The Hidden Battlefield: Navigating the Legal Gray Zones of Cyber Conflict

Okay. Hello everyone. I am Alba. Um so uh I'm so happy to be part of Bisard Pushina 2025 and also thank you for all staying to uh hear our presentation together with Razarta. We decided a topic like the hidden battlefield navigating the legal gray zones of cyber conflicts. Uh so um when you we are going uh through this presentation uh through the parts that um sometimes uh even uh when uh we want to contribute for a war in cyber for with cyber but we also have to uh know the legal parts but also for everyone that maybe for a near future hope so not but uh we have to need some things. So let's start with the first

part as uh with a famous uh u like u Ukraine conflict with Russia uh on uh February 2022. It was a conflict between uh Ukraine and Russia and also uh the famous um publish call was from a minister of uh transformation uh digital transformation uh Miko that had uh that wanted to create an IT army. Everyone wanted to be part of uh this army they consider as a noble thing like um students or IT workers uh people who know cyers and anyone uh wanted to be part of this uh um this organization or IT army but also when they wanted to be part of this army they also thought for some questions for example if uh I can

help you behind the green, but am I protected uh to do this like uh in a legal form also when you um think about that uh it was such a a big influence for this IT army and also someone just wanted to do for the experience and someone wanted to do for help. But uh when you think about that um international norms uh didn't think about this in this form they didn't consider like u help they also thought like um ICRC and ICC thought it in two different way for example ICRC uh said that civilians should not engage in cy uh in cyber conflicts like u helping with cyber in conflicts between two states. Because when you u when you say that you

are avoiding uh targeting civilian infrastructure. But also uh Ukraine especially the minister was in that mind that uh if we do an IT army we are going uh to destroy uh Russian infrastructure, services, communication channels that it will be better for Ukraine. And of course maybe they tried to win on this uh in this cyber wall uh war between uh those two states uh but when uh ICC uh saw in a different way and also thought that maybe could have protection uh for those people then wanted wanted maybe to help but they're not helping in a legal way. So uh when they thought on uh that way uh every uh person that enjoyed in this IT army that had a talk between

them they had to think that being part of a cyber warm fair it's not a game but it's a real thing and also uh they uh gave it some uh other advices that they had to be because uh when you think about it it was very dangerous for that person because you uh you wasn't a soldier but he was just a person behind an on an anc screen. So uh talking through this, it was cyber attacks against civilians during wartime. uh thinking about two different concepts like uh ICIC and I uh uh IRC uh the United Nation uh think it about in a different way like they have some key factors uh that presented to uh the

persons that were behind the screens that wanted to help Ukraine but they said okay you wanted to enjoy or you created it army but when you think about that uh if you do something wrong like for example you uh just block the internet access on a hospital and a lot of people die because uh from your um responsibility. Do you think that uh um the other country will pick you up or will pick your state? So you have to also think about that and uh when you also think like I think about it and you will be your uh you will be just for example Alba that did that uh so it's Alba's responsibility. Uh so of course um

during a lot of um discussion and um conflicts between this IT army they decided to be part and also introduce some international laws that protect those soldiers. Uh so uh they uh decided to go as an IT army Ukraine IT army when you uh when also um you were part of this you had to think or you have to take some responsibility when you think about this um cyber operation can uh also uh go to a genot and when you are going to a genot uh it will be also when you have all the person's life in your hand you will be a responsibility for that but also uh if they uh specifically target a national

ethnic or religious group and cause death fear or physical trauma it also kind of geneted so that it was uh the exact thing that Russia made with Ukra Ukraine also did those things and also tried with cyber to hide write some things. So um they um also said that if you want to do that try to not do genot because if you target group uh coions like coand threeear or physical trauma legal uh legal repercussions so it was uh kind of that everything that you're doing you are doing under international laws and also you will be protected uh uh at this part but when you think about legal review of cyber weapons. Um for people that was on

government part uh they thought that okay uh cyber weapons and also with uh uh kinetic weapons are the same like it was the first question that they made. If you just realize, yes, they are because uh maybe uh if we need on to 1991 or uh 1943 on war uh the like other wars like traditional wars if you have just guns or you fight with them but then we are fighting with cyber. So when you think about that they said okay if you want the answer yes they are exactly the same but if I want to activate the nuclear uh I will activate away by my uh by my screen and not going on physical part.

So that was uh the um discussion discussion that they had with the government part but also uh they had too uh many rams that help not helped but also helped to do like too many bad things also for going down internet access on hospitals that had a lot of victims also for uh internet access for um energy electric uh energy and also for water. And it was such a hard time for Ukraine. But when you think about that uh can you go at the when you think about that to be a civilian hacker, you also just was a civilian. But they think about that why not a civilian a civilian hacker to be more to be like uh someone that is like

a real soldier that wants to help but also that h they have the three conditions to uh for legally uh targeting civilian hackers like it was a threshold of harm that it was bleant uh also a casual link between the hackers action and the harm and also the uh the third one it was harm threshold when as a civilian soldier you uh completed these three condition you was a new soldier of IT army of Ukraine. So about the other part and other cases that happened uh Razarta will continue. >> Okay. So uh before continuing I just wanted to present myself. So hello everyone I'm desorach I'm currently a senior devops engineer kosovo at the same time a PhD researcher

at the university of Christina. So until now told us some of the legal parts the legal reasons uh different events that are directly related to cyber warfare. But what I'm going to show you now it's uh how can we uh supposed to know who is the target and who is the cause for every cyber attack or cyber attack war between two or more countries or vice versa like we have here a decision tree for legal targeting. So as we all know uh we saw decision tree only in machine learning as an algorithm right but in our case we were going to use this to answer some question for three of the case studies that I'm going to show you

in the next slides based on some answers of these questions that I showed in this slide like for example in the next three uh case studies we're going to see if there is a conflict underway is there a hacker or a member of the armed force or is the hacker a part of or a member of an organized crime group? The cyber attack result in death or injury? Was a cyber attack directed against the critical infrastructure where there any blackout violent effects etc. And also we're going to see three main steps that are going to help us in this direction to assess the conflict to evaluate the status and also to determine the impact. So there are several case studies uh

that illustrate the complexity of the cyber warfare and also its legal complications. So if we go now the first case study that is Yun Hussein I don't know if you have heard this case study but until we analyze what is the main cause of his death from the US drone site that happened in August 2015 we're going to see who was he and what was uh his intentions his attacks etc. So, United State was just a cyber attack hacker that was a propagandist in the social media platforms especially on the US and UK ones and how this happened. So, uh first he tried uh to simulate some attacks as a hacker that he were uh to get personal

information from the US military persons that were serving for us but also for the UK. So if we go back to those questions that will help us to decide of what was the main reason that the importance of this target was raised. So what is the main intention of this drone strike from the Yaz in August 2015. So uh if we see uh in the overview of this attack and what was the reason uh we can see that from this cyber attack that there weren't any death or injuries this case but there were also only uh the stealing of the personal data of the users or the person that we're serving. Uh and also if we look at the other questions we can

see that there was uh weren't any conflict underway or that hacker wasn't any member of the armed forces but we see the third question if he was a member of an organized crime group then yes so that person in the first case study was part of a crime group with different other person that had as a target these personal data of the US military services in order to use against them. So if you continue with all the parts we can see different things and different answers for each of the questions that we saw from the slides before. So the second case study that was uh very interesting and it was something that was witnessed for for the

first time in the world uh is the ISIS anonymous war. So what is this anonymous war? of a group of people that were anonymous uh stated or declarated the war between two Islamic states that were started. But if we see this war wasn't like a physical war, but it was uh from the cyber attacks that were going to be used. The cyber cyber attacks was a tool. It was going to be used as a war against these two countries from another part that were anonymous. So uh if we see also those questions from before. So is there a conflict underway? We can see that yes because uh this case study also uh triggered a conflict between

those two states. You can we can see another uh the other questions uh for example uh was the hacker member of armed forces organized crime group was the cyber attack resulted in death or injury then we will have no. So uh in this case we can see that this target cannot be legally target or to have a reason maybe to kill him or to remove him from the country or to get him in prison or something. But we can see from the case study itself that was a direct impact especially in 2017 that it also serve in many other different conflicts that were through the way that were related to cyber attacks. The third uh case study is the Ukraine

power grid attack. So this case study is very interesting because this is for the first time that a cyber attack was done uh to a critical infrastructure. In this case it was a cyber attack that was done towards the power grids of Ukraine. So after this attack in December 2015 uh the power grids was attacked and almost more than 200,000 users were blacked out and didn't have uh power or there was a power outage for one to six hours. This was attributed uh first to some Russian hackers but then uh later it was blamed on the Russian governments towards Ukraine. But it was said then that from a thread group known as sandworm has done this and then it was attributed

at the first point of faults for all this attack that were was happened to the power grids of Ukraine and this was the first publicly acknowledged success successful cyber attack on a power grid. So if we go to the questions here we can see a question that was a cyber attack directed against the critical infrastructure like a power grid. So in this case we have yes or was there any blackouts? Was there any violent effects? We saw that in that case study that we're a blackout for a lot of users that were using that power from the power uh power grid. So uh in this cases we saw that we didn't have positive answers in all of the questions.

So if we want for example if state want to have legally targets a person or a group of people for any situ situation or any attack that have uh happened to their state we just need to have those answers yes as many as possible in these questions that we have we had in this slide. So even there was like a drone sty for the first case study. There weren't enough positive answers to be as a reason uh for United States to be as a target uh for this attack that has been done in the state neither for the other two case studies studies that we saw before. So what we can what can we conclude from

all this presentation? Uh so we saw also before the impact that AI may have uh for detecting and for evolving this legal parts of cyber attacks uh not only for different countries but also uh for different person against uh different critical infrastructures. So we saw that also cyber weapons or some of the tools that can help to shape the conflict between two states or more because we saw that cyber attacks was the most uh reason the biggest reason uh that helped to like to evolve the war in this case between those countries. If we see the three key factors, uh we saw the main key factors that we had through the presentation was the harm, intense and the participation.

And what we also discussed the most through this case studies was the participation part and also what harm or intent did that member have towards the cyber attacks in order to have its importance as a target. And also the last but not least uh was this ICC precedence. proceedings. There were the international courts that are setting proceedings like for example uh in this case what could be better for the uh states governments or the other people that are working uh towards the prevention of the cyber attacks between the states or between the people uh to use as more uh regulation from the ICC and also from IRCR uh towards to prevent this and also to

use this AI and cyber weapons because we can see cyber weapons uh has started to be used in order to prevent a lot of conflicts uh that are towards these cyber attacks that are happening happening today but also in the past. So thank you all for your attention. If you have any questions we will be glad to answer. Thank you.