Revelations that Russian intelligence agents penetrated the computer systems of Yahoo three years ago is hardly news to someone like Marina Kaljurand, writes the San Francisco Chronicle.
As the Estonian ambassador to Russia in 2007, she contacted officials there after a cyberattack against her country, which Estonia blamed on Russia. The denial-of-service assault effectively shut down the websites of the former Soviet republic’s parliament, newspapers and banks by overwhelming the sites with Internet traffic rerouted from other servers.
As you can imagine, she didn’t get far. “It was a one-sided conversation,” said Kaljurand, who’s attending a cybersecurity conference in Berkeley this week. “There was no response from Russia.”
Events seem to have come full circle for Kaljurand, who’s now chairing the Global Commission on the Stability of Cyberspace. The organization wants to establish guidelines on what’s permissible or out of bounds when it comes to hacking computer systems in another country.
Marina Kaljurand, Global Commission on the Stability of Cyberspace chair, answers questions during an interview on Monday, March 13, 2017 in San Francisco, Calif. Photo: Lea Suzuki, The Chronicle Photo: Lea Suzuki, The Chronicle Marina Kaljurand, Global Commission on the Stability of Cyberspace chair, answers questions during an interview on Monday, March 13, 2017 in San Francisco, Calif.
In many ways, the commission owes its existence to Russia. In the past, the world generally accepted that countries spied on each other and occasionally fought officially declared wars with bullets and bombs. But the assault against Estonia seemed symbolic of a disturbing new era in international conflicts, in which state-sponsored hackers target civilian institutions during peacetime for political and economic gain.
No one is more aware of the new threat than Silicon Valley, where the indictments for the Yahoo hack underscore growing concerns over security. As another example, the U.S. has regularly complained to China about hackers with suspected ties to the People’s Liberation Army trying to steal secrets from universities and tech firms.
It makes sense to establish some norms of behavior for countries to spar over the Internet. You can’t eliminate attacks, but perhaps you can agree on what crosses the line.
Countries like Russia probably won’t be keen on an international policy. After all, the two Russian spies included in the federal indictments in the Yahoo hack presumably got their orders from higher up. The U.S., for its part, has done its share of spying, too. Last week WikiLeaks revealed programs it said the Central Intelligence Agency used to hack into common devices like smartphones, methods that could be used to get around messaging encryption.
Kaljurand doesn’t think we should create a Geneva Convention for online warfare. She said the new commission, formed with the support of the Netherlands, Microsoft and some think tanks, will develop ways we can apply existing international laws to the Internet. Notably, it includes no representatives from Russia, though there are two from China: Xiaodong Lee, a professor of the Chinese Academy of Sciences, and Zhang Li, a top official with China Institutes of Contemporary International Relations.
The Geneva Conventions forbid the deliberate targeting of civilians in a war. So a reasonable interpretation of the law would mean a nation can’t blow up a dam or a natural gas plant through a computer hack if those actions would kill or injure civilians.
That has happened before. After Russia invaded Ukraine in 2014, for example, hackers repeatedly attacked Ukraine’s power grid. And civilians are targeted, or at least collateral damage, in many hacks.
In the Yahoo breach, the Russians were targeting foreign officials, business executives, journalists and even politicians from their own country. This year, U.S. intelligence agencies concluded Russia attempted to influence the presidential election by leaking emails it stole from Democrats.
China is another emerging player in the hacking world, with a motivation that is partly financial. In a 2013 report, the National Bureau of Asian Research concluded that intellectual property theft cost the United States about $300 billion a year in exports to Asia. The study, led by former director of national intelligence and Navy Adm. Dennis Blair and Jon Huntsman, a former U.S. ambassador to China, also estimated that China accounted for up to 80 percent of all such thefts around the world.
The article in full http://bit.ly/2mYRYHU