Introduction - TIS Eagles · Several millennia later, Chinese and Indian military generals-Sun Tzu and Chanukah, respectively- stressed the need for espionage tactics for military

TIANMUN 2018 Disarmament Committee –

1

FORUM: Disarmament Commission

ISSUE: Measures to suppress International Cyber

Espionage

STUDENT OFFICER: Tony (Seon Kwan) Cho

POSITION: Deputy President of Disarmament Commission

Introduction

Nowadays, with the advance of technology, the internet

has become an integral part of people throughout the world:

from communicating with people through Social Network

Service to learning, shopping, and banking, the presence of the

internet has become ubiquitous in every aspect of the modern

society. Yet, people undoubtedly expect that the potential threats

in the cyber realm will most likely to increase year by year, as

the use of digital devices will unceasingly be soaring, while

malign performers are becoming more emboldened and better armed with cyber-related technology. As

the President Obama once said “It is now clear that cyber threat is one of the most serious economic and

national security challenges we face as a nation,” the potential threats in the cyber realm are becoming a

reality for us, as a cascade of infected, malicious websites are prevalent

The outcomes of this act include not only seepage of salient confidential government documents

but also the leakage of company secrets, as evidenced by two major cyber espionage operations—

Operation Shady Rat and Operation of Aurora. The Operation Shady Rat has stolen corporate and

government data from more than 74 agencies and companies all over the world since 2012; the victims of

this act include United Nations, International Olympic Committee, Samsung, Apple. The Operation of

Aurora is another example; Google, in the beginning of 2010, claimed that the company faced a series of

cyber threats. Furthermore, it is later revealed that the hackers also stole information from more than 20

international corporations, including Yahoo and Microsoft. The People’s Republic of China has been

suspected of being behind this cyber-attack. These, however, are a few examples of this issue that have

recently garnered nationwide and international attention, pointing out the importance of acts against the

potential threats in the cyber realm and illustrating that many things are at stake.

Cyber Espionage: Hackers


2

Background Throughout human history, nations have been trying to undermine each other through clandestine

activity--espionage. In the early Egyptian dynasties, spies sought for weak tribes that could be easily

subjugated and enslaved. Several millennia later, Chinese and Indian military generals-Sun Tzu and

Chanukah, respectively- stressed the need for espionage tactics for military purpose. Spies were also

prevalent in the Greek and Roman empires. During 13th and 14th century, Mongolians relied heavily upon

spying in their colonies in Asia and Europe.

Compared to the traditional espionage, the modern

espionage poses a great threat to international security. In 1999,

the Congress of the United States expressed its utmost worries

and concerns on the seepage of the confidential documents

regarding the Weapons of Mass Destruction, commonly known as

WMD, stating that China had been stealing highly classified

information on thermonuclear warhead in the country’s

intercontinental ballistic missile (ICBM) arsenal. It was later revealed that every computer at the

American nuclear lavatories in the U.S. was infected by a certain virus that submitted design of advanced

warheads, the neutron bomb, and even weapon codes, which allow computer to initiate nuclear testing,

directly to secret agents of People's Republic of China. The leakage of weapon codes allowed China to

develop and enhance their nuclear weapons without having to conduct their own nuclear testing. What is

worse, a report-- published by the Security Council of the United Nations in 2010--stated that China has

backed development of nuclear weapons and consecutive testing of Submarine-Launched Ballistic

Missiles (SLBM) of Democratic People’s Republic of Korea (DPRK), using the data of the United States.

Because nuclear weapons pose a great threat to humanity, all nations possessing nuclear weapons have

exhaustive rules against sharing information regarding the development of nuclear weapons. Therefore, it

is now flagrant that China has yielded a great threat to the world security.

Office of Personnel Management Data Breach It is never overstatement that the biggest case of cybercrime in the U.S. history was Office of

Personnel Management Date Breach. In July, 2013, specialized hacking members from Russia and

Ukraine hacked a number of networks in the U.S., obtaining accesses to the bank account details of many

celebrities and corporates: the hacked companies include Nasdaq, Visa Card, American Airline, and

Carrefour NA. The investigators announced that the total loss resulted from this attack costed over $300

million, saying “in recent years, people with the ability to hack are the greatest threat to international

Weapons of Mass Destruction: Nuclear Bomb


3

security.” This incident showed the susceptibility of large corporates armed with sophisticated protection

system.

Problems Raised Violation of Rights and Properties and Security of Individuals

The internet not only plays such salient roles but does it

also offers people with space to save and store their personal

information and money. Since one of the chief aims of cyber-

espionage is to gain money, the malign actors devise a number

of methods to hack into the people’s banking accounts. It is no

exaggeration to say that most people’s banking accounts are at

high risk of getting cyber-attack, as exemplified by several

cyber assaults on numerous banking systems throughout the

world. In 2015, for instance, thousands of Canadian Central Banks' accounts were targeted by Chinese

cyber-terrorists, so-called Zeus; due to their assault, Canadian Central Bank lost $160,000 in just one day.

In2016, North Korean hackers conducted a cascade of cyber-attacks against the Central Bank of

Bangladesh, resulting in the cyber extortion of $81million.

Economic Impact of Cyber Espionage In this technology-driven era, an effective

advancement, implementation, and protection of technology

is determined by whether or not the corporations,

organizations, and nations meet their fiasco. Cybercriminals

are concentrated on attacking commercial websites/

organizations. According to a research conducted by Pilot in

2010, 193 out of 200 businesses responded that they have

been attacked by cybercriminals using malicious computer

viruses such as Ransom ware. The Record Industry Association of America (RIAA) estimated that the

cybercrimes targeting businesses cost about $13.9 billion per annum in economic losses on a global scale.

International Actions Convention on Cybercrime

Victims of cyberattack: Bank

Dollars: huge economic losses


4

The convention on cybercrime, also known as the Budapest Convention on Cybercrime, was the

first treaty that attempted to recognize the gravity of the cyber-related crimes, along with the enforcement

of the national laws, enhancement of investigative systems, and increment of cooperation among the

member states. This treaty was a great step towards international collaboration against cybercrime;

however, since it was drafted by the European Union, countries such as Brazil, China, and India refused

to follow this treaty, saying that they are not part of the European Union, and that it is a violation of their

sovereignty. Moreover, Russian Federation opposed to sign and ratify its problems, stating that adoption

of this treaty might severely infringe and violate its sovereignty.

Agreement between the USA and China in 2015 China, as presented, has been suspected to be one of the biggest hubs of the cyber-related crimes.

However, there is a hope that the agreement between the U.S. and China in 2015 may alleviate the gravity

of this situation. In September 2015, Chinese President Xi and the U.S. president Barack Obama met and

discussed the future plans for the cyber security and solutions to it; in their meeting, both of them

expressed a deep concern on this issue, contending that both governments should curb cyber-spying acts

on both sides. They agreed to implement a policy precluding the hackers from committing acts of cyber

espionage.

Key Players Russia

Russia will most likely conduct more stout, destructive

cyber operations in the following years, as it is evidenced by the

successive cyber-attacks against Ukraine. Russian government is

reported to be preparing for an array of cyber operations, which

shall target interruption of Ukrainian energy distribution branches,

interception of communication system at military base, operation of false flag, circulation of denial-of-

service attack, and many others. The Russian government’s cyber-attack will not be confined to Ukraine;

Russian intelligence will continue to operate cyber-attacks and espionage against the United States and its

allies, including Republic of Korea and Canada, in order to probe their critical infrastructure and

confidential documents regarding weapons. They will also target the US-related organizations such as

NATO in order to get insights as to the future US foreign policies.

Russia


5

China China’s use of cyber warfare poses a bulky threat to international

security and economy. It is an incontrovertible fact that China will continue

using more advanced cyber-attack and espionage in order to boost national

priorities, as evidenced by China’s 12th Five-Year Plan, which covers

2015~2020. The Federal Bureau of Investigation (FBI) continue to

scrutinize the ongoing cyber-attacks coming from China; the United States has accused China of

conducting a series of cyber-attacks against the US. The accusations include China’s cyber espionage

against American civilians and investigation of important military, commercial, research, and industrial

data bases. With China’s 12th Five-Year Plan--China’s stout desire for being a superpower of the world--,

many analysts contend that China will have the most advanced and aggressive cyber warfare capabilities

in the world. It, indeed, is no hyperbole to say that China will most likely steal more secrets from

entrepreneurs and governments than any other countries in the following years.

Democratic People’s Republic of Korea It is highly anticipated that North Korea’s cyber-attack and

espionage to help its fund-raising plans and gather intelligence will most

likely ascend in the following years, despite harsh sanctions imposed on

North Korea. North Korea has operated a series of attacks against the

Unites States and its partners-- especially South Korea by distributing

denial-of-service (DDOS) attacks, deleting data collection of the government, and deployment of ransom

wares. In 2016, North Korean hackers conducted a cascade of cyber-attacks against the Central Bank of

Bangladesh, resulting in the cyber extortion of $81million. It, hence, is undoubtedly expected that North

Korea will a great threat to international security and economy.

The United States of America The United States of America has been one of the greatest

victims of cyber-related crimes. As such, the United States of

America has taken an array of schemes to prevent cybercrimes and

prosecute cybercriminals. The U.S., for example, annually host the

Conference for Cyber Crime, a commission that deals with the enforcement of the Federal Laws and

enhancement of detecting-techniques.

China

DPRK

United States of America


6

Possible Solutions Collaboration with NGOs and Interpol The General Assembly (GA), Economic and Social Council (ECOSOC), and Security Council

(SC) of the United Nations often address the gravity of cyber espionage and attacks. Therefore, they call

for the cooperation of the member states to combat cybercrimes. However, as mentioned, the tangible

results have been evasive so far; a major adversity in combating cybercrimes is very hard to tract the

records, since the cybercrimes take furtive forms. Yet, several Non-Governmental Organizations (NGOs)

that are responsible for coordinating schemes and tracking the information regarding cyber espionage

have stopped monitoring malice actors and reporting the cyber security issues. With the absence of the

NGOs, the United Nations and its member states have been experiencing difficulties in implementing the

policies combating cybercrimes. To realize successful results, the member states also start cooperating

with INTERPOL. INTERPOL has proved itself that it should be the mediating body in this conflict,

offering a lot of nations with national police training and specific international procedures that could be

implemented in case of an assault. All member nations should start recognizing the importance of the

presence of the NGOs and, therefore, should create the organizations that can collaborate with the

member states.

Treaty and Convention (International Cooperation) Ever since its creation, the role of the United Nations has been to strengthen and ignite

international cooperation. With soaring rates of cybercrimes worldwide, the need for international

cooperation has grown greatly. Although many attempts have been taken, a lack of cohesion and

cooperation among member states have made them elusive so far. A treaty and convention, hence, should

be drafted and implemented by all member states: some nations such as India, China, and Russia rejected

to sign the Budapest Convention on Cybercrime, saying that it severely violates their sovereignty, though

the Budapest Convention clearly defined and addressed goals and procedures for cybercrime, along with

all nations that belong to the United States. Thus, the possible solution must include some clauses that

deal with the creation and ratification of treaty and convention, along with an encouragement of

international cooperation.

Glossary Cyber Espionage


7

Cyber espionage, also known as cyber spying, is the act or practice of obtaining secrets and

information without the permission and knowledge of the holder of the information from individuals,

competitors, governments, and enemies for personal, economic, political, and military advantage through

deploying such malicious software-viruses- as Trojan horses and spyware.

Cyber Terrorist Cyber terrorists are group of people who conduct cyber terrorism by supporting and backing up

each other. Most cyber terrorists tend to harm vulnerable victims with a specific purpose to benefit

themselves. Most terrorists avoid being caught by social network security system by utilizing techniques

that preclude people from detecting the source of terrorism.

Information Warfare Information warfare is a specific type of violence that occurs between two opposing sides that are

trying to gain access to each other’s information. Several techniques that can be employed during the

warfare includes the spreading of propaganda, demoralization of the opponent, or falsely uploading

wrong information in order to manipulate other people into going against the opponent. Information

warfare is also considered as psychological warfare that springs between the two conflicting sides

because the knowledge-level of various techniques plays a huge role during the warfare.

Denial-of-Service attack (DDOS attack) DDOS attack is utilized by numerous cyber terrorist groups worldwide that help them achieve

their goals without revealing their identity. This technique involves ways to attack the victims through

numerous websites in order to prevent the victims from finding the members of the terrorist groups at

ease. Terrorist groups, such as the Anonymous, utilize this technique to attack and censor the opponents.


8

Sources AFP. "China Cybercrime Costing US Billions: FBI Chief | SecurityWeek.Com." Security Week.

Security Week Network, 5 Oct. 2014. Web. 21 Aug. 2015.

<http://www.securityweek.com/chinacybercrime-costing-us-billions-fbi-chief>. Baldwin,

Roberto. "Frenemies US and China Join Forces to Fight Cyber Crime." Engadget. Aol Tech,

13 Apr. 2015. Web. 12 Aug. 2015.

<http://www.engadget.com/2015/04/13/dhs-chinacyber-security/>. "China's Policy Paper on the

EU: Deepen the China-EU Comprehensive Strategic Partnership for Mutual Benefit and

Win-win Cooperation." Ministry of Public Affairs of the People's Republic of China. Apr.

2014. Web. 12 Aug. 2015.

<http://www.fmprc.gov.cn/mfa_eng/zxxx_662805/t1143406.shtml>. "Combating Cyber Crime."

Homeland Security. Department of Homeland Security, 27 Apr. 2015. Web. 20 Aug. 2015.

<http://www.dhs.gov/topic/combating-cyber-crime>. "Combating Cybercrime in a Digital Age."

European Cybercrime Center (EC3). Europol, 16 Mar. 2014. Web. 12 Aug. 2015.

<www.europol.europa.eu>. COMMUNIQUÉ (1997). Council of Europe. 10 Dec. 1997. Web. 9

Aug. 2015.

<http://www.coe.int/t/dghl/cooperation/economiccrime/cybercrime/Documents/Points%20of%20C

contact/24%208%20Communique_en.pdf>. "Convention on Cybercrime." Council of Europe.

Council of Europe, 23 Nov. 2001. Web. 20 Aug. 2015.

<http://conventions.coe.int/Treaty/EN/Treaties/Html/185.htm>. "Convention on Cybercrime."

Wikipedia. Wikimedia Foundation, 18 Aug. 2015. Web. 20 Aug. 2015.

<https://en.wikipedia.org/wiki/Convention_on_Cybercrime>. "Cybercrime." INTERPOL.

INTERPOL, 17 Nov. 2014. Web. 12 Aug. 2015.

<http://www.interpol.int/Crime-areas/Cybercrime/Cybercrime>. "EU International Cyberspace

Policy." European Union External Action. European Union, 26 Oct. 2013. Web. 12 Aug. 2015.

<http://eeas.europa.eu/policies/eu-cyber-security/>.

"G8." Cybercrime Law. Cybercrime data AS, 12 Mar. 2012. Web. 10 Aug. 2015.

<http://www.cybercrimelaw.net/G8.html>. "G8 Wages War on Cyber-crime." BBC News. BBC, 11

Dec. 1997. Web. 9 Aug. 2015.

<http://news.bbc.co.uk/2/hi/science/nature/38009.stm>. Harmati, Judit. "Initial Training International

Competition - Third Edition –." International Cooperation in Criminal Matters in the European

Union (2008): 3-16. Council of Europe. Web. 9 Aug. 2015.

<http://www.coe.int/t/dghl/cooperation/lisbonnetwork/Themis/Criminal/Paper4_en.pdf>.

"International Cybercrime." Wikipedia. Wikimedia Foundation, 20 Apr. 2015. Web. 10 Aug. 2015.


9

<https://en.wikipedia.org/wiki/International_cybercrime>. Koul, Scaachi. "A Timeline of

Cyberwar and Cybercrime | Hazlitt." Hazlitt. Penguin Random House, 21 May 2013. Web. 12

Aug. 2015. <http://penguinrandomhouse.ca/hazlitt/blog/timelinecyberwar-and-cybercrime>. Lee,

Martin. "The Evolution of Cybercrime: From Julius Caesar and Prince Philip to State Sponsored

Malware." International Business Times RSS. IB Times, 07 Aug. 2015. Web. 12 Aug. 2015.

<http://www.ibtimes.co.uk/evolution-cybercrime-julius-caesar-prince-philip-statesponsored-

malware-1514552>. "