The line between cybercrime and cyberwarfare has become increasingly blurred; determining the difference between the two activities is a more laborious task for those combating them. Their interrelationship with governments and the rise of state-sponsored cyberattacks has generated significant implications for diplomatic and geopolitical relations.
Cyberattacks that could in fact be an episode of cyberwarfare have occurred in recent years without being classified as such due to the difficulty of attributing them to state sponsorship. One of the latest cases of suspected state sponsorship is the major cyber-attack on several Tibetan websites a few months ago. These were attacked on November 12, 2024 by cyber actors allegedly backed by the Chinese state, once again highlighting the growing use of cyberspace as a political battleground. It also became evident that cyber attacks go beyond individual crimes and can be used as strategic tools in the context of political and economic warfare.
The case of the Tibetan cyber-attacks of 2024
On November 12, 2024, it was revealed that a group of hackers had attacked multiple Tibetan websites, turning core topic communication tools into instruments of repression. The attacks not only compromised information security, but also disrupted the ability of Tibetans to organize and express themselves freely, violating fundamental rights outlined in the Universal Declaration of Human Rights.
Although no definitive evidence has been provided as to the authorship of the attack, given the nature of the attack and the political context in Tibet, some indications point to a typical patron saint of Chinese state-sponsored cyberwarfare. Specifically, a private cybersecurity signature published findings revealing that a hacker group , allegedly sponsored by the Chinese government, had compromised two websites linked to the Tibetan community. The affected sites were Tibet Post and Gyud Med Tantric University, both located in India. The attackers, identified as TAG-112, managed to compromise the web pages of their targets in such a way that visitors were induced to download a malicious executable file that appeared to be a security certificate . Opening the file loaded the Cobalt Strike Beacon malware onto the computer, allowing the attackers to log keystrokes, transfer files and carry out further malicious activities.
Although the Chinese authorities have denied sponsoring any form of cyberattack, many experts claim that due to the nature of and approach to the Tibetan community, the attack appears to adopt a patron saint typical of state-sponsored cyberwarfare. For example, Jon Condra, director of Insikt Group, claims that the attack is in line with China's historical approach to the Tibetan community and other minority groups, as since the invasion of Tibet in 1949, China has systematically persecuted the culture and people of that territory, including the suppression of national, cultural and Tibetan identity.
Implications and attribution
Typically these attacks allow perpetration to be hidden by a cloak of anonymity, leaving victims with limited ability to identify and hold perpetrators accountable. This is due to the nature of the instrument employee for these attacks, thus compounding the problem.
This uncertainty in the attribution of attacks generates complex legal responses and poses a major challenge to an international legal framework that has not yet been able to adapt to a method that fully incorporates cyberwarfare and its peculiar nature. This has generated a growing challenge for international diplomacy, still unable to satisfactorily answer the question of what should be the most effective response to cyber attacks when it is unclear who is behind them.
The difficulty of identifying and holding the attackers responsible for a cyberattack has become one of the greatest challenges for the international community. While in the realm of 'traditional' crime the attribution of responsibility is usually relatively easy to establish, in cyberspace, tracing is much more difficult, due to the very nature and structure of the cyber domain, and because, with the sponsorship governments or state actors, many attacks are carried out from protected environments. In addition, this ambiguity not only prevents judicial responses, but also limits the possibility of implementing effective mechanisms for international accountability.
In the Tibetan case, the lack of conclusive evidence of authorship has hampered any attempt at sanction or adequate diplomatic response, underscoring the urgent need for the international community to develop more robust and adaptive attribution mechanisms for cyberattacks to deal with them more effectively. Some possibilities are provided below.
Possible Solutions
1. development of an international legal framework adapted to cyberwarfare
Authors such as Michael Schmitt suggest that "state-sponsored cyberattacks should be treated similarly to traditional acts of war in certain circumstances," so as to adapt international law to the realities of cyberspace. Schmitt argues that the law of armed conflict, especially the Geneva Conventions, should be updated to include specific rules for cyberattacks, thus facilitating proportionality and distinction between military and civilian targets. This facilitates a stronger and more coherent response by those countries affected.
But it should be noted that the implementation of an international legal framework includes problems of attribution of responsibility of those who participated in the attack. Secondly, due to their transnational nature, it is difficult to attribute them to a specific jurisdiction and also the cooperation between States to regulate and respond to incidents, generating normative gaps between nations in order to regulate them. Finally, in the absence of a global consensus on the application of general principles of international law, such as those established in the Geneva Conventions on cyberspace, there is a lack of specific rules to distinguish between military and civilian targets in cyberattacks.
2. Creation of an international court for cybersecurity.
To facilitate attribution and accountability, one possibility advocated by several authors is to establish an international court specializing in cyberwar and cybercrime. Thomas Rid (2013) notes that, to combat cybercrime, international courts could assist in the establishment of a global accountability system, in which a forum is provided to resolve disputes related to these issues. An international court dedicated to these issues would allow states and other affected actors to present their cases, impose sanctions against those responsible and, in the process, generate a uniform jurisprudence on these issues.
3. Strengthening international alliances in cybersecurity.
Smaller nations, especially development ones, are particularly vulnerable to state-sponsored cyber attacks. Joseph Nye (2010) notes that digital security partnerships could help mitigate these risks. More robust international cooperation in cybersecurity would enable the most vulnerable countries to access advanced cyber defense technologies and expertise to protect their digital infrastructures. The Global Forum on Cybersecurity (GFC)is a clear example of this, allowing countries to collaborate in the development of cybersecurity policies and practices.
4. Promotion of Education and global cyber awareness.
In the field of prevention, Bruce Schneier (2008) suggests that an effective way to address this issue is Education and awareness. Many cyber-attacks use human vulnerabilities and misinformation to their advantage, so increasing cyber-risk awareness and training at all stages of citizenship (whether basic Education or professional training ) could help to limit the negative impact of attacks.
5. Establishment of a global rapid response network
Finally, to respond to attacks, Richard Clarke (2010) proposes the creation of a global 'rapid response' network in which affected countries can receive immediate technical and legal attendance . The network could include governments, non-governmental organizations and even technology companies, thus enabling the coordination of efforts to mitigate damage and restore critical infrastructure after a cyber attack.
6. Creation of tools, data instructions and sanctions
Juan Zarate (2013) points out that states should invest in more sophisticated cyber intelligence tools and collaborate in the creation of international data instructions on cybercriminals. In addition, it is essential for international actors to be transparent in reference letter the cybersecurity measures they implement, thus making it impossible for them to be used in appearance to carry out illicit activities in cyberspace.
Likewise, Antonio Guglielmi (2017) highlights that the creation of a system of international sanctions can be applied to states that sponsor cyber attacks. Sanctions could range from trade restrictions to blocking access to advanced technologies, thus penalizing malicious actions in cyberspace.
Conclusion
The November 12, 2024 cyberattack, like so many others of similar characteristics that have been perpetrated in recent years, illustrates how state-sponsored cyberattacks are reshaping the dynamics of international warfare and diplomacy. Cybercrime and cyberwarfare continue to grow and intertwine, making it crucial for the international community to establish regulatory frameworks adapted to the new technological realities. Both the proposed solutions and others that may be developed represent an approach that seeks a more secure and efficient environment in cyberspace.