‘War has no rules’: Hacktivists scorn Red Cross’ new guidelines
This week, the Red Cross issued ethical guidelines for civilian hackers involved in armed conflicts, sparking ridicule from hacktivists in Ukraine and Russia.
On Wednesday, the pro-Ukrainian hacker group Hdr0 defaced the website of the Russian branch of the Red Cross, replacing the content of the main page with its own message.
The message had been taken down at the time of publication, but the hackers archived and shared it.
"There are no rules in war. And the Red Cross, smeared with the blood of our soldiers in captivity and the tears of our children, has no authority to suggest or establish anything," the hackers said in a statement on Telegram. “We will use every opportunity to cause the most harm to our enemy using any means available.”
Other Ukrainian hackers felt the same way.
“Red Cross? I don't care about their demands and I won't even think about them,” the pro-Ukrainian hacker group Cyber Anarchy Squad wrote on Telegram. “If I want to fuck up critical infrastructure, I will do everything to fuck it up.”
The Red Cross guidelines included eight “humanitarian law-based rules,” such as threatening civilians or targeting certain infrastructure.
According to Sean Townsend, the press secretary of the Ukrainian Cyber Alliance, “cyber is one of the most humane ways” to target the enemy's critical and civilian infrastructure, such as hospitals, railways, power plants, and communication systems — especially compared to bombings and other destructive attacks.
Townsend said the Red Cross should be more concerned “about Russia’s official policy toward Ukraine, which includes genocide, ethnic cleansing, extrajudicial killings, and torture.”
“I don't need the "protection" that the conventions offer to civilians. I want to witness with my own eyes the trial of Russian criminals and not become their next victim,” he added.
Pro-Russian hacking groups Killnet and Anonymous Sudan told the BBC that they would ignore the Red Cross and that its rules are “not viable and breaking them for the group's cause is unavoidable".
The Belarusian Cyber Partisans didn't directly address the Red Cross guidelines, but in the previous month, they hacked the website of the organization’s Belarusian branch, replacing the main page content with a list of crimes committed “by this pro-Lukashenko organization against the people of Belarus and Ukraine.” This includes the deportation of Ukrainian children to Belarus.
“Before the ICRC puts forward these rules, it must state its official position on how its branches in Russia and Belarus are being used by totalitarian regimes to abduct and illegally traffic Ukrainian children from occupied cities in the Donbas region to Belarus,” one of the Anonymous hacker channels posted on Twitter.
Before the @ICRC puts forward these rules, it must state its official position on how its branches in Russia and Belarus are being used by totalitarian regimes to abduct and illegally traffic Ukrainian children from occupied cities in the Donbas region to Belarus. #Anonymous https://t.co/MrMEyeCUHu— Anonymous TV (@YourAnonTV) October 4, 2023
According to the Red Cross guidelines, hacktivists shouldn't target civilian objects or deploy malware that can impact both military and civilian infrastructure. Certain targets, like medical and humanitarian facilities, drinking water systems, and hazardous plants “must never be targeted.”
During the war between Ukraine and Russia, none of these rules have been followed.
The International Committee of the Red Cross was also the victim of a cyberattack. In 2021, unidentified threat actors breached ICRC servers containing information on over 500,000 individuals who had used family reunification services.
Last year, the ICRC said it wanted to create a “digital red cross emblem” that would make clear to military and other hackers that they had infiltrated the computer systems of medical facilities or Red Cross offices.
"For over 150 years, symbols such as the red cross have been used to make clear that “in times of armed conflict, those who wear the red cross or facilities and objects marked with them must be protected from harm,” the ICRC said.
Daryna Antoniuk is a freelance reporter for Recorded Future News based in Ukraine. She writes about cybersecurity startups, cyberattacks in Eastern Europe and the state of the cyberwar between Ukraine and Russia. She previously was a tech reporter for Forbes Ukraine. Her work has also been published at Sifted, The Kyiv Independent and The Kyiv Post.