Cybernetic Mercenaries: Fighting in the Digital Battlefield
In the digital age, a new form of state-sponsored cyber warfare has emerged: cyber proxies. These can be individual hackers hired for a specific operation or organized groups, such as Lockheed Martin, BAE Systems, and the Israeli technology firm NSO Group. Notably, Russia and China are known for using cyber proxies for offensive cyber operations, employing hybrid structures that integrate state and non-state actors like criminal groups and private hacker services to obscure direct state involvement.
Cyber proxies are attractive to states because they offer access to skills, expertise, tools, and capabilities that state agencies may lack or find too expensive to develop in-house. Hackers can be hired by the hour, making even the poorest states capable of deploying highly sophisticated cyberattacks against rivals. For example, the North Korean government, through a group known as APT37, primarily engages in gathering intelligence on South Korean entities, particularly those affiliated with the government, military, and defense industries.
The use of cyber proxies, however, comes with its own set of challenges. One such challenge is attribution. Overcoming attribution challenges and improving the efficiency of technical deterrence measures are paramount in deterring state-sponsored proxy attacks. Some states, like Russia, may put even greater distance between them and their proxies, avoiding direct input and giving the proxy carte blanche in terms of targets and techniques. This strategy complicates attribution and strengthens offensive capabilities against foreign targets, including critical infrastructure and political institutions.
Sanctions, a common response to cyberattacks, have their limitations. They do little to elicit behavioral change in the target if there are no clear guidelines as to the conditions under which sanctions will be lifted or eased. Moreover, the imposition of sanctions is costly to the retaliating state, since it must forgo trade and other economic relations with the sanctioned state.
Technical deterrence, such as efforts aimed at strengthening the resilience of computer systems to cyber breaches, can be effective if it meaningfully changes the cost-benefit calculus of cyberattackers. However, these measures are often expensive and complex to implement properly.
Long-term exposure to cyber attacks tends to mitigate the emotional responses associated with them, reinforcing the public's preference for cyber restraint. Given the public's general preference for cyber restraint, it is reasonable to expect that where citizens can hold their elected officials accountable for proxy-executed cyber operations, these officials are less likely to pursue such operations.
Strengthening democratic accountability institutions might hold promise in countering cyber proxies, although doing so comes with its own set of challenges. Prior research suggests that one consistent feature of proxies is that they are much less likely to be employed by states with strong domestic accountability mechanisms.
The increasing use of cyber proxies is especially alarming because it may increase the likelihood of cyberattacks. The latest system vulnerabilities and sophisticated tools to exploit them are often readily available for sale on the dark web. This, coupled with the perceived lower lethality of cyberattacks compared to conventional weapons, lowers the threshold for their use.
In the face of these challenges, policymakers need to pay more attention to these non-state actors, understanding their evolving connections with state sponsors will be crucial in crafting an effective response. There are no silver bullets for countering cyber proxies, but a measured response that limits the potential for escalation in response to cyber breaches may be preferred by the public. Some analysts argue that these companies should also be labeled as cyber proxies, as targets on the receiving end of their operations often perceive them as such and respond accordingly.
In February 2018, cybersecurity firm FireEye published a report detailing the activities of a hacker group called APT37, believed to be acting on behalf of the North Korean government. This is a reminder that the threat of cyber proxies is real and that efforts to counter them must be taken seriously.
