NATO CCD COE Considering ‘Petya’ Malware a Potential Act of War

Posted: August 25, 2017 at 3:50 am

On Saturday, Kevin Scheid, a Department of Defense veteran, was placed in charge of NATOs cyber operations. The appointment wouldnt be big news if it werent for the fact that hes joining the organization at a hair-raising point in history. The vicious malware triggered the NATO Cooperative Cyber Defence Centre of Excellence (NATO CCD COE) to announce on Friday that the attack is believed to be the work of a state actor and is a potential act of war.

The 90s cyberpunk thriller Hackers is used too often to illustrate the fearful future of cyber

There was a lot of ruckus back in May when Donald Trump met with the leaders of NATO and failed to confirm that the US is committed to Article 5 of the North Atlantic Treaty. Thats the clause of the agreement that pledges the members of NATO to mutual defense. Legally speaking, if Article 5 is triggered by an attack on one member, the other members are required to join in retaliation. NATOs Secretary General confirmed this week that a cyber operation with consequences comparable to an armed attack can trigger Article 5 of the North Atlantic Treaty and responses might be with military means. But Fridays press release emphasizes that we dont know enough about the origin of NotPetya or the intentions behind its release at this time.

NATO CCD COE is part of the NATO Allied Command Transformations Centers of Excellence and is classified as an International Military Organisation. It functions in an advisory capacity and helps member nations cooperate in the realm of cyber security. CCD COE researchers have concluded that the malware can most likely be attributed to a state actor, and if a nation is determined to be responsible, this could be an internationally wrongful act, which might give the targeted states several options to respond with countermeasures. What sort of countermeasures? Well, pretty much anything. Independently, the UKs defense secretary announced this week that his country was prepared to respond to cyber attacks from any domain - air, land, sea or cyber.

If our unhinged president in the US wants to start a war for the hell of it, he pretty much has the power to do that. But NATO functions on strict rules. Tom Minrik, a researcher at NATO CCD COE writes:

If the operation could be linked to an ongoing international armed conflict, then law of armed conflict would apply, at least to the extent that injury or physical damage was caused by it, and with respect to possible direct participation in hostilities by civilian hackers, but so far there are reports of neither.

Minrik is outlining what would justify full on IRL military conflict. That doesnt, necessarily, mean that NATO couldnt respond in the cyber-realm if it determined that a government was responsible for NotPetya. He continues:

As important government systems have been targeted, then in case the operation is attributed to a state this could count as a violation of sovereignty. Consequently, this could be an internationally wrongful act, which might give the targeted states several options to respond with countermeasures.

NATO doesnt know whos responsible for NotPetya, and no experts have attributed the attack to one actor with certainty.

Its one of the most fascinating pieces of malware to ever wreak havoc on a large scale. At first, people thought it was ransomware, then it was more likely to be a wiper with some ransomware code. Its become clear that it uses the EternalBlue and EternalRomance exploits that were pilfered from the NSA and released by the hacking group the Shadow Brokers in April. But intriguingly, it appears that whoever created NotPetya had access to those exploits two weeks before they were given to the public.

Another puzzling factor is the motive for releasing this malware that doesnt seem to benefit anyone. No one is getting paid. Its just a really destructive worm that locks up systems. It was first released in Ukraine, and that countrys security services are blaming Russia. But Russians were victims of the attack as well. Its such a pointless and nasty worm that the crime group behind the original Petya actually jumped in and volunteered to help victims. Lauri Lindstrm, a researcher at NATO says, it seems likely that the more sophisticated and expensive NotPetya campaign is a declaration of power - a demonstration of the acquired disruptive capability and readiness to use it.

According to Bloomberg, attacks on NATOs electronic infrastructure increased by 60 percent last year. If its true that a state actor is responsible for NotPetya, its possible that NATO taking notice and talking up Article 5 could make the perpetrator think twice. Then again, if the responsible party gets away without a trace, theyll know that theyre untouchable.

Correction: This post has been updated to clarify that NATOs CCD COE is accredited by the Alliance and serves to give advice, conduct research, and facilitate cooperation among the nations on issues of cyber security.

[CCDCOE via Security Affairs, Bloomberg]

See the original post here:
NATO CCD COE Considering 'Petya' Malware a Potential Act of War

Related Posts