Forgot your password?
typodupeerror
Government Software The Military Politics Your Rights Online

Do Nations Have the Right To Kill Enemy Hackers? 482

Posted by timothy
from the do-nations-have-the-right-to-kill? dept.
Nerval's Lobster writes "Cyber-attacks are much in the news lately, thanks to some well-publicized hacks and rising concerns over malware. Many of these attacks are likely backed in some way by governments anxious to seize intellectual property, or simply probe other nations' IT infrastructure. But do nations actually have a right to fire off a bomb or a clip of ammunition at cyber-attackers, especially if a rival government is backing the latter as part of a larger hostile action? Should a military hacker, bored and exhausted from twelve-hour days of building malware, be regarded in the same way as a soldier with a rifle? Back in 2009, the NATO Cooperative Cyber Defence Centre of Excellence (which also exists under the lengthy acronym NATO CCD COE) commissioned a panel of experts to produce a report on the legal underpinnings of cyber-warfare. NATO CCD COE isn't funded by NATO, and nor is it a part of that organization's command-and-control structure—but those experts did issue a nonbinding report (known as "The Tallinn Manual on the International Law Applicable to Cyber Warfare") exploring the ramifications of cyber-attacks, and what targeted nations can do in response. It's an interesting read, and the experts do suggest that, under circumstances, a nation under cyber-attack can respond to the cyber-attackers with "kinetic force," so long as that force is proportional. Do you agree?"
This discussion has been archived. No new comments can be posted.

Do Nations Have the Right To Kill Enemy Hackers?

Comments Filter:
  • Yes. (Score:5, Insightful)

    by egcagrac0 (1410377) on Thursday March 21, 2013 @05:29PM (#43239491)

    A nation should be able to retaliate against attack.

    It would be morally wrong to not try a hacking counterattack first, however.

    • Re:Yes. (Score:5, Insightful)

      by Barlo_Mung_42 (411228) on Thursday March 21, 2013 @05:34PM (#43239553) Homepage

      No. There isn't enough transparency to be sure we are killing the right person in such a case. We bomb to many innocent people as it is.

      • Re:Yes. (Score:5, Insightful)

        by ZombieBraintrust (1685608) on Thursday March 21, 2013 @05:50PM (#43239785)
        Cyber attacks falls under espionage. Nations have been killing spies for thousands of years. There is always a risk when killings spys of killing a civilion. They generally don't use bombs to do it though.
        • Re:Yes. (Score:4, Insightful)

          by dnorman (135330) on Thursday March 21, 2013 @06:03PM (#43239915) Homepage

          the difference is that a spy is traditionally on enemy soil, so are likely considered more fair game. a hacker is likely operating from a basement bunker in virginia etc...

        • by ThePeices (635180)

          There is always a risk when killings spys of killing a civilion.

          Im sorry, but civilions dont exist. Ive met *many* an ion in my life, and not a single one of those bastards was ever civil to me.

      • Re:Yes. (Score:5, Insightful)

        by StormyWeather (543593) on Thursday March 21, 2013 @06:28PM (#43240237) Homepage

        You are morally opposed to bombing, that's cool, I can respect that seriously.

        However if we bomb a janitor trying to feed his family and taking the only job he can find at a bullet manufacturing plant and kill him, then what makes him so diametrically more involved in war than someone writing software to guide missiles, or someone who writes software to melt down an enemy nuclear rector or worse.

        Rules of war are a zany thing, especially since one side (the underdogs) usually ignores them completely and figures they probably won't be alive to see the aftermath of that decision, or they will be a totalitarian regime, and won't have to face the music.

    • Re:Yes. (Score:5, Insightful)

      by khasim (1285) <brandioch.conner@gmail.com> on Thursday March 21, 2013 @05:37PM (#43239589)

      The problem is locating the attacker.

      Rather than the cracked computer that Grandma hasn't updated since she bought it 8 years ago.

      Any cracker should be going through at least 2 levels of zombies he controls that are configured to dump all the logs to /dev/null.

      Drone strike on the senior center.

      • by PhxBlue (562201)

        ... Rather than the cracked computer that Grandma hasn't updated since she bought it 8 years ago.

        Right, and this is why the DOD hasn't really come down on one side or the other where cyberattack response is concerned.

      • Re:Yes. (Score:5, Funny)

        by vidnet (580068) on Thursday March 21, 2013 @05:52PM (#43239807) Homepage

        Let's do it. This would solve the growing cost of pensions, and open up lawns for kids everywhere.

      • You have assumed 2 things... A) we have to get this information the info on who is responsible by tracing the attacker's footsteps, we can obtain this information via old fashioned espionage, say an inside guy B) that we would retaliate against the specific person who performed the attack. If an attack is funded by a nation-state, the proportional response can be against that nation-state, not the individual. If China were to take out our electrical grid, the proportional response is to take out theirs
    • Re:Yes. (Score:4, Insightful)

      by Fluffeh (1273756) on Thursday March 21, 2013 @05:37PM (#43239595)

      A nation should be able to retaliate against attack.

      I think the old saying "If you play with fire, you might get burnt..." applies here. Do I think it is right, yes and no at the same time. Just because the hacker is sitting in an office typing on a keyboard doesn't mean he/she isn't inflicting real world harm on others in another part of the world. At the same time, I think it would likely be a huge escalation to go from something being hacked to dropping a bomb - but that's not to say that dumb things don't happen - especially when politicians are involved.

      I think anyone who is doing harm to another country, whether it is with a rifle and boots, or with a keyboard and an internet connection is fair game.

      • Re:Yes. (Score:5, Insightful)

        by hedwards (940851) on Thursday March 21, 2013 @05:47PM (#43239727)

        It makes a huge difference whether somebody is armed or using a computer. So, what's next, we bomb Chinese factories because their goods harm Americans? Because that's about as rational as what you're suggesting.

        Taking human life needs to be done thoughtfully, doing it because you can is something that states are supposed to aspire not to do. And really, they shouldn't be taking life over this sort of thing.

        • Re: (Score:2, Interesting)

          by Anonymous Coward

          It makes a huge difference whether somebody is armed or using a computer.

          NO. It makes a huge difference whether somebody is *acting as an agent of the country's government (military or intel agency)* or not.

          If you are a hacker, in the employ and uniform of your nation's military, then you are a legitimate target in a state of war. If a military truck driver in a military convoy is a legitimate target, then so is a military hacker. If not in a state of war, and you are captured as a spy, you are also sub

      • Re:Yes. (Score:4, Insightful)

        by sjames (1099) on Thursday March 21, 2013 @05:48PM (#43239747) Homepage

        It does need tio be considered carefully, but a cyberwarfare hacker and facility are every bit as much a legitimate target of war as a central headquarters, signals intelligence installation or codebreakers. However, if a shooting war hasn't (yet) broken out, it is also just as much an escalation as bombing any other military target would be.

        • by girlinatrainingbra (2738457) on Thursday March 21, 2013 @06:05PM (#43239941)
          And shouldn't drone pilots from and within the USA be just as much a target for targeted killing by the "other side" even while they are located in the USA geographical boundaries? So if the cyberwarfare hacker is still a legitimate target while not actively engaged in the "war activity", couldn't a USA drone pilot be legitimately targeted while walking into a grocery store to buy groceries for her/his family and herself/himself? There's a lot to think about when we decide to expand the boundaries of what we are allowed to do while still claiming "nya-nya-nya, you can't do that to us while we can do that to you", mostly because of the assymetry of our tactical abilities.
          .
          Overreaching on moral boundaries because of our tactical abilities could be our downfall when we no longer have the tactical advantage. We no longer have the moral advantage (considering the things that have already been done in "our" name, since it is our USA and our armed forces and our "special forces" that have carried out extra-ordinary rendition, torture in Abu Ghraim, extra-judicial kidnappings and extra-judicial extra-warfare executions/assassinations) but it makes to sense to keep digging ourselves deeper when we could actually be a beacon of sensibility to the world. Oh, wait, that's not really our goal, is it, regardless of whether the Republicans or Democrats are leading in the Executive or in the Legislative branches of our government.
          • oops, I mis-spelled "asymmetry" as "assymetry", but then again our "asymmetry" is a metric/measure of our assiness, isn't it? humor from mis-spelling, or freudian slipperiness from mis-spelling? signed, ms. mis-spellings-r-us.
      • by bonehead (6382)

        I think anyone who is doing harm to another country, whether it is with a rifle and boots, or with a keyboard and an internet connection is fair game.

        I agree with this, but it is still a matter of degrees. The level of retaliation should be at least somewhat in scale with the potential damage the hacker could do. Robbing some bank accounts is one thing, disabling the cooling system in a nuclear reactor is something else.

        And, of course there's the problem if positively identifying the real attacker. But once that's done with certainty, then yes, they're every bit as fair game as someone charging at citizens with a rifle.

    • A parallel (Score:5, Insightful)

      by mhajicek (1582795) on Thursday March 21, 2013 @05:46PM (#43239719)
      Should a factory worker manufacturing weapons and munitions be targeted? In war historically they have been. I think the main problem now is that we don't have distinct times of war and peace, we have a messy in-between all the time.
      • by mjwalshe (1680392)
        yes to give a real life example my father was bombed out of his house in WW2 the Luftwaffe was aiming for the big spitfire plant nearby at castle bromwitch - lucky he wasn't in the house at the time or I would not be here :-)
    • Re:Yes. (Score:5, Insightful)

      by gl4ss (559668) on Thursday March 21, 2013 @05:57PM (#43239853) Homepage Journal

      they don't have the right to just kill random dudes around the world without a trial. where the fuck did you get that idea? obama? bush?

      maybe, maybe if they first define that they're in a war with the said enemy country and then start bombing them or invade them and kill the said hacker in battle(just shooting them in cold blood and not taking them as POW would still not be right).

      even then it's debatable if they have the right for it. doesn't mean that some countries wouldn't do shit like that without declaring war though. it just doesn't make it right.

      where the fuck did you guys learn your ethics for war? from fucking terrorists? what's next, saying it's ok to use mustard gas on suspected hooligans since shop keepers have a right to defend their porch? gunning down someone who stole your wifi is ok?

    • by erroneus (253617)

      Sorry, but what's a proper counter-attack?

      What if the first attack disabled banking services while the response disabled all power to all hospitals?

      One is more likely to cost lives than another.

      I think it's better to just say "yes" and be done with it. The fact is these rules are set to convey what an actor should expect in retaliation. If is is expected that a bombing attack or a sniper's bullet may be the return for engaging a target (because let's face it, the attack may have been enough to disable ha

      • by DarkOx (621550)

        How do you even answer the question which is more serious? Disabling power systems in hospitals will probably kill more people in immediate terms. Taking out the banking infrastructure in a nation like ours would cause chaos and might cripple industry in preparation for a larger kinetic invasion.

    • by lkcl (517947)

      the geneva convention is very clear. if a citizen of a country is physically attacked by soldiers from another country, it is AUTOMATICALLY a declaration of war by the attacking country. once that declaration has been made - whether it be implicit or explicit - that declaration AUTOMATICALLY gives ALL citizens of the country that has been attacked the right to retaliate against all and any assets and citizens of the attacking country.

      as i have mentioned repeatedly on slashdot for some years now whenever t

      • Re:WARNING (Score:4, Informative)

        by bloodhawk (813939) on Thursday March 21, 2013 @09:38PM (#43242211)
        Perhaps you should go reread the Geneva convention. It is actually very explicit about protection of civilians, your country being at war does not in any way open its citizens up to attack under the convention. The Fourth Geneva Convention is all about protection of non combatants in a war zone.
  • by the eric conspiracy (20178) on Thursday March 21, 2013 @05:30PM (#43239507)

    If said hacker is messing with infrastructure, yes. That sort of thing can put lives at risk.

    • Will you apply those rules to the home team?

    • by mjwalshe (1680392)
      And in some cases is a war crime eg targeting hospitals power supply that would be a war crime under current law
    • by alexgieg (948359)

      Well, one could calculate the total amount of force used by the hacker while pressing his keys and retaliate proportionally. One trembling punch and two pokes per hacked site should be about right.

      • by vux984 (928602) on Thursday March 21, 2013 @06:23PM (#43240169)

        Well, one could calculate the total amount of force used by the hacker while pressing his keys and retaliate proportionally.

        So if the hacker's been pounding away on his beloved Model-M, then we can drop a bunker buster on him and call it even.

        His neighbors would probably appreciate the quiet too.

  • There are enough fatal errors made when soldiers and armed police kill innocent people carrying brooms, and the like, that are mistaken for firearms. With all the spoofing techniques available, how certain could they be that a strike was based on stringent enough intelligence?
  • by GameboyRMH (1153867) <gameboyrmh@gm[ ].com ['ail' in gap]> on Thursday March 21, 2013 @05:35PM (#43239567) Journal

    Now, to hack into RIAA headquarters and launch an attack from there in the name of Al Quaeda! Take off every drone!

  • Irrelevant (Score:5, Insightful)

    by Hatta (162192) on Thursday March 21, 2013 @05:37PM (#43239601) Journal

    The biggest threats to our freedom, safety, and economic well being come from our own governments, not foreign ones. When we start using proportional force against internal threats, we can start talking about what proportional force against external threats is.

    IOW, I'm a lot more scared of Goldman Sachs than I am scared of China.

    • You've heard the maxim that violence solves nothing? That's not quite true. "Proportional violence" solves nothing. "Overwhelming violence" ends issues. You can debate the morality of this truism, but history backs its legitimacy.

      Think of all of the long term wasted resources and suffering that could be solved with a little overwhelming force... The next time Israel and one of their neighbors starts slapping each other with their silly limp wristed marketing ploys.....nuke Jerasulem and the capital of

  • or Gitmo. That place is still open, right?
  • I never even considered this possibility until right now. I mean killing someone for hacking? I would generally say no, but what if its an infrastructure sort of thing. Like they hacked into a hospital and fiddles with patient records and people died, or they hacked into ATC and caused plane crashes? Should they be tried for murder? If we are at war with that country should they just be attacked by drones and killed off like an enemy combatant? I don't really like where this train of thought is heading, it
    • What the summary is describing is espionage. Spies have been killed for stealing tech and breaking things for hundreds if not thousands of years. Just because a spy can program doesn't give them special status.
  • Yes obviously if attacks are of a serious level then eventually some one is going to go kinetic - taking out undersea cables using ROV's is doable for some countrys or a 2000kg Jdam on top of the countrys cable lading points.

    Or less serious have your man from universal exports / SAG group do a hardcore run and find the right manhole covers pour in diesel add polystyrene packing elements and a short delay fuse.

    In fact close reading of something the Foreign secretary said in a recent documentary on
  • Now we can finally get rid of all those meddling proxies and exit nodes!

    Damn those enemy combatant hacker-terrorists polluting the RAIN-clouds and causing your PVR to miss recordings!

  • There is enough trouble as it is proving that an IP on a file sharing network is legit and it is the current owner of that IP who is sharing a file. With the resources available to a government agency, how likely is it that an IP would actually point at the source of the attack?

    This is going to lead to the bombing of apartment buildings with tons of collateral damage.

  • The summary I read restricted a "kinetic response" to cases where "kinetic damage" occurred. For those who do not read that language, that means no dropping bombs unless physical damage is done.

    So Iran might have been justified under this doctrine in attacking the creators of Stuxnet, but South Korea would not be justified under this doctrine in launching a few artillery shells/missiles at the initiator of whoever attacked them, because while wiping hard drives is really annoying, it does not rise to the l

    • by EdZ (755139)

      that means no dropping bombs unless physical damage is done.

      Then how would strikes against AWACS be justified? They're electronic warfare platforms, and legitimate targets, but they carry no physically offensive weapons, and cannot directly cause injury. You could even consider jamming as a wireless Denial Of Service attack.

  • by Okian Warrior (537106) on Thursday March 21, 2013 @05:42PM (#43239665) Homepage Journal

    If memory serves, the US government doesn't consider firing missiles into a foreign country an act of war (used as justification for the missile attacks into Syria).

    If firing missiles into a country isn't an act of war, which surely killed foreign citizens at the time, then by that logic it is OK for a country to kill foreign hackers.

    Just get the geo-location of their IP address and fire off a couple of missiles. Or (as described here [imdb.com]) have agents drive a jeep into the cul-de-sac of the house in question, fire off a bazooka or M47 or other portable "instrument of justice" into the house, and drive off.

    Really, it's a no-brainer.

  • Say someone is trying to take down the power supply in a hospital or disable safeguards in a nuclear plant. But, this is one of those probably fictitious "24" scenarios. If you have that much information to find the guy, you should already have enough intel to stop him by more reasonable means.

  • Every nation on Earth already has the right to kill whoever they want.

    But in this particular case, the question is not do they have the right but do they want to go to war with the country that citizen is part of or not.

  • a nation under cyber-attack can respond to the cyber-attackers with "kinetic force," so long as that force is proportional.

    What defines "proportional" in this case? Do they have to spend a night in the box?

  • by girlintraining (1395911) on Thursday March 21, 2013 @05:48PM (#43239751)

    "We are certain there are weapons of mass destruction in Iraq."

    Thousands of deaths later... evidence emerges this was a complete fabrication.

    "A broader definition of imminent","No specific threat","Without trial or due process."

    Quoting recent media regarding the Obama Administration's use of drones against Americans domestically.

    Now, these are just the military examples. How many people have been given the death penalty after exhausting all of their appeals, due process, etc., only to later have it emerge that authorities lied, omitted key evidence, or coerced confessions? More than you're probably comfortable admitting.

    And now, we're going to entrust the government with making the correct and accurate assessment of who the hacker is, and then use lethal force on them? We can't even properly trace a 911 call before sending the SWAT team to a guy's house in an attempt to get him killed even after the guy warned them this would happen ahead of time! What the sam hell makes any of you think they're going to do better on a network with far less security and safeguards than our public telecommunications network?

  • If the answer to the article's question is yes, then the hackers would know that they may be targeted with lethal force. Once they know that, they may start to carry firearms themselves (without the training that actual combatants have). This would lead to chaos, as they might start shooting themselves, their cube neighbors, the shopkeeper down the street, the telemarketer on the phone...

    I say *NO*! We don't need even more wanna be ganstas shooting at just anything that freekin moves. What happens in the
  • Finally... (Score:3, Funny)

    by Penguinshit (591885) on Thursday March 21, 2013 @05:54PM (#43239827) Homepage Journal
    ... a REAL use for Power Over Ethernet!
  • Well, given the "proportion" the justice seems deems fair for copyright infringement (multi-million dollar judgements) and violating the terms of service of websites (20+ years in jail, million-dollar fines) I'd say the appropriate response to, say, defacement of a government website by a foreign hacker is a tactical nuclear weapon lobbed at him.

  • if a country can kill hackers, shouldn't it be able to call in the drones against tax cheats, dishonest bankers, publishers of unflattering new articles, jokes which insult the dignity of the nation...

    • Tax cheats can't take out your electrical or water supplies and are not sponsored by other countries.
  • I fail to see where someone on a computer is any less valid a target than roads, railroads, ships, ports, & factories have been in past wars. All may contain civilians, but all are contributing to the war effort.

    BTW - "proportional"? What does that have to do with the situation?
  • When considering state-sponsored hacking, responsibility needs to be traced back to the state level, not the individual. Additonally, the proportional response should be based on the intended outcome of the attack. If China tries to take out the US power grid, the proportional response should be to take out their power grid by a means of our choosing. That may or may not include physical damage, missiles etc. We all know that cyber-attacks can have real world consequences, they must be met with rea
  • They used to use poison darts now it's poisoned Red Bull and Hot Pockets
    • I'm pretty sure a caffeine embargo would defeat the hackers or at least drastically lower their efficiency.
  • Let's all look forward to the days when people like the guy who got into Sarah Palin's email can be summarily executed without a trial.

  • Just another defense contractor play for money. Same old story from the Military Industrial Complex.

  • Typically nations are expected to attack the other nation's strategic resources, and any people who get in the way are going to get creamed. Nations may also target persons who are providing an effective defense or offense against themselves. There's nothing new here.

    However, as mentioned above, it may be very difficult to accurately target the hacker. IMO in most cases it will prove more efficient to target the other nation's infrastructure. Breaking fiber optic links, locking attackers out of satellites y

  • by sbjornda (199447) <sbjorndaNO@SPAMhotmail.com> on Thursday March 21, 2013 @06:25PM (#43240187)
    I imagine pretty soon China and North Korea will be sending their drones to the U.S. to take out dissident Chinese and North Korean citizens who are trying to crack their infrastructure from afar. Drones on foreign soil to execute dissident expatriots... soon to be a global phenomenon.

Everyone can be taught to sculpt: Michelangelo would have had to be taught how not to. So it is with the great programmers.

Working...