Article by Anind Umrao and Priyanka Preet
Pulwama and escalating Cybernationalism
It has been a month since the dastardly attack on the Indian Army in Pulwama rattled and jarred the Indian citizenry. 46 soldiers lost their lives with another 20 still reeling from the bomb attack. It is but natural that the nationalistic fervor ran high on either side of the border, replete with vehement aspersions. But the mud-slinging was not restricted to demonstrations, effigy burning and social media wars alone. More than 200 Pakistani websites were hacked by an Indian hacker group- ‘Team I Crew’. Messages like 'we will never forget #14/02/19', 'dedicated to the martyrs sacrificed their lives in #Pulwama Terror Attack' were strewn across various Pakistani government websites, as an ode to the martyrdom of the Central Reserve Police Force Jawans (soldiers).
Many dub it to be the biggest cyber-attack launched by Indian hackers on the Pakistani cyberspace. Experts say that such cyber-attacks are ritualistic around the month of August when both the nations celebrate their Independence Days. ]
South Asian techies from both the countries put their skills and patriotic fervor to test by defacing each other’s websites by smearing the national anthem and the emblem across the web page, further riling up hostilities.
Cybernationalism to Cyberwarfare
Admittedly, the effects of this ‘cyber harassment’ are largely confined to economic and reputation losses to website operators which consequently require reconstruction. Website defacements attract social media smear campaigns and further serve as an annoyance to the masses. Technologically, much of these cyber activities are performed through unsophisticated tools and yet the techies manage to steal information and achieve strategic goals. After reports that Russia meddled in the US elections by hacking machines and creating propaganda on the internet and the recent ransomware and other cyber-attacks being attributed to North Korea, Indian authorities are not risking anything. Lt. Gen. DS Hooda, formed Indian Army General warns that Critical Infrastructure and military installations getting connected to the ‘Internet of Things’ (IoT) are potent threats of enormous escalation.
Moreover, India’s growth economically and diplomatically, in the sub-continent, has made its Critical Infrastructure a soft-spot for Chinese and Pakistani hackers.
Till now such activities have been typically been performed by non-state actors, it is difficult to ascertain the origin of such conduct: whether these are mere shadowy hackers or official state apparatus. The receiver of such attacks might also deem such attacks as being conducted by the official government.
India and Pakistan have nuclear capabilities and an escalation from cyberspace could transpose into a real-world conflict. What is unique is that experts from both the nations have failed to take cognizance and stand under-prepared for any aggravation whatsoever.
The premise that even college-level hacktivists and techies, relying on simple technology, can steal a significant volume of information from their victims, bears testimony that the experts are not well-versed in cyber-security issues.
International Law Implications
A hackneyed principle of the UN Charter is that the member states are not permitted to use force against each other. The law regarding prevention of the ‘use of force’ is present in Article 2(4) of the Charter, which precludes a member state from employing “the threat or use of force against the territorial integrity or political independence of any state, or in any other manner inconsistent with the purposes of the United Nations”. The International Court of Justice (ICJ) has additionally ratified and prohibited the use of force by holding it as a core principle of the International Customary Law. Article 2(4) of the UN Charter ostracizes all forms of use of force, independent of the inspiration behind it.
Article 2(4) as presented in Dumbarton Oaks conference reads as total prohibition on ‘use of force’. Furthermore, the expression ‘political independence’ and ‘territorial integrity’ were introduced to afford security to small states. In any event, customs that have developed parallel to the Charter underpins the expanded interpretation of Article 2(4).
There is no exact terminology for the phrase ‘use of force’, it is found to be exhaustive in nature and is comprehended to include not just ‘armed attacks’, but any attack which results in annihilation of the property, irrespective of the method incorporated. This also includes Cyber Attacks, specifically when the target is to damage the National Critical Infrastructure of a country.
ICJ in the ‘Nuclear Weapons Advisory Opinion’ expressed that the provisions analogous to ‘use of force’ under the UN Charter are applicable to any unspecified ‘use of force’ independent of the arms employed. The countries of the developing world often support the notion that ‘force’ incorporates all forms of pressure, including financial and political coercion that undermines the state independence.
There is a clear breach of sovereignty when these cyber-attacks cause material harm to the usefulness of a digital framework in the target states. Such cyber trespassing or attacks must not be taken as temporary destructions even if they cause momentary damage and should likewise be comprehended to envelop such activities that upset the working of an infrastructure without causing any physical harm. For instance, the use of biological or chemical or radiological agents would still be accounted as an attack even though the attack might not have been physically encountered. Therefore, it has rightfully been acknowledged that the definition of attack is not constituted by its means but by the consequences which it brings forth. Thus, even the defraying of the data encapsulated within the high-speed data cables and satellites will also come under the white concept of an attack. Cyber operations can even be regarded as an attack within the meaning of International Humanitarian Law (IHL), when they bring forth death or injury or cause any damage or physical destruction, along with unwanted interferences to computer systems.
What next?
While website defacement has no specific solution to it, there are a few tactics that website owners can resort to for conducting such penetration. Website defacement monitoring and detection tools could also serve as possible solutions. Many such cyberattacks between India and Pakistan hacktivists start with spear phishing campaigns. The emails lure the victim to download an attachment with malwares or direct the victim to a malicious website. There are email authentication systems like Sender Policy Framework can also resolve phishing problems. SPF authenticates the identity of the sender of the email thus verifying the phishing email.
Cyberspace has been touted as the ‘fifth dimension’ of war after land, water, air and space and cybertools are only new ways to harass the other state. The advent of cyber nationalism has augmented new actors in the cyberwar field and their actions can be misconstrued as authentic state action. Cyber harassment could escalate tensions into conventional conflicts. As of now, the ties between India and Pakistan stand severed and the next few months shall be experiencing tension and skirmishes. A local physical attack has already worsened the relationship; a cyber-attack on the National Critical Infrastructure would only spell disaster for the entirety of the population.
About the Authors: Anind Umrao is a 3rd-year law student pursuing B.A. LL.B (Hons.) at Dr. Ram Manohar Lohiya National Law University LucknowPriyanka Preet is a 2nd-year law student pursuing B.A. LL.B (Hons.) at Dr. Ram Manohar Lohiya National Law University Lucknow.Both Authors are inclined towards Criminal Law and Public International Law.