I don't think a drone attack is necessarily the ideal solution but a "civilian" that shuts down a hospital is a terrorist if they did it on their own and an enemy combatant if they got help from their state.
The American Heritage dictionary defines terrorism as:
> The use of violence or the threat of violence, especially against civilians, in the pursuit of political goals.
The FBI has two definitions:
> International terrorism: Violent, criminal acts committed by individuals and/or groups who are inspired by, or associated with, designated foreign terrorist organizations or nations (state-sponsored).
> Domestic terrorism: Violent, criminal acts committed by individuals and/or groups to further ideological goals stemming from domestic influences, such as those of a political, religious, social, racial, or environmental nature.
Where's the pursuit of an ideological goal? These guys are ransomwaring whoever has money and bad security, right? Seems like equal opportunity extortion, rather than terrorism to me.
I don't see how that would make me feel like it was terrorism?
Terrorism isn't just things I don't like. If a group is ransoming whatever IT systems they can, for the purposes of gaining money, it just doesn't feel like terrorism to me. Unless there's some evidence otherwise, it's just extortion.
I don't like extortion, and if I suffered acute harm due to extortion, I'd be more upset, but I still wouldn't try to claim extortion is terrorism.
It's different if the ransomers are demanding that the invasion of Musicland by Bookland be stopped, and targeting infrastructure as way to get their message out, and using ransoms to help the plight of the Musicians.
> I don't like extortion, and if I suffered acute harm due to extortion, I'd be more upset, but I still wouldn't try to claim extortion is terrorism.
That makes you an outlier.
IANAL, but in a number of jurisdictions under common law (including the United States), when a person is killed - in this example, a patient dying because of EMR corruption/unavailability - in the commission of another crime - extortion - it is considered murder under the felony murder doctrine[0].
Now, again, IANAL and the minds of judges and jurors are fickle, but it seems to me if you could prove a relationship between "Guy in Russia locks a Cerner Millennium or Epic Systems database" and "Patient who was in the hospital died because information in database could not be accessed", you could possibly convict them of murder even though they only wanted money out of it, because you could potentially convince the court that as a hacker, the person in Russia should have known that this would necessarily bring about the risk of patient harm. After all, isn't that what makes the EMR worth encrypting to them?
It's also worth noting that terrorist organizations routinely take people hostage to extract ransoms that then get used to finance their operations. The fact that the terrorist organization in this case is likely to be the Russian SVR is immaterial. They are a government under a ton of sanctions and are looking to replenish funds however they can. Cryptocurrency is incredibly useful if you're looking to evade international sanctions.
Sure, it could be murder, that still doesn't make it terrorism. Extortion leading to murder isn't terrorism. If it's coming at the direction or for the benefit of Russia, perhaps it could be espionage or sabotage, but I still don't think it's terrorism. IMHO, Russia is waging a war of aggression / conquest, quite possibly outside the rules of war and international law, but that doesn't really feel like terrorism either.
Offtopic, I also kind of wonder when it becomes murder for the health systems to not protect their IT, but I'm not trying to deflect; that's a question for some other thread.
I'm not familiar with all the laws against terrorism, but let's go with this one [1]?
It's not international terrorism (1), because it meets clause A, but not B or C.
It's not domestic terrorism (5), because it meets clause A and C, but not B.
Clause B is the same for both
> B) appear to be intended—
(i) to intimidate or coerce a civilian population;
(ii) to influence the policy of a government by intimidation or coercion; or
(iii) to affect the conduct of a government by mass destruction, assassination, or kidnapping;
Ransomware doesn't appear to be intended to do any of those things to me.
Do you have a reference that says this is terrorism?
The thing is you start out with knowing what this person did and you reason from that if it is ok to kill him.
But if you whack him what the international public would see is an american missile in a smouldering crater in some civilian suburb. That is an act of war. And not the shadowy kind which is already happening. That forces the Russians to also react in kind (otherwise they look weak.)
The Russians would also work hard to spread misinformation about what you did. They would say you got the wrong person, or that you got innocent bystanders. Probably both. They would also say it was an extrajudicial killing where the executive played judge, jurry, and executioner in one. And you know what? They would be right.
And even if everyone agrees that you got the right person, and he was a bad one, and there was no collateral damage in your initial attack it can still lead to innocent deaths. Let me tell you about Ukraine International Airlines Flight 752 [1]. What happened is that the US assasinated Major General Qasem Soleimani. Undeniably a military target. Arguably a bad one. Iran in retaliation lobbed some ballistic missiles to a US base. Due to luck nobody died there. All is well, isn’t it? No, not really. The iranian air defence following their retaliation was understandably on full alert. Somebody panicked and mistook a civilian airliner for an incoming american cruise missile and shot them down. 176 innocent civilians are now dead. It is a tragedy.
Did the US killed those 176 civilians? No they didn’t. The proximal fault lies with the panicking Iranian air defences. But these are the kind of forces you are playing when you are talking about drone assasinating randoms.
Framing ransomeware attacks on hospitals as a "facet of life" is a deeply ridiculous statement. You can oppose drone strikes without saying absurd things.
Precisely. They're attacking hospitals. If you're operating a systematic campaign to cause misery, injury, or death to civilians in either war or peacetime, that's a crime against humanity[0]. I'd say locking up the data of a hospital, impeding their ability to treat innocent civilians, counts.
What'd we do with people who committed those crimes during WWII in the name of an expansionist, ultra-nationalist regime?
My guess is that many of these attackers work at least in cooperation with the Russian government.
It would certainly serve their strategic interests and would align with the Russian Federation’s status as a mafia state. Use criminals to hack opposing countries’ computers, degrading their society. Then, use a cut of the ransom paid to ease the blow of sanctions. In exchange the government gives you more resources to continue your work and provides cover against international law enforcement efforts to stop you.
If those “civilians” would like to avoid Western reprisals for attacking digital infrastructure (particularly the infrastructure that innocent patients need to receive treatment at hospitals), they should cease immediately. Otherwise I have absolutely no problem with handling them like we did Nazis after WWII: hunting them down wherever they are and punishing them for their crimes.
It seems pretty obviously untenable from a "is a big escalation" perspective, especially with a nuclear power. Like neither practical and probably not moral. But especially not practical given that other similar suppliers are Chinese or Israeli firms.
What will you demand to be done when they whack us back?