Throughout history, the mercenary has been the true independent contractor who often sold their services to the highest bidder. In the Middle Ages, the Byzantine Emperors looked to war-prone peoples (often the Varangians) to serve as their personal guard. Since these outsiders had no ties to the local population, they were expected to be readily available to suppress rebellions and dissent. As work-for-hire employees, they did the dirty jobs and were well paid for it.
In the 20th century, mercenaries were often former military personnel who offered their skills and services to various African and Latin American clients. Supposedly better trained in the “art of war” than those in the standing armies, countries opted to outsource for the best talent.
But today’s soldier of fortune may not be an ex-military type traveling to a distant land to fight someone else’s war with their conventional weapons – but a lone actor working remotely from behind a keyboard and monitor. Is the mercenary of the 21st century a hacker?
The unknown soldier
A major concern facing cyber security experts today is that in many cases states don’t actually need to train or develop hackers – they can be outsourced from around the world. North Korea doesn’t need to actually have hackers that set foot in North Korea. Instead, the “talent” can be contracted online through the dark web.
Hacking also remains a low-cost way for so-called rogue states like Iran and North Korea – or even non-nation state players such as ISIS – to target American and others’ interests around the globe. And remote hacking can be a safer option than entering a foreign land: if the hacker’s government-employer falls, there is no need to worry about escaping from the country. This all makes it even more difficult to know who is responsible when an attack does occur.
History has taught us that countries need not be limited by their borders when it comes to building their tactical knowledge and military prowess. In the 1870s Japan brought in advisors from France and Germany as part of efforts to modernise its military. Czar Peter I of Russia went to Western Europe to study everything from architecture to military organization, later returning to Russia with the knowledge he gained.
Today, if a state doesn’t have strong institutions devoted to computer science, it doesn’t have to be a barrier to developing domestic hackers. Young students can be sent abroad to develop their skills. North Korean hackers are often educated in China, and Iran has been known to send its brightest overseas as well. These cyber warriors can return home with new experience and in turn teach the next generation of would-be state hackers.
It is true that North Korea has increased its number of technical schools, and this could be a result of those who were originally sent abroad to be educated by foreign experts in this “trade craft”. Other students may begin their training at home, with a view to being sent to other countries afterwards to perfect their abilities.
The Force Multiplier Concern
In addition to the states that have already developed dedicated efforts to cyber warfare, there is a concern that lone wolves could become another force multiplier. Would-be lone wolves who have sympathies to a cause or regime can be a major threat.
With hackers, a state doesn’t even need a dedicated team such as Iran’s APT33 or China’s PLA Unit 61398 to do significant damage. A bright person or two could result in what has been described as “asymmetric warfare”, where billions of dollars in resources are required to protect interests that just a few hackers could put at risk.
Moreover, there could be groupings of citizen-hackers that aren’t associated with a government, but have sympathies that are in line with a state. A historical example of this could be terrorist groups such as Germany’s Red Army Faction who aided the Soviet Union indirectly during the Cold War.
In these cases, hackers aren’t so much soldiers working for a government, but still pose a significant threat. This dynamic highlights how today’s cyber efforts are increasingly decentralized, making it harder for states to protect their respective interests.