From P2P Foundation
Jump to navigation Jump to search


John Robb:

"Cyberwarfare is a form of open source warfare (see Brave New War for a deep exploration of open source warfare) over the Internet fought by groups civilians for reasons of nationalism, revenge, and (worst of all) fun. It's messy, chaotic, and nearly impossible to control.

The benefits of an open source cyberwar include:

  • Deniability. Offensive operations by government computers/personnel against a target nation is an act of war. Actions by civilian vigilantes is not and can be disowned. An inability to point to a an offending organization can make blame difficult to affix: note the speed at which the US tech press was willing to deny a Russian cyberwar against Estonia.
  • A huge talent pool. Rather than spend money on training a limited number of uniformed personnel (likely poorly), it's possible to draw on a talent pool of hundreds of thousands of participants (from hackers to IT professionals to cybercriminals). Given the rapid decay/turnover in skills, high rates of innovation, high compensation, and the value of real-world expertise, the best people for cyberwarfare don't work (nor will they ever) in the government. The best you can do is rent/entice them for a while.
  • Access to the best Resources/Weaponry. The best tools for cyberwarfare are developed in the cybercriminal community. They have vast and rapidly growing capabilities: a plethora of botnets, worms, compromised computers within target networks, identity information, etc. Further, these capabilities are cheap to rent."



"China and Russia have adopted the OSW approach to cyberwarfare. How did they do it? Simply:

  • Engage, co-opt, and protect cybercriminals. Essentially, use this influence to deter domestic commercial attacks and encourage an external focus. This keeps the skills sharp and the powder dry.
  • Seed the movement. Once the decision to launch a cyberattack is made, start it off right. Purchase botnets covertly from criminal networks to launch attacks, feed 'patriotic' blogs to incite attacks and list targets, etc.
  • Get out of the way. Don't interfere. Don't prosecute participants. Take notes."