It is common knowledge now that Private companies offer hacking services to the highest government bidder. Consequentially ushering in a new era of “cyber mercenaries”. (Source) The increased prevalence of these companies and their government contracts indicate a growing trend in privatized hacking. Private hacking firms are not only increasing in their scale but also in their scope. Furthermore, countries hire hacking companies to hack both individuals and private entities. Because of this, both developed and developing nations use these companies to conduct cyber operations on other nation states.
Key Judgment 1:
It is highly likely that nations are hiring firms for surveillance, espionage, and hacking on private individuals and entities.
- Surveillance and communication technologies have been rapidly growing in the 21st century and are of vital use to countries. Developed nations can have their own intelligence units whilst others may not be able to afford a dedicated continuous unit. Countries can largely supplement their offensive cyber capabilities through outsourcing.
- Media accused Ethiopia of hiring hacker-mercenaries to spy on Oromo dissidents in other countries. (Source) By hiring the firm CyberBit, the Ethiopian government was able to breach and survey media outlets, students, and lawyers. As a result, members of the dissident network became potentially compromised across the globe as a result of CyberBit’s services. (Source)
- It is likely that nations will use “hacker-for-hire” firms to level the technological playing field of surveillance and espionage. By outsourcing hacking operations to a third-party company, countries can conduct highly capable attacks without nationally dedicated units.
Key Judgment 2:
It is highly likely that foreign nations will use these hacker-mercenaries firms to target other nations.
- Avoiding ties to offensive cyber attacks is advantageous. The international order frowns actions like hacking and covert espionage. Therefore, hiring a private company allows a nation to combat its adversaries. Nonetheless it has a relative amount of subtlety and deniability.
- There are reports of ties between the Chinese government and hacker-mercenary group Hafnium. This group hacked US-based Microsoft, and compromised a number of their servers. (Source) Russia has ties to the group that hacked SolarWinds, a US-based software company that supplied services to the US government. (Source)
- Nations who seek to take a hands-off approach to cyber warfare will find hackers-for-hire to be extremely lucrative and convenient. Plausible deniability can protect countries until the entire truth of their cyber operations is no secret anymore.
Key Judgment 3:
It is likely that these mercenary-like groups will attract the attention and patronage of the United States.
- The US has already used contractors in every aspect of warfare, and cyber warfare would be no different. (Source)
- The comibnation of NSA’s massive surveillance program and increased scrutiny of surveillance by government these groups are convenient to use. Private hacking companies allow an indirect way for the US to survey members of the population without using official agencies. (Source)
- The US, has a high desire to maintain hegemony. A past use of contractors for warfare would employ these groups. The US would use these contractors to facilitate an indirect approach to cyber warfare, towards both individuals and other nations.