Cyber Mercenaries: The State, Hackers, and Power

by Tim Maurer

For example, in February 2016, hackers with alleged ties to North Korea attempted to steal nearly USD 1 billion from the Bangladeshi central bank.9 If they had fully succeeded, the theft would have amounted to 0.58 percent of Bangladesh’s GDP.

The necessary condition for cyber power as used in this book is unauthorized access. The notion of consent and authorization is a good baseline for conceptualizing hacking generally.

These examples show that the main variable determining whether an actor can cause harm is not technical sophistication, not knowledge of specific vulnerabilities or development of sophisticated codes, but intent.

The second category of small networked groups consists of networks of politically driven hacktivists, curiosity-driven hackers, or profit-driven cyber criminals. Importantly, many of these actors operate with mixed intent.

Use of the term “state-sponsored” does not mean that all of these actors are, in fact, non-state actors detached from the state and acting as its proxy. Instead, it reflects journalists’ inability to definitively attribute the incident to a state at the time of publication: the term “state-sponsored” is used to describe both state and state-sponsored actors as the potential source.

The question is less whether attribution is possible but by when.

Yet over time, the US national security community developed the mainstream view that offensive cyber operations are distinct from classic information and psychological operations and electronic warfare.

Susan Hennessey, a former attorney at the NSA, has stated that “[t]he chain of command is clear on paper. It’s much more difficult in practice,” holding up the distinction between a cyber operation and electronic warfare as an example.

Making the analogy between a nuclear strike and an information operation might seem bizarre to Western observers, yet it continues to feature in presentations by Russian officials, as I witnessed at a conference in 2016.53 What explains this hyperbolic parallel between content and a weapon of mass destruction? Analysts of Russian policy emphasize that the Russian government has been primarily concerned about internal stability and external efforts to undermine it.

“[Russian b]ooks and articles claim that the death blow to the Soviet Union came, not from NATO conventional forces, but from an imperialist ‘information war’ that Russia lost.

In the mid-1990s, the Kremlin approached the White House with a proposal for an international information security treaty. Although the US government rejected the proposal, this has not kept the Russian government from pursuing and promoting the idea globally. Moscow put the implications of information and communications technologies for international peace and security on the agenda of the UN General Assembly’s First Committee in the late 1990s and worked with the member states of the Shanghai Cooperation Organization to further advance its proposal for such a treaty. Together with China, Russia developed the aforementioned 2011 draft International Code of Conduct for Information Security, along with a draft Convention that circulated at a conference in Yekaterinburg in autumn 2011.

“extraterritorial censorship.”

Some experts have speculated that from the Chinese government’s perspective, the Great Cannon action was not a first strike but a retaliation against the perceived deliberate attempt to undermine the regime, a position resembling Russia’s view on the cyber attack in Ukraine.99 Such a stance would align with the Chinese Communist Party’s focus on ensuring domestic stability.

The stark reality is that more than 50% of the Intelligence Community workforce was hired after 9/11.

!!!

The massive protests in 2009 and the discovery of the Stuxnet malware in 2010 suddenly presented officials in Tehran with both internal and external threats enabled by a technology they had not made a top priority before.

Overall, Tehran’s actions are driven by its focus on domestic regime stability.

In China these links between state and private are also blurred. Inkster pointed out that telecommunications companies like Huawei and ZTE “aspire to be ‘normal’ companies but like all Chinese private sector companies have what is in effect a ‘shadow board’ in the form of a Communist Party cell which can override management decisions and enforce adherence to national strategic priorities.”

The Chinese Communist Party’s 2013 Communiqué on the Current State of the Ideological Sphere, also known as Document 9,72 listed what became known as the qige bujiang (“seven taboo subjects”) that were deemed disruptive: universal values, freedom of speech, civil society, civil rights, the historical errors of the CCP, crony capitalism, and judicial independence.