but whats the story? some guy again picked an unknown usb stick en route to his job at super secret nuclear facility and just plugged it into a nuclear supervising computer again to see the contents?
> Details about the supposed new attack are superficial at the moment, as there are no details about the supposed attack, the damage it caused or its targets.
So... not much of a story at the moment. Iran claimed its under attack by a "Stuxnet-like" virus.
Doesn't seem like there are any other significant details beyond that. It's not even clear that the target was nuclear centrifuges this time.
I highly recommend reading the book "Countdown to Zero Day". Stuxnet was incredibly sophisticated and explicitly targeted at Iranian nuclear enrichment facilities.
FU money and exfiltration to USA. Kids go to US colleges and live happily, ever after. Just so he doesn't insulted :) mention that Iran could be better without the mullahs.
No doubt, USA already has the list of employees and knows their weak points.
To say stuxnet was akin to someone plugging a USB drive in really downplays how serious the operation surrounding stuxnet was.
Iran was having their nuclear scientists assassinated in the streets at the time stuxnet was being infiltrated into the nuclear facilities.
I have a feeling that when you have that level of resources being dedicated to a mission, your not hinging your whole plan on someone picking up a random usb and plugging it in.
He has what looks like a bot running posting articles from major new sources about 1 per hour. A couple of those articles did well on HN and those got him the Karma. Nice Karma gaming.
By any reasonable definition of "state of war", a state of war exists between Israel and Iran and has for a long time. The only reason it's not official is that since 1979 Iran has not recognized the existence of Israel at all, and hence can't officially declare war on an entity which it claims does not exist.
If cyberattacks counted, the US would be at war with China and Russia. I bet there will be a treaty eventually, and I have some fears on what secondary restriction it will place on the internet.
Aside from the questions of whether Israel and Iran are already at war or incapable of becoming at war, it's worth noting there's no real clarity around what defines an 'act of war' in the first place.
Historically, 'casus belli' just describes an action which justifies a state of war. Nations can cite whatever they want, although self-defense is generally the most defensible basis. In that sense it's a permissive concept; it does not force a country to become "at war". So something like the shooting down of a warplane (e.g. a Russian plane over Syria, by Turkey) is clearly inter-military violence, but the injured party can (and did) elect not to declare war. As far as Iran's response here, that's probably the extent of the matter: they don't want to use this as casus belli, so they won't.
More recently, I know of three other definitions for an "act of war" which are potentially relevant.
1. Most nations have laws which use the term, for instance to prohibit citizens from doing business with adversaries. These are often quite narrow - the US definition (18 U.S. Code § 2331 4) would go unmet by this incident because it was not armed conflict. I don't know the Iranian or Israeli internal definitions, but with the array of sanctions and other boundaries already in place they're probably irrelevant. (And internally at least, Iran can't actually be at war with something it doesn't acknowledge to be a state.)
2. The United Nations Charter, since both Iran and Israel are signatories. This relies on the term 'force', not acts of war, and is deeply unclear about what constitutes force. Resolution 2625 states "armed intervention and all other forms of interference or attempted threats against the personality of the State or against its political, economic and cultural elements, are in violation of international law".
Reading narrowly, this is pretty clearly "other interference against its economic elements", but the next clause of that resolution would render most sanctions, economic espionage, and other common practices illegal acts of war and so it's widely ignored. There have been rumblings about the status of cyberattacks, but there's definitely no settled law on that matter yet.
3. The Hague and Geneva Conventions, since both are signatories. It could constitute an act of war creating wartime-status obligations to personnel or an undeclared act of war violating the "Convention relative to the Opening of Hostilities".
As far as the declaration statute, I don't see any sign of what constitutes a "state of war", and I suspect that in 1907 it was considered obvious. As far as "prisoner of war" status and other restrictions like lawful surrender, the people spreading the exploit are debatably governed if they're members of a military, but not otherwise governed as a militia or volunteer corps.
---
Given all that, I'm reasonably sure there's no international law yet governing cyberattacks. Attacks which have death tolls or directly interact with weaponry could presumably be governed by their consequences, in the same way that non-electronic sabotage would. But in terms of economic and other nonviolent consequences, it's an open question.
The UNC could certainly be used to rule them acts of war in the same sense that smashing up factories or killing crops would be, but such an interpretation could potentially also apply to stealing schematics or wiretapping trade delegations, which have historically not been considered acts of war.
There are some pretty good analyses of this question out there, but most end up at "we dunno yet". It'll probably be a question up for debate and further treaties within the next decade or so, and the result will likely be a function of how such attacks have been used so far.
[+] [-] ectospheno|7 years ago|reply
[+] [-] Freestyler_3|7 years ago|reply
[+] [-] systematical|7 years ago|reply
[+] [-] sneak|7 years ago|reply
[+] [-] yasp|7 years ago|reply
[+] [-] thrwia22|7 years ago|reply
[+] [-] Ajedi32|7 years ago|reply
So... not much of a story at the moment. Iran claimed its under attack by a "Stuxnet-like" virus.
Doesn't seem like there are any other significant details beyond that. It's not even clear that the target was nuclear centrifuges this time.
[+] [-] draz|7 years ago|reply
[+] [-] jameskilton|7 years ago|reply
https://www.amazon.com/Countdown-Zero-Day-Stuxnet-Digital/dp...
[+] [-] onetimemanytime|7 years ago|reply
No doubt, USA already has the list of employees and knows their weak points.
[+] [-] losteric|7 years ago|reply
[+] [-] shard972|7 years ago|reply
Iran was having their nuclear scientists assassinated in the streets at the time stuxnet was being infiltrated into the nuclear facilities.
I have a feeling that when you have that level of resources being dedicated to a mission, your not hinging your whole plan on someone picking up a random usb and plugging it in.
[+] [-] salimmadjd|7 years ago|reply
user: chablent
created: 3 days ago
karma: 524
[+] [-] quickthrower2|7 years ago|reply
[+] [-] picsao|7 years ago|reply
[deleted]
[+] [-] qubax|7 years ago|reply
Anyone know if there are any international law covering cyberattacks?
[+] [-] bzbarsky|7 years ago|reply
[+] [-] protomyth|7 years ago|reply
[+] [-] westpfelia|7 years ago|reply
https://www.amazon.com/Perfect-Weapon-Sabotage-Fear-Cyber/dp...
[+] [-] Bartweiss|7 years ago|reply
Historically, 'casus belli' just describes an action which justifies a state of war. Nations can cite whatever they want, although self-defense is generally the most defensible basis. In that sense it's a permissive concept; it does not force a country to become "at war". So something like the shooting down of a warplane (e.g. a Russian plane over Syria, by Turkey) is clearly inter-military violence, but the injured party can (and did) elect not to declare war. As far as Iran's response here, that's probably the extent of the matter: they don't want to use this as casus belli, so they won't.
More recently, I know of three other definitions for an "act of war" which are potentially relevant.
1. Most nations have laws which use the term, for instance to prohibit citizens from doing business with adversaries. These are often quite narrow - the US definition (18 U.S. Code § 2331 4) would go unmet by this incident because it was not armed conflict. I don't know the Iranian or Israeli internal definitions, but with the array of sanctions and other boundaries already in place they're probably irrelevant. (And internally at least, Iran can't actually be at war with something it doesn't acknowledge to be a state.)
2. The United Nations Charter, since both Iran and Israel are signatories. This relies on the term 'force', not acts of war, and is deeply unclear about what constitutes force. Resolution 2625 states "armed intervention and all other forms of interference or attempted threats against the personality of the State or against its political, economic and cultural elements, are in violation of international law".
Reading narrowly, this is pretty clearly "other interference against its economic elements", but the next clause of that resolution would render most sanctions, economic espionage, and other common practices illegal acts of war and so it's widely ignored. There have been rumblings about the status of cyberattacks, but there's definitely no settled law on that matter yet.
3. The Hague and Geneva Conventions, since both are signatories. It could constitute an act of war creating wartime-status obligations to personnel or an undeclared act of war violating the "Convention relative to the Opening of Hostilities".
As far as the declaration statute, I don't see any sign of what constitutes a "state of war", and I suspect that in 1907 it was considered obvious. As far as "prisoner of war" status and other restrictions like lawful surrender, the people spreading the exploit are debatably governed if they're members of a military, but not otherwise governed as a militia or volunteer corps.
---
Given all that, I'm reasonably sure there's no international law yet governing cyberattacks. Attacks which have death tolls or directly interact with weaponry could presumably be governed by their consequences, in the same way that non-electronic sabotage would. But in terms of economic and other nonviolent consequences, it's an open question.
The UNC could certainly be used to rule them acts of war in the same sense that smashing up factories or killing crops would be, but such an interpretation could potentially also apply to stealing schematics or wiretapping trade delegations, which have historically not been considered acts of war.
There are some pretty good analyses of this question out there, but most end up at "we dunno yet". It'll probably be a question up for debate and further treaties within the next decade or so, and the result will likely be a function of how such attacks have been used so far.
[+] [-] rustcharm|7 years ago|reply
[+] [-] NotANaN|7 years ago|reply
[+] [-] SmellyGeekBoy|7 years ago|reply
[+] [-] pc86|7 years ago|reply
[+] [-] tyingq|7 years ago|reply
[+] [-] bhouston|7 years ago|reply