Categories
Communication CyberSecurity Media News Safety Security

The ICRC issues “Rules of engagement” to hacktivists after chaos

The International Committee of the Red Cross (ICRC) has, for the first time, published rules of engagement for civilian hackers involved in conflicts.

The organisation warns unprecedented numbers of people are joining patriotic cyber-gangs since the Ukraine invasion.

The eight rules include bans on attacks on hospitals, hacking tools that spread uncontrollably and threats that engender terror among civilians.

But some cyber-gangs have told BBC News they plan to ignore them.

Spreading globally

The ICRC, responsible for overseeing and monitoring the rules of war, is sending the new rules to hacking groups particularly involved in the Ukraine war. It is also warning hackers their actions can endanger lives, including their own if deemed to make them a legitimate military target.

Patriotic hacking has risen over the past decade. The ICRC statement highlights pro-Syrian cyber-attacks on Western news media in 2013.

But the worrying trend, accelerated by the Russia-Ukraine conflict, is now spreading globally, ICRC legal adviser Dr Tilman Rodenhäuser says.

“Some experts consider civilian hacking activity as ‘cyber-vigilantism’ and argue that their operations are technically not sophisticated and unlikely to cause significant effects,” he says.

“However, some of the groups we’re seeing on both sides are large and these ‘armies’ have disrupted… banks, companies, pharmacies, hospitals, railway networks and civilian government services.”

Based on international humanitarian law, the rules are:

  1. Do not direct cyber-attacks against civilian objects.
  2. Do not use malware or other tools or techniques that spread automatically and damage military objectives and civilian objects indiscriminately.
  3. When planning a cyber-attack against a military objective, do everything feasible to avoid or minimise the effects your operation may have on civilians.
  4. Do not conduct any cyber-operation against medical and humanitarian facilities.
  5. Do not conduct any cyber-attack against objects indispensable to the survival of the population or that can release dangerous forces.
  6. Do not make threats of violence to spread terror among the civilian population.
  7. Do not incite violations of international humanitarian law.
  8. Comply with these rules even if the enemy does not.

The ICRC is also imploring governments to restrain hacking and enforce existing laws.

The Ukraine conflict has blurred the boundaries between civilian and military hacking, with civilian groups such as the IT Army of Ukraine being set up and encouraged by the government to attack Russian targets.

The IT Army of Ukraine, which has 160,000 members on its Telegram channel, also targets public services such as railway systems and banks.

Its spokesman told BBC News it had not decided whether to implement the ICRC rules. The group has already banned attacks on healthcare targets – but said the wider civilian impact was unavoidable.

“Adhering to the rules can place one party at a disadvantage,” the spokesman added.

Large groups in Russia have similarly attacked Ukraine and allied countries – including disruptive but temporary attacks, such as knocking websites offline, on hospitals.

BBC Contact

Killnet’s leader, “Killmilk”, plans to ignore the rules.

“Why should I listen to the Red Cross?” a representative of Killnet, which has 90,000 supporters on its Telegram channel, asked BBC News.

Pro-Russian groups are accused of working directly for, or in conjunction, with the Kremlin. But Killnet strongly denies this.

Meanwhile, a representative of Anonymous Sudan, which in recent months has begun attacking technology companies and government services it says are critical of Sudan or Islam, told BBC News the new rules were “not viable and that breaking them for the group’s cause is unavoidable”.

And a high-profile member of the Anonymous collective told BBC News it had “always operated based on several principles, including rules cited by the ICRC” but had now lost faith in the organisation and would not be following its new rules.

Source: BBC News.

Recommended reading: ICRC on CyberWarfare and International Humanitarian Law (IHL).

Categories
Health News Safety Security

Additional measures implemented due to the COVID-19 pandemic

Due to the Coronavirus Disease 2019 (COVID-19) pandemic and the following travel restrictions enforced by the Norwegian authorities; Improbus has suspended all travel activity until further notice.

The travel- and meeting-restrictions were originally scheduled to apply from 2020-03-13 to 2020-03-26, but the Norwegian government has now extended this ban to apply until 2020-04-16.

None of Improbus’s employees are infected by the Coronavirus (SARS-CoV-2).

Nevertheless, we continue to comply with advice from both the WHO and the Norwegian authorities.

All scheduled meetings will be held as planned – but electronically – via instant messaging Telegram (chat) or encrypted VoIP.

For urgent questions or emergencies, Improbus technicians will remain available via SMS and phone at +47-94102030.

Non-urgent and non-sensitive matters should be communicated using email.

Electronic communication using Telegram is preferred.

For more information about the Coronavirus (SARS-CoV-2) and the Coronavirus Disease 2019 (COVID-19), please see WHO‘s webpages (English), Helsenorge (Norwegian), or the Norwegian Government’s homepage (“Regjeringen”) in Norwegian or English.

Categories
News Security

Successful recovery of stolen domain names

Improbus facilitated today the safe return and recovery of stolen domain names.

Two competing companies were domain name holders of domain names associated with each other’s businesses.

In connection with maintenance on the domain name services on behalf of Company A, it was discovered that one of the domain names had been illegally transferred from ISP A to ISP B, then deleted by the registry and re-registered by the registrar within milliseconds.

This action led to the unauthorized and illegal transfer of domain name ownership from Company A to Company B. The domain name hijacking and subsequent domain name theft were made possible by means of ID theft.

Information on the method used was obtained and extensively documented by Improbus, and the persons and companies involved were confronted.

Instead of a judicial process, an amicable agreement was entered into between the parties – after mediation by Improbus:

Assuming that Company B transfer domain names that were affiliated and associated with Company A – Company A would in return refrain from reporting criminal offenses (i.e., theft of domain names) to the police, as well as permit the legal transfer one of its domain names to Company B.

In this way, the normal situation was restored in an efficient, peaceful and amicable manner – without involving the prosecution authorities or the justice system.

Improbus’ handling of the incident led to a happy outcome for both parties.

Categories
Health News Safety Security

Measures implemented due to the COVID-19 pandemic

Due to the Coronavirus Disease 2019 (COVID-19) pandemic and the following travel restrictions enforced by the Norwegian authorities; Improbus has suspended all travel activity until further notice.

None of Improbus’s employees are infected by the Coronavirus (SARS-CoV-2).

Nevertheless, we comply with advice from both the WHO and the Norwegian authorities, which recommend reduced travel- and face-to-face meeting-activities.

However; all scheduled meetings will be held as planned – but electronically – via instant messaging Telegram (chat) or encrypted VoIP.

For urgent questions or emergencies, Improbus technicians will remain available via SMS and phone at +47-94102030.

Non-urgent and non-sensitive matters should be communicated using email.

Electronic communication using Telegram is preferred.

For more information about the Coronavirus (SARS-CoV-2) and the Coronavirus Disease 2019 (COVID-19), please see WHO‘s webpages (English) or Helsenorge (Norwegian).

Categories
Media News Security

Man convicted of “extensive data breach”

Man convicted of “extensive data breach” in Bergen District Court

Article from Digi / BT / NTB

A 30-year-old man in Bergen District Court has been sentenced to 14 days suspended prison for data breach by the Norwegian Public Roads Administration. The man says he wanted to develop an app.

In addition to the conditional prison sentence, the foreign man living in Bergen is sentenced to give up two hard drives and one SSD disk, writes Bergens Tidende.

The defendant wanted to develop an app that would allow contact with the owner of a motor vehicle without exchanging personal information, according to the judgment.

The man extracted information about Norwegian car owners from the Roads Administration’s website, but this went beyond what the Norwegian Public Roads Administration intended to offer of information through the service. Therefore, he is convicted of violation of section 207 of the Penal Code for burglary in computer systems.

The defendant understood that this was not how the service should be used, the court believes.

But the court also states that the information he obtained was legally obtained through a request for access.

The man’s defender, attorney Alexander Gonzalo Sele, says he and the client will go through the verdict and consider whether to appeal.

– We believe the judgment raises fundamental questions about what can be characterized as a data breach. He has retrieved information that was publicly available and that one could also find using a regular telephone directory, Sele says, pointing out that the client did not get any sensitive information.

© NTB

Source: digi.no (Article in Norwegian)

Improbus’ comments

The verdict (case number TBERG-2019-141281) is available online, in Norwegian (check Google Translate for an OK English translation).

According to the accusation (and verdict), the accused accessed publicly available web resources served by the Norwegian Public Roads Administration.

The accused then opened several browser tabs, and changed the individual URLs slightly, to see if the different http requests yielded individual, but still relevant results.

The accused allegedly then proceeded to collect the output of the respective web outputs provided by the site; storing them in a local database; one record for each http request.

Bergen District Court has ruled that even though the information gained and stored was already publicly available, nor did any damage or presented the server with a significant load of any kind – the action is still to be perceived as illegal.

Since the information from the Norwegian Public Roads Administration’s web site already was publicly available, it is obvious to think that this system behavior was intentional.

It is obvious to Improbus that what has been explained as misuse of a minor design flaw, has not been misused for evil purposes at all, but rather as a means for retrieving public data in an efficient, easy and convenient way.

If the data had been private or sensitive, the situation would have been quite different – maybe not technically or juridically, but at least ethically and morally.

It is sad to see that neither the courts nor the police able to keep up with current knowledge about the common usage of information systems.

If this really is a criminal act, it is nonetheless a victimless one.

Categories
News

Improbus acquires ICEC

Improbus has acquired ICEC; International Center for Emergency Communication.

As of today, 01.01.2019, both companies will act as one.

The companies believe that their product portfolios complement each other, especially in the areas of ​​emergency communication, security, training, and education.

Most ICEC products and services will be fully incorporated into the Improbus product portfolio within a month, while specialized courses or custom services will remain under the ICEC brand.

For more information, please contact Improbus via Telegram (chat) or email.