In the wake of the surge in people joining patriotic cyber gangs, especially since Ukraine-Russia conflict, the International Committee of the Red Cross (ICRC) has issued eight rules of engagement for hacktivists who are involved in armed conflicts.
The eight rules are as follows:
Further, ICRC has warned hacktivist groups that their actions can endanger lives.
ICRC legal adviser Dr Tilman Rodenh?user stated, 'Some experts consider civilian hacking activity as 'cyber-vigilantism' and argue that their operations are technically not sophisticated and unlikely to cause significant effects.'
'However, some of the groups we're seeing on both sides are large and these 'armies' have disrupted... banks, companies, pharmacies, hospitals, railway networks and civilian government services.'
Several hacking groups have expressed reservations about following these rules. A spokesperson from Killnet has stated, 'Why should I listen to the Red Cross?' Anonymous Sudan has stated, 'Adhering to the rules can place one party at a disadvantage,' and that the new rules were 'not viable and that breaking them for the group's cause is unavoidable'. They also stated that the group 'always operated based on several principles, including rules cited by the ICRC', but had now lost faith in the organisation and would not follow its new rules.
Why does it matter?The rules themselves are extracted from international humanitarian law (IHL), which protects civilians and soldiers who are no longer able to fight, in armed conflicts. The ICRC underlined that any actors in cyberspace must be aware of these 8 rules and respect them as a minimum. However, the application of IHL in cyberspace is still a point of contention, as seen in the negotiations within the UN Open-Ended Working Group (OEWG) on security of and in the use of information and communications technologies 2021