The following is an excerpt from of Cyber Guerilla by authors Jelle van Haaster, Ricky Gevers and Martijn Sprengers and published by Syngress. This section from chapter two explores the different roles of a hacker.
Since the information revolution the Internet has been a driving force behind many - if not most - social reforms. From the 1% marches to the Arab Spring: The Internet was used to fuel, coordinate, and facilitate protests. The Internet turned out to be a safe haven for liberal thinkers and was used to establish contacts with other like-minded individuals at the other end of the globe. The global nature of the Internet makes (targeted) communication accessible to anyone. This was at the core of many great revelations: WikiLeaks being the first, The Intercept and Edward Snowden following quickly.
In the early days the Internet was a safe haven for free thinkers; there was no censorship and no laws were directly applicable. This opened up opportunities on the Internet to influence governments and their laws. However, this situation has changed: The Internet has become securitized and militarized. Whereas the Internet used to be a place aimed at free and unhindered flow of information and ideas, now it is increasingly influenced by State actors and large non-State actors. Whereas any individual could tread onto the Internet and fight for a cause, nowadays you need to tread carefully.
Chapter 1 has described the essence of cyber guerilla strategy, tactics, and the concepts of favorable and unfavorable terrain. In other words, Chapter 1 has laid out the overarching conceptual framework for cyber guerilla. As mentioned in Chapter 1, cyber guerilla is amorphous; it takes different forms depending on societal context. It may take a nonviolent form, resembling electronic civil disobedience, or a more violent, conventional guerilla-like form, albeit virtual.
These different contexts require a versatile, intelligent, and very specific type of individual to fight on the digital forefront. This chapter will zoom in to look at the cornerstone of cyber guerilla: the hacker group. Sections 1 and 2 will focus on the two roles hacker group members have to be able to fulfill. Mirroring the amorphous character of cyber guerilla, group members should be able to fulfill the role of (1) social reformer and (2) combatant. These two sections are aimed at describing the ideological foundations of hacker group members. Section 3 describes the hacker group composition and will describe the intellectual capacities and skill-sets needed in the group.
The hacker as social reformer
Anyone wishing to make a stand against a larger actor will ask himself what type of persons are sought after when organizing a hacker group. The type of person sought after can best be described as a social reformer, strongly developed in both intellectual and ideological sense. This person shares the firm belief that traditional laws do not apply to the Internet and the borders that sovereign rulers try to impose on the Internet are irrelevant. Although most political leaders will try to bring their laws onto the Internet, he believes that they will not succeed, in part because of his contribution to preventing them from doing so. He believes in the Internet as common good enabling the connection of communities and sharing information, knowledge, and ideas.
It should be stated that the Internet has enabled a borderless guerilla fighter. The territory of the cyber guerilla fighter is the borderless Internet. The Internet is the connecting element for fighters located in different territories. As a consequence of the global character of the Internet, new recruits can be found anywhere on the planet. This global character is reflected in the cyber guerilla fighter—he is a human being but, unlike many others, he does not feel bound by borders. Believing in a free, unhindered flow of information and ideas, he is not interested in religion, ethnicity, and sexuality. Information, knowledge, and technology prevail over any these irrelevant aspects.
The Internet functions as brains and nerve system for the hacker group. The Internet enables the hacker group to tap into a vast resource of community knowledge (brains) and to direct action via myriads of channels (nerve system). As Internet access permeates the world, the potential recruiting ground increases and offers many more to join the fight against all forms of injustice. Cyber guerilla is not an exclusively Western phenomenon; as the domain is global, possible recruits can hail from anywhere. As Internet access is benefiting cyber guerilla, the guerilla fighter should always strive to enable Internet access to those being cut off, censored, or otherwise unable of reaching the Internet. Giving or restoring people's access will increase the amount of potential recruits and supporters.
The individual sought after strongly opposes Internet censorship and feels he should fight against this form of oppression. Although the battle for a free Internet has been long lost, there are many new opportunities to escape, evade, and counteract the scrutinous eyes of States, large corporations, and other actors. These means open to any individual will be discussed later on in this chapter and Chapter 3. Besides that, the individual fighting cyber guerilla believes that only the Internet can guard our freedom of conscience, which is the only thing that could further humanity technologically, culturally, and sociologically. This individual is not trying to achieve megalomaniac feats as saving the planet; instead he aims to improve the quality of life for all gradually.
The hacker as combatant
As States and large actors seized the information domain, they sought ways of influencing other actors. The hacker and his code turned out to be a very effective weapon on this virtual battleground. In the beginning of the Internet, monitoring was virtually nonexistent; hence, anyone with a little hacker skill could penetrate any of its chosen targets. Without getting caught, one could easily wander through the computers of NASA or visit AREA51 digitally. The many videos of old-school hackers penetrating army.mil server, filming it, and throwing it online are testament to this period in time where anybody could hack. Sadly enough, by virtue of intrusion detection systems going mainstream that age is over right now. To overcome access controls and all other safeguards, a very knowledgeable and skillful individual is needed.
These types of individuals are very scarce and are sought after by IT companies, armed forces, intelligence agencies, and large corporations. As anyone is looking after these individuals, knowledge and skill have become the prime criteria above all else. For once soldiers do not care about the hacker's physique, as long as they are capable of shutting down the enemy's air defense system. The hacker in a combatant role has proven to be very effective, able of influencing large corporations and States.
Stuxnet is one of the most prominent examples of the potency of hackers in State-to-State relations. Government-funded hackers created Stuxnet and released it to manipulate the Natanz centrifuge. Although heralding the state and its intelligence agencies as the victor, this success was achieved only by virtue of hackers. Another example affirming the role of the hacker on the world stage is Edward Snowden's revelations. The Snowden files uncovered a virtual arms race in the realm of digital and economic espionage. The means and methods used in this arms race are developed, maintained, and executed by hackers. These examples affirm the power of the Internet and information technologies, and the role of hackers on the world stage.
Not only do hackers play a potent role in the arena of State-to-State relations; they are a force to be reckoned with even in internal affairs. As the Arab Spring and many other smaller protests have shown, one of the most successful ways of spreading ideas is through social media. Many governments try to censor such platforms and try to impose controls on these platforms. Censorship and controls are easily overcome by hackers; they can help movements by training and educating the protesters in ways of circumventing censorship. Although no hacker is needed to start a movement, hackers can make sure that governments will not succeed in tampering with movements, impeding on their outreach and their effectiveness in general. Examples include overcoming domain name system (DNS) censorship in Turkey, the Arab Spring (Tunisia, among others), and censoring BlackBerry usage during London riots. As such, hacker skills contribute to movement success. Exponential growth has gotten a new dimension with the rise of the Internet and social media—the hacker is the maintenance engineer and champion.
In the past decade we have witnessed many hacker groups operating - whether in support of or against a State actor - from conflict zones. Conducting operations from areas that are subjected to armed violence requires a different mind-set and organization. When conducting cyber guerilla during armed struggles, whether inter- or intra-State, the hacker group has to be prepared for physical violence, detainment, prosecution, and abductions. Hacker group organization capabilities, and the different tasks should be prepared with the utmost care when preparing for operations during conflict. Hacker group leadership should play a prominent role to prepare the group for this daunting challenge.
Acting against State or non-State military or militant actors involves the hacker group becoming a potential target for these actors. These actors have shown the willingness to use deadly force against those engaged in cyber activities, for instance by bombing their homes and workplaces. Other activities are the detainment or abduction of members by State agents, all showing that military or militant actors will most likely choose to counter hacker operations with physical force rather than virtually. The hacker group should prepare for this contingency when taking on a role in armed conflict.
Some might feel that the hacker group will not be targeted by physical action. The following example will illustrate what a group might expect when conducting activities during armed struggles.1 The means and methods militant or military actors will use against (hacker) groups become apparent when looking at the group "Raqqa is Being Slaughtered Silently" (or Raqqa_SL) in Syria. This group is spearheading the Syrian media campaign against Islamic State (IS) in Raqqa. This group primarily focused on the use of (social)media to unveil the monstrosities committed by IS. This particular group is conducting extremely difficult work in an extremely hostile environment. Several of its members have been killed, not only within the occupied area in Raqqa, but also in other countries (such as Turkey). This exemplifies that a virtual activity may result in physical repercussions; a group that is conducting operations or something as simple as providing media coverage for the world to see have the risk of being killed.
Read an excerpt
Download the PDF of chapter two in full to learn more!
The mind-set required is being prepared physically and morally for counterattacks by the opponent, not only virtual, but also physical attacks. When the hacker group is conducting operations that are hurting the opponent, the opponent will not shy away from drastic measures against the hacker group.
The hacker group
The hacker group is the core of cyber guerilla and every operation undertaken. This section will describe the hacker group and its composition. The hacker group as a whole can exist out of numerous individual groups, but all should share the same goals. Operating as a whole of numerous individual groups should be, as mentioned in Chapter 1, a conscious choice of the leadership within a hacker group and depends on societal context, the opponent, and the state of the hacker group. To align the goals over different groups, a clear goal and strategy for achieving that goal should be formulated in the beginning stages of the hacker group. Whether there are multiple small groups or one large group, there are general tasks within hacker groups which should be taken care of. To be an effective hacker group, it is very important to specifically assign tasks to all individuals within the hacker group.
About the authors:
Jelle Van Haaster, LL.M. University Utrecht, BA War Studies, Faculty of Military Sciences, is an award-winning writer, software programmer/developer, and speaker. He is an officer in the Royal Netherlands Army and has a diverse background in legal, military, and technical defense matters. Jelle recently developed an award-winning software app for effectively utilizing social media during military operations, and he is the author of multiple scholarly IT-Law, IT, and military-operational publications. He is currently completing his multidisciplinary Ph.D. thesis on the future utility of military Cyber Operations during conflicts at the Netherlands Defense Academy and University of Amsterdam.
Rickey Gevers is currently Chief Intelligence Officer at the security firm Redsocks. He has been responsible for numerous revelations regarding high-profile security incidents both national and international. He was, amongst other, the first person to discover key logger used by Dutch law enforcement agencies and uncovered several criminal gangs and their operations. As an expert in technical matters he has been frequently consulted or hired as lead investigator, including in some of the largest security incidents the world has ever seen. Rickey appears frequently in Dutch media and has hosted his own TV show called Hackers.
Martijn Sprengers is an IT security advisor and professional penetration tester who is specialised in conducting covert cyber operations, also called ‘red teaming’. He performs digital threat actor simulation by using real world tactics and techniques to infiltrate complex IT environments for his clients. With his vast knowledge of offensive security he helps international organisations to strengthen their preventive security measures, increase their detection capabilities and prepare themselves for real attacks. He holds an M.Sc. in computer security, performed research on password encryption techniques and has written multiple articles in the field of IT security, cybercrime and cryptography.
Reprinted with permission from Elsevier/Syngress, Copyright ©2016