International law experts are on track to publish a manual amending the current Geneva convention for cyberwar in late 2016. The Tallin Manual 2.0 – an update of the original Tallinn Manual on the International Law Applicable to Cyber Warfare—is backed by a NATO-run military think tank based in Estonia.

Military strategists deem cyberspace the fifth dimension of warfare, the others being land, air, sea and space. An example of an “armed attack” in cyberspace is the Stuxnet worm, an Israeli-U.S. programmed computer virus that caused severe disruptions to Iran’s nuclear plants. By the original manual, similar attacks in the future would legally validate proportional retaliation, considered in this case to be self-defense.

The Tallinn Manual 2.0 will discuss peacetime international law, including human rights law in regards to cyberspace. The current question begin argued is whether international human rights norms apply to different widely practiced cyber activities, such as the collection of metadata by national governments.

“If the answer is yes, we then have to examine whether the state has actually violated the individual’s rights. For instance, assuming the collection of metadata implicates human rights norms, under what circumstances is a state authorized to engage in such activities?” asks Liis Vihul, managing editor of the Tallinn Manual and legal researcher at the NATO Cooperative Cyber Defence Centre of Excellence.

Additionally, the updated manual will include sections on diplomatic law, the responsibilities of international organizations, global telecommunications law, and peace operations.

Article via The Register, October 12, 2015

Photo: Satsop Nuclear Plant via Michael B. [Creative Commons Attribution-NonCommercial-NoDerivs]

A Citizen Lab report released Thursday revealed that 33 countries are likely using FinFisher, a prominent spyware program. Many of these countries—including Ethiopia, Bangladesh, and Egypt—have suspect human rights standards.

FinFisher enables an organization or government to capture the keystrokes of a computer, as well as use the device’s microphone and camera to surreptitiously eavesdrop on a target. This type of surveillance tool was once only used by advanced governments, but is now available to anyone willing to invest in the service. In the U.S., journalists and dissidents are especially targeted.

Hackings in the past two years have informed researchers about the mechanics of spyware companies. FinFisher was hacked last year, revealing confidential company logistics, and its competitor Hacking Team was hacked this past year, exposing vital emails and files. Errors in spyware servers help Citizen Lab researchers figure out which governments are using the services of companies like FinFisher or Hacking Team.

Spyware servers used by governments often infect and control target computers with malware disguised behind proxies. Researchers found that 135 servers matched the “technical fingerprint” of shady spyware after scanning the Internet, yet they were always directed to a decoy page after typing the server’s Internet address into a Web browser. The decoy pages were most often or

However, the decoy sites showed local search results of the server’s origin, and not of the location that the researchers were in when they used the site. One proxy server seemed to be from the United States, then returned an IP address from Indonesia, indicating that the country’s government may be using FinFisher’s services.

Article via The Washington Post, 16 October 2015

Photo: Patrons use computers in an internet cafe via World Bank Photo Collection [Creative Commons Attribution-NonCommercial-NoDerivs]