WEEKEND READ: The invisible war
Most internet "hackers” who are sufficiently capable to engage in cyberwarfare have little real affiliation with states (regardless of their citizenship in the real world). Skilled cyberwarriors can be fiercely individualistic and anonymous, though several broad classifications help give definition to the community and highlight some of the major types of actors in cyberspace.
Before considering the role of a state's power in cyberspace, it is important to identify and understand the transnational actors who populate it – particularly those who can manipulate the environment. The internet is an environment defined by its users, and the average user is utterly powerless in terms of cyberwarfare – i.e., wreaking havoc on governments and institutions. But there are some individual actors who wield considerable power. Even average users can contribute unwittingly to this power, serving as conduits for destructive worms and viruses that can hijack individual computers and servers.
As the rise of al Qaeda has reminded the world of the power of the nonstate actor, so too has the rise of the individual hacker. The most powerful lone-wolf hacker may have even less grounding in the traditional political landscape than a motivated jihadist – and is perhaps even less likely to be affiliated with a national government.
A hacker can be many things. For our purposes here, it is someone with sufficient understanding, skill and experience in the nuances and inner workings of computer systems and networks to be able to wield meaningful power and influence events in cyberspace – even if only in concert with others. Such a person must then actively choose to exercise that capability and act boldly on that stage (hacking is almost universally illegal).
A given hacker's ideology may be flexible or rigid, but the potential power of these individuals does raise new questions about national allegiance. The United States, for example, has dealt with nonstate actors as proxies for decades (e.g., the Afghan mujahideen). Computer hackers are another matter. Often strongly individualistic (and occasionally anarchistic), the smartest and most skilled are not necessarily interested in – or eligible for – work inside government agencies or the military (one of the core tenets of the so-called "Hacker Ethic” is that authority is not to be trusted). A country must consider these "free agents” inside its borders as well as those outside. Often indifferent to matters of state, a hacker's attention can quickly turn and become an asset or a threat to state authority.
Black Hats
The most threatening hackers are known as black hats, or "dark side” hackers. These are hackers whose primary activities and intentions are malicious and often criminal. Black hats attempt to locate, identify and exploit security gaps or flaws within operating systems, computers and networks in order to gain control of them, steal information, destroy data or orchestrate other illicit activities. Once access to a system has been obtained, a black hat may take measures to establish continued covert access.
White Hats
The antithesis of the black hat is the white hat hacker, also known as an "ethical” or a "sneaker.” White hats are ethically opposed to the abuse or misuse of computer systems. Like their black-hat counterparts, white hats actively search for flaws within computer systems and networks. These efforts often occur with systems in which a white hat has a vested interest or of which they have substantial knowledge. They distinguish themselves by either repairing or patching these vulnerabilities or alerting the administrator of the system or the designer of the software. Basically, white hats attempt to maintain security within the internet and its connected systems.
However, some altruistic white-hat pursuits can appear to be quite malicious. A white hat may act with whatever he or she considers a "higher purpose.” The inherent conflict of white and black hat activities can also lead to online bouts between the two classes, in which both sides might use malicious tools to disconnect each other from the system or network. This may involve "back-hacking” – tracing the source of activity and infecting or attempting to disable the other hacker's connection or system.
Other Hats
Other hackers "wear” colored or hybrid hats. Grey hats, for example, are a blend of the black hat and the white hat. Drawing on experience from both sides can make for a very robust skill set. Computer security professionals are often known as blue hats. Their activities are not unlike those of white hats but are more focused on the interests of paying customers. Hackers wear an assortment of other colored hats, and not all warrant definition here. We mention them only to illustrate the many shades and nuances found in the hacker community.
Cybermercenaries
Generally a black hat, a cybermercenary is an expert hacker for hire. For the right price, cybermercenaries can bring a considerable amount of resources to bear on a target. They are occasionally contracted to assist in network defence, though, as a general rule, cybermercenaries specialise in offensive and malicious acts: conducting denial of service (DoS) and distributed denial of service (DDoS) attacks; disabling, altering or defacing websites; electronic espionage; data theft or destruction; network warfare; and wholesale cyberwarfare. At times, the cybermercenary can be found supporting or conducting portions of a significant cyberwarfare strike (such strikes can be particularly manpower-intensive).
Cyberterrorists
Some observers don't consider this a true category of hacker, since cyberwarfare attacks rarely inflict the kind of direct, physical damage associated with terrorism. Stratfor is not interested in this particular debate. We include the term simply to highlight the potential for cyberwarfare strikes to have an objective not of destroying data or bringing down a financial network but of creating conditions that may directly contribute to significant loss of life (e.g., hacking into an air traffic control grid), with that loss of life being the principal objective.
Coders
Many of the hackers described above are also coders, or "writers,” who create viruses, worms, trojans, bot protocols and other destructive "malware” tools used by hackers. The ability to write computer code can be an invaluable skill for any hacker, though most coders focus specifically on the design of new and continually evolving software that makes internet security an ongoing challenge.
Crackers
Crackers are hackers who circumvent or bypass copyright protection on software and digital media. The most prominent recent example of cracking was the "unlocking” of Apple's iPhones in order to break software-imposed restrictions on the use of GSM cellular networks other than AT&T (which made a deal with Apple to be the sole provider of iPhone service). Of course, cracking has significant ramifications well beyond simply accessing the latest gadget. It also means that, regardless of whether a released software program has copyright protection, there are crackers diligently working to beat it. By making these programs and applications more available, crackers also increase the number of tools available to the online community.
Script Kiddies
Script kiddies represent an intermediate category of actor between regular computer user and hacker. A script kiddie is more knowledgeable about computers and the internet than most users but has yet to develop the skills, experience and expertise to be a truly effective actor. Nevertheless, a script kiddie can have an impact on the wider online world. Prewritten programs accessible on the internet can enable the less-skilled to perform many of the same functions as a seasoned hacker. Script kiddies know just enough to get themselves in real trouble or to bring real trouble to bear on others.
Bots and Zombies
Not all actors in cyberspace are human. This is not to classify every server and application in cyberspace as an actor. But there is a unique non-human actor in cyberspace known as a zombie, which is a computer wholly or partially controlled by a bot. A bot, for our purposes, is a parasitic program that hijacks a networked computer and uses it to carry out automated tasks on behalf of a hacker. Individual bots can be building blocks for powerful conglomerations of bots.
Such a gathering of bots is often accomplished by a bot herder, also known as a bot wrangler, which is a program designed to produce bots autonomously (a tedious and time-consuming process for a human hacker). A bot herder can replicate itself and create additional bot herders as well as bots. By using these wranglers, hackers can construct massive networks of bots and use these herders essentially as command and control nodes.
Once many bots and bot herders have been amassed, they can be consolidated into a collective computing network called a botnet, also called a "bot army.” This allows a single hacker to wield simultaneously the computing power of many thousands of machines – or more – and accomplish tasks that would otherwise be impossible with a single computer. Among these tasks are launching DDoS attacks, which can shut down websites, servers and backbone nodes; generating massive emailing and spamming campaigns; and disseminating viruses. Once these botnets are established, it can be extremely difficult to disband them and counter their decentralised attacks.
This is only a quick snapshot of the cyberspace population that at times transcends traditional geopolitical concepts like citizenship, national loyalty and international borders. Some countries and transnational groups are better at harnessing such individuals, either within their own borders or beyond. But most hackers also have ideological bents of their own.