websites became the subject of a massive DDoS attack from nearly 100 million devices, mostly based in the US”, RT told The Independent in a statement.

Russian media site Fontanka, state-owned news agency Tass and daily newspaper Kommersant were also all hacked by Anonymous yesterday to present a message asking citizens to help “stop this madness” and claiming Russian President Vladamir Putin “makes us lie and puts us in danger.”

The Kremlin did not respond to a request for comment from The Independent before time of publication.

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in