On Feb. 22nd, 2012, Adam Segal wrote for the Council on Foreign Relations regarding the phenomenon of patriotic hackers. Patriotic hackers use their hacking abilities to help out their home countries, but they aren't necessarily employed by their home governments. However, their home governments benefit from their hacking activities while maintaining plausible deniability (i.e. we don't control these guys, you can't blame our government for the actions of these hackers).
Segal noted that cyber militias–organizations loosely affiliated with the government that employ private, patriotic hackers–have increased in popularity amongst Asian governments. That makes sense; cyber militias have a number of benefits. Notably, cyber militias make use of private sector expertise, allowing the government to keep up with the blinding pace of offensive cyber-developments. Moreover, by using cyber militias, governments can retain the best hacking talent at private sector salaries. The article explained that both Japanese academics and Indian government officials have called for the creation of cyber militias. Apparently the Indian government proposed using cyber militias for offensive operations, and even considered "providing legal protection to hackers who would be used to attack the computers of hostile nations."
Of course, China probably uses both patriotic hackers and cyber militias for offense and defense. Segal explained that Nanhao Group, a private Chinese web company, even has departments devoted to cyberattack.
However, for all the flexibility that cyber militias afford, they come with some drawbacks. There's the possibility that patriotic hackers (or cyber militias) could disobey government orders and "target off-limit networks." This, according to Segal, might lead to an unintentional escalation in hostilities. In addition, technology is making attribution easier. If a foreign government's intelligence service can track a cyberattack back to a cyber militia, and knows that the cyber militia takes orders from the top, then plausible deniability doesn't really work.
In conclusion, Segal argues for the creation of a regional body that would facilitate communication and defuse tensions in the event of a patriotic cyberattack. Richard Clarke proposed a similar body; the general idea was to have the cyber equivalent of the nuclear red phone between the Soviets and the US government.
You can find the CFR source article here.
Leave a Reply