Strategy Page discusses the need to recruit hackers to win a cyberwar. The idea is simple, hackers discover bugs in software and develop exploits. They usually sell these services to governments, companies or gangs.

Centralized government forces are incapable of sorting through the massive amount of data to find vulnerabilities. Instead they ‘outsourced’ the work to a decentralized network of computer geeks.

The software vulnerabilities are basically bugs that enable a hacker to gain access to a computer they are not supposed be in. Not all vulnerabilities are equal. Some are much more valuable than others. Commercial Internet security firms offer rewards to people (usually software engineers who spend too much time on the Internet) who first discover a “zero day vulnerability” (this is a bug that has not yet been put to use by a hacker to create a “zero day exploit.”) The rewards can sometimes exceed $100,000. The commercial security firms, which provide services for corporate and government clients, offer the rewards openly. There is a more lucrative underground market, financed by criminals and some governments, that offer even larger rewards.

Russia works with the criminals as seen in their recent attack on Estonia.

In preparation for a Cyber War, ammo supply is critical. Put simply, whoever has the largest number of vulnerabilities (unpatched, of course), and has turned them into exploits, will win. There’s a lot of evidence that the United States and China have both compiled large arsenals, and tested a lot of their stuff. Other countries are players as well, but the U.S. and China appear to be the superpowers of Cyber War.

In the end, “cyberwar” is just a catchy phrase for electronic sabotage. It won’t be a war in a true sense, but it does disrupt computer services of specific corporations and can cost millions of dollars per day. It’s a cost-effective way to harrass the enemy’s economy.

Advertisements