The need for Transnational and State-Sponsored Cyber Terrorism Laws and Code of Ethics

Today, terrorists are making the best use of information technology to carry out their objectives. The NATO definition of cyber terrorism is “a cyber attack using or exploiting computer or communication networks to cause sufficient destruction to generate fear or to intimidate a society into an ideological goal” (Everard P, 2007 p 119). Cyber terrorism is achieved using most of the elements of cybercrime. Terrorist groups adopt technologies of two types of goals with reasonable risks. The first goal includes those that improve the organization’s ability to carry out activities relevant to its strategic objectives, such as recruiting and training. The second goal is those that improve the outcome of its attack operations (Bruce W et al, 2007 p 15). To date, there are not any known international code of ethics and law that govern the investigation of transnational and state-sponsored cyber terrorism. The playing field is better prepared for terrorist organizations and world security forces have been holding international conferences and workshops to develop best practices and policies that would enable them to be match fit for any future terrorist strikes. Sadly, little has been achieved. This paper critically examines different international guidelines for investigating transnational and state-sponsored cyber terrorism and the need for an International Code of Ethics and Law in combating these attacks.

Oorn and Tikk named the Cyber Crime Convention (ETS No. 185), which, with the Convention on the Prevention of Terrorism (CETS No. 196), as “the most important international instrument for fighting cyber terrorism and other terrorist use of the Internet”(Oorn R and Tikk E 2007, p 91). Unfortunately, many states are not in agreement with Oorn’s and Tikk’s assertions. Furthermore, at the 11th meeting of Committee of Experts on Terrorism (CODEXTER) Council of Europe, with regard to possible legal responses to terrorism and cyber terrorism, Professor Sieber outlined in particular the harmonisation of national substantive criminal law and of national procedural law; the improvement of international co-operation; and other important aspects, such as, inter alia, the duty to protect infrastructures/data security certifications and preventive monitoring of data. Having examined the previous conventions, none of the above adequately covers serious threats to commit terrorist acts and this shortcoming is not supported by the capabilities of other international organizations.

In 2001, the European Commission prepared a document entitled “Network and Information Security: Proposal for a European Policy Approach (Ozeren S, 2008). The first two conditions dealt with legislative provisions and training of law enforcement officers to deal with both domestic and transnational criminal activities.

Furthermore, the second condition was augmented at the Tenth United Nations Congress on Crime Prevention and Treatment of Offenders that was held in Vienna, Austria in 2000. It was stressed that the exchange of technical and forensic expertise between national law enforcement authorities was imperative for faster and more effective investigation of such crimes (Tenth United Nations Congress, 2000). From 27 April to 18 May 2007, Estonia came under heavy Distributed Denial of Service (Ddos) attacks. One person residing in Estonia was charged and legal cooperation was requested from Russia, however this request remained unanswered as Russia had not criminalized computer crimes (Oorn R and Tikk E, 2008). As such the mentioned recommendation from Tenth United Nations Congress tends can address issues such as best practices in terms of obtaining and preserving evidence, maintaining the chain of custody of that evidence across borders and may clear up any difference in language issues. This highlights that there is the urgent need for International Law and Code of Ethics in combating cyber terrorism.

Interpol, (International Criminal Police Organization), through the collaboration of experts from members of national computer crime units has developed the Computer Crime Manual, now called the Information Technology Crime Investigation Manual (ITCIM). It is considered a best practice guide for the experienced investigator, and includes numerous training courses in order to share its expertise with other members, a rapid information exchange system which essentially consists of two elements, and preparing training video/CD-ROM for international law enforcement (Interpol, 2003). These best practises were hammered out from the Interpol’s collaboration with five major working parties namely: a)European Working Party on Technology Crime, b) American Regional Working Party on Information Technology Crime, c) African Regional Working Party on Information Technology Crime, d) Asia Steering Committee for Information Technology Crime and e) Steering Committee for Information Technology Crime (Interpol, 2003). These working parties supplies representation from the majority of the continents and much use can be made from their experiences and strengths. As such, the ITCIM can be used as the foundation on which an International Code of Ethics for Cyber Crime and Cyber Terrorism can be built.


Get The Latest DFIR News

Join the Forensic Focus newsletter for the best DFIR articles in your inbox every month.


Unsubscribe any time. We respect your privacy - read our privacy policy.

The majority of the Conventions have emphasized collaboration and cooperation from other states in combating cyber terrorism. Different world security forces have all put forth policies and key conditions for international law enforcement to exist. However, there is little mentioned on the barriers to achieving international law and the detection and prosecution of transnational and state-sponsored cyber terrorism. Some states are not cooperating.

Professor John Walker, at an international crime conference in London, has accused China of state-sponsored terrorism and has said that the Chinese government was responsible for the ‘Titan Rain’ attacks on the United States and United Kingdom. He further lamented, “No matter how much collaboration you have internationally, if you have a state-sponsored terrorist coming out of China or Russia you are not going to get them. If they are state-sponsored e-criminals they are doing it for a purpose. And you cannot extradite them”(Blincoe R, 2008).  But if Russia and China are doing it, so must the West; either to develop counter strategies or to develop their own proactive capabilities. It has been said that the next world war will be fought with bits and bytes, not bullets and bombs (Gaur K 2006). Until such time as both/all nations agree to stop, there will be no stopping this escalation in International State Sponsored Terrorism. To make matters worse, leading internet company Google, has censored its search services in China in order to gain a greater market share and to satisfy the Beijing authorities. This resulted in censored information being disseminated to users. These acts, together with Professor Walker’s assertions justify the need for International Law and Code of Ethics to address state-sponsored and transnational cyber terrorism. To avoid territorial differences in terms of protection and to practical problems in the detection and prosecution of cyber terrorist activities any draft International Law and Code of Ethics must be ratified by all states. However, due to the existence of non-cooperative and communist states, these requirements are long coming.

In conclusion, it appears that only lip service has been paid to combating cyber terrorism. In the absence of an International Code of Ethics and law to combat cyber terrorism, security forces must become better informed of terrorists’ use of the internet and better able to monitor their activities. They must also explore measures to limit the usability of this medium by modern terrorists. Finally, security forces must adhere to individual or selected best practices and guidelines to ensure that the integrity of any evidence seized in the few cases detected is beyond reproach and that successful prosecution may eventually pursue.

Bibliography

Blincoe R (2008) China Blamed for Cyber-Terrorism Retrieved November 14 2009 from http://www.itservicesconnected.co.uk/News/July-2008/China-Blamed-for CyberTerrorism.aspx

Colarik A M (2006) Cyber Terrorism – Political and Economic Implications. IGI Publishing

Don B W, Frelinger D R, Gerwehr S, Landree E,  Jackson B A (2007) Network Technologies for Networked Terrorists Assessing the Value of Information and Communication Technologies to Modern Terrorist Organizations, Prepared for the Department of Homeland Security. RAND Retrieved on October 11 2009 from: http://www.rand.org/pubs/technical_reports/2007/RAND_TR454.pdf

Gaur,K. (2006). Cyber warfare – malicious code warfare. Retrieved from http://my.opera.com/kalkigaur/blog/show.dml/450195

Google censors itself for China (2006) Retrieved November 14 2009 from http://news.bbc.co.uk/1/hi/technology/4645596.stm

Ozeren S (2008) Cyberterrorism and International Cooperation: General Overview of the Available Mechanisms to Facilitate an Overwhelming Task  (pp 78-82)

Sieber U, Brunst P (2009)  Cyberterrorism and Harmonization of Criminal Prosecution

Retrieved November 3 2009 from:

http://www.mpicc.de/ww/en/pub/forschung/forschungsarbeit/strafrecht/cyberterrorismus.htm

Tikk E, Oorn R (2008) Legal and Policy Evaluation: Internation Coordination of Prosecution and Prevention of Cyber Terrorism Responses to Cyber Terrorism. . Amsterdam, IOS Press (pp 64-67)

Weimann G (2008) WWW.AL-Qaeda: The Reliance of al-Qaeda on the Internet, Responses to Cyber Terrorism. . Amsterdam, IOS Press (pp 64-67)

2 thoughts on “The need for Transnational and State-Sponsored Cyber Terrorism Laws and Code of Ethics”

  1. State-sponsored e-criminals ! And that’s the truth. Russia and China will never support these laws. Especially the Russians. They want something more valuable that natural resources! INFORMATION. The internet is a black hole. You put things in and it gets micronized into every corner of the world. Good stuff man! But to be honest , like you mentioned, it will take a lot of resources to see some progress.

  2. Good writings, my friend.

    However, and this is where it gets “sticky”, it’ll never happen!
    To embark upon a unified set of agreements between states, it must be established that all states are equal, less a form of Orwellian cyber-Animal Farm should happen. There are leaders of technology and there are followers. One only has to have followed the technology news recently to see the fundamental flaws that exist today.

    For example;
    — the US and Australia don’t want Huawei to implement tech in their systems as they think they are puppet for the Chinese government and having access at root means the chinese can eavesdrop or backdoor on everything that has Huawei chipsets.
    — the UK has blocked the extradition of Gary McKinnon, wanted by the US for “hacking the gibson” so to speak.
    — the Stuxnet code and its variants are targeting specific SCADA systems in certain countries (read Iran)
    — GCHQ wants to attract the “xbox generation” to assist in cyber defence of the UK.

    Simply put, some countries believe that they are better than others. Not only that, but some regions (the US, the Far East and Western Europe) are just better equipped and more financially well off to combat risk and must wonder why should they have to “carry” weaker states or areas (Africa, South America and South Asia)?

    It is a fine proposal that bringing ideas and cyber defence technology into a unified strategy would present a single code of ethics to unite the globe in a fight against cyber terrorism, but unfortunately it is inherent of human nature to look after one’s own interests. What is morally right for one, maybe abhorrent to another.

    Peace yo.

Leave a Comment

Latest Videos

Digital Forensics News Round Up, March 27 2024 #dfir #digitalforensics

Forensic Focus 19 hours ago

Digital Forensics News Round-Up, March 21 2024 #digitalforensics #dfir

Forensic Focus 21st March 2024 6:15 pm

This error message is only visible to WordPress admins

Important: No API Key Entered.

Many features are not available without adding an API Key. Please go to the YouTube Feeds settings page to add an API key after following these instructions.

Latest Articles