latest from the magazine
latest journal issue
The North Atlantic Treaty Organization (NATO) and other military alliances have recognized cyberspace as an essential operational domain of international conflict. The militarization of cyberspace has led to the recruitment of digital soldiers, experts in technology who carry out state sanctioned cyber attacks and political subterfuge. Critical national infrastructures are becoming more computerized, relying on cyber technologies to control and administer their essential functions. This increased interconnectivity comes at a cost, making them vulnerable targets of cyber attacks (Geers 2009). As a result, governments have intensified their cyber defense capabilities, ensuring these vulnerable infrastructures are properly secured, as “cyber attacks can be unexpected, instantaneous, and devastating”; at the same time, states have actively been developing new offensive cybertechnologies to asset political objectives and/or wage attacks against rival foreign enemies (Schoeni 2017; 6).
Coleman and Golub (2008) discusses a “hacker ethic”, noting that there is no universal moral doctrine of hacking, rather there are various multiplicities organized around the philosophy of liberalism (as my colleague Tyler King discusses in this symposium). Furthermore, when hackers act politically they are often taking a stance against a state or policy that is diametrically opposed to civil liberties, individual rights, equality, and/or justice; these actions can take multiple forms such as information leaking and whistleblowing (e.g., Edward Snowden’s megaleak) or the development of anarchic software designed to disrupt the capitalist economy (Coleman 2017). Yet, what happens when hacker groups implicitly ally themselves with the military interests of a nation state? This article is not trying to argue that the average modern hacker has abandoned the principles of liberalism, antiauthoritarian, justice, and freedom; instead, it is worth uncovering the individuals/groups behind state sanctioned hacking offensives, their motives and most importantly the consequences of their attempts to destabilize and repurpose cyber infrastructure.
Conceptually cyber infrastructure lacks a singular, comprehensive definition. Some scholars articulate that cyber infrastructure consists of computing systems, data storage systems, advanced instruments and people; these digital and biological systems are all linked together to improve productivity, interconnectivity and enable breakthroughs not otherwise possible (Stewart et al. 2010). Cyber infrastructure is increasingly becoming an evolutionary standard in the maintenance and operation of a country’s critical infrastructure. Amin (2015) notes that there has been a significant increase in power outages in the United States from 2001-2010. Experts have articulated that digital technologies are necessary in improving the reliability, efficiency and security of power grids across the country (Amin 2015). The digitization of critical infrastructure is occurring at a rapid rate. In essence cyber infrastructure is embedding itself within and transforming existing infrastructure, including military, economic and energy-based infrastructure (Amin 2015; Geers 2009)
The cyberization of critical infrastructure has been accompanied by increasing IT security literature noting the frailties of these systems to digital offensives (Quigley, Burns & Stallard 2015). In the past, if an enemy combatant wanted to cripple a states critical infrastructure they engaged in overt, physical, methods of destruction. These offensives could resemble targeted artillery strikes, internal sabotage or forcible shutdown through occupation (Mihelic & Vrhovec 2018). These vulnerabilities still exist, yet,enemy actors are able to take advantage of the cyber vector of war, effectively shutting down infrastructure through the use of malware and viruses through digital channels. These new offences are preferable as they often have the same devastating impact, can be coordinated overseas, allows for greater anonymity and limits the potential for casualties for the offensive side (Mihelic & Vrhovec 2018; Quigley, Burns & Stallard 2015). These attacks are even more troubling for states or provinces that base their entire economy and employment on a singular, monolithic, critical infrastructure. Akhbari (2017) discussed how urban protests significantly disrupted Iranian oil production in the Khuzestan province, a coordinated digital attack could potentially lead to a more devastating outcome.
The 2010 Stuxnet attack was considered a “game changer” in the realm of international cyber operations (Denning 2012). Stuxnet was a self-replicating cyber worm which infected hundreds of computers (as well as the cyber network they operated on), and successfully shutdown the Iranian nuclear centrifuge facilities in the county of Natanz. The worm had two key functions: first, it monitored and collected data on Iranian nuclear capabilities; second, upon completion of the spyware protocols, Stuxnet gained direct access to the centrifuge control systems, forcing them to excessively speed up, eventually leading to their destruction (Kirsch 2012). Overall, the attack successfully destroyed 1,000 centrifuges, leading to a 10% reduction in Iran’s nuclear development (Kirsch 2012). The dominant literature and expert testimony collectively theorized that the attack was coordinated by Israeli and United States military personnel to disrupt Iran’s nuclear capabilities and weaken their geopolitical strength in the Middle East (Denning 2012; Kirsch 2012; Zetter 2014). The Stuxnet worm was conceptualized by state actors and academics alike as a “digital weapon” one that has the potential to alter international power dynamics (Zetter 2014).
Terms such as “digital weapon” and “cyber-warfare” allow for military actors to intervene and become expert knowledge producers in the realm of cybertechnology. Commonly, the military frames equate “digital weaponry” with nuclear arms due to their potential to devastate critical infrastructure and cause mass collateral damage (Mazanec, 2016). This sentiment was reflected in a statement made by then-Defense Secretary Leon Panetta in 2012, when he warned United States citizens that there was looming threat of a “cyber Pearl Harbor” that “would paralyze and shock the nation and create a new, profound, sense of vulnerability” (Bumiller and Shanker 2012).
The myth of the malevolent, individualized hacker was espoused in mass media and political speeches has receded in recent years (although there are a few key exceptions, the majority of “cyber war” news appears to now focus around attacks between opposing state actors). Hackers are now being digitally conscripted by military and government officials alike to bolster their nation’s cyber security capabilities and potentially carry out cyber offensives against foreign enemy states. China is perhaps the most salient example of a state utilizing hackers for prolific cyber espionage activities and attacks. Chinese cyber attacks directed against the United States “became so prevalent that they merited a category name: Advanced Persistent Threats (APT)” (Brown and Yung 2017). The Chinese military developed a new unit (PLA Unit 61398), that was composed of hacking experts. This unit engaged in multiple campaigns of espionage, critical infrastructural destruction, and counter-surveillance. The pervasiveness of Chinese cyber attacks has led to countless debates among Western politicians and scholars about how to appropriately respond to cyber aggression. However, as Iasiello (2014) notes, the United States government has made an uncomfortable habit of implicating foreign state actors in the event of hacking attacks, often without extensive evidence. These potentially reckless associations of guilt may lead to volatile state sanction hacking attacks as a method of retribution (Iasiello 2014). Nevertheless, China’s adoption of hacker knowledge systems and tactics has situated themselves as one of the most powerful nations in the cyber realm.
Another state that has been in the international spotlight as of late for its hacking activities is Russia. Russia has been accused of influencing the 2016 United States Presidential Election through multiple digital channels. Russian hackers engaged in direct digital attacks that targeted the Democratic National Convention (DNC) as well as the use of fake robot accounts to spread pro-Russian/Trump and anti-Clinton rhetoric over social media (ICA 2017). During the DNC elections, Russian hackers were able to infiltrate voting machines and collect classified information from the DNC database. Princeton Professor Andrew Appel demonstrated the faults of voting machine technology by purchasing and hacking one in less than seven minutes (Wofford 2016). Appel was concerned by Western society’s growing desire to computerize voting, implying that increased interconnectivity through digital networks opens potential zones of infiltration and foreign state influence over the democratic process through hacking (Wofford 2016). Numerous theorists have argued that the United States government should classify election infrastructure as critical infrastructure; this would provide the federal government with greater regulatory power over election technologies, ideally promoting more effective security protocols to protect the democratic process (Monticollo 2017).
State sanctioned hacking can digitally repurpose cyber technologies, changing their function to achieve auxiliary goals. Omar Salamanca discusses how infrastructural “development” projects in the Palestinian West Bank – such as the construction of roads and walls – were framed as charitable efforts to assist Palestine with modernization; yet these infrastructural efforts better served Israeli colonial policies by helping the government manage and re-order Palestine populations and their “native” lands (Salamanca 2014). Drawing on Salamanca’s piece, computerized voting systems and social media networks are presented as infrastructural evolutions in the democratic election process (Monticollo 2017). However, foreign states have demonstrated an acute skill in repurposing these technologies to achieve goals that are diametrically opposed to democracy. How can these technologies encapsulate democracy and free will if the outcomes have already been dictated by foreign state hackers?
Despite the larger hacking community’s best efforts, some hackers have become the “kind of tool of war that can be used to disrupt infrastructures and destabilize societies” that the writers and readers of 2600: The Hacker Quarterly once feared (Goldstein 2008; 261). China and Russia are clear examples of the state appropriating hacking to achieve political self-interests (Mazanec 2016). Private hacking organizations have emerged as key political players, taking advantage of a multi-billion-dollar cyberwarfare market (Kushner 2016). The HackingTeam was one of the most prolific digital mercenary organizations; they provided spyware software and “digital weaponry” to numerous repressive regimes such as Saudi Arabia, Egypt, and Russia (Kushner 2016). The HackingTeam’s tools allowed repressive regimes to target political dissidents and closely monitor their activities. This information has led to numerous arrests and state sponsored assassinations of political rivals (Kushner 2016). The Hacker Team represents the gold standard of an organization that has turned their back on the philosophies of freedom, open access, and other libertarian ideals deeply rooted within various hacker ethnics.
The state has appropriated and adopted hacking techniques and knowledges as a tool of war. As societies become increasingly interconnected through cybertechnologies, the pervasive threat of a looming cyber attack becomes all too apparent. The United States Department of Defense has adopted an effect-based approach when determining whether a cyber activity becomes a cyber attack. Under their definition, catastrophic infrastructural destruction that impacts the civilian realm are equitable to a physical invasion or drone strike (Kirsch 2012). State Alliances such as NATO may consider these forms of cyber attacks as worthy of authorizing a collective defense protocol leading to outright global conflict (Kirsch 2012). Hacker groups have the potential to engage in these state-sanctioned attacks, making them potentially accountable for international (physical) warfare.
It should of course be noted that there remains a portion of the hacking community that continues to distance itself from the military establishment or engaging in digital arms sale (the hacker vigilante group Anonymous being the most popular example). However, states have increasingly adopted hacker knowledge systems, personnel and tactics to strengthen their hold in the international cyber sphere, potentially asserting interests that are authoritarian in nature and directly challenge the liberal hacker ethics Coleman and Golub (2008) describes.