Along the Tech Front

Author’s Note: Technology has always enabled war. Throughout history, the nation-states that created new weapons through innovation greatly expanded their geopolitical influence. From gunpowder, to the airplane, to the atomic bomb—advances in technology have been the precursor to dominance.

These two essays focus on cyberwarfare: the actions taken by a nation-state designed to attack and damage another nation’s computers or information networks. Geopolitical influence has gone beyond the physical, expanding into virtual domains where ideas have become deadly weapons in their own right. With each essay, we’ll examine the behavior of cyber adversaries, how they use technology to achieve their goals, and how that might affect the world order.

Truth and the Modern Theater of War

Come then, let the heralds of the bronze-armored Achaians make proclamation to the people and assemble them by the vessels, and let us together as we are go down the wide host of the Achaians, to stir more quickly the fierce war god.

As obliterating fire lights up a vast forest along the crests of a mountain, and the flare shows far off, so as they marched, from the magnificent bronze the gleam went dazzling all about through the upper air to the heaven.

—Book Two, lines 437-440 & 455-458 – The Iliad of Homer (Lattimore)

In his epic poem The Iliad, Homer describes the classic theater of war: the land, sea and air in which a military operation takes place. Having traveled by sea to engage the Trojans on land, the Achaians moved close enough to see their opponents’ campfires the night before battle. They believed that “the fierce war god” guided them from above, and the heralds made proclamations to that effect. The air was not an actual domain of combat, but a context for the worship of deities.

The modern theater of war contains a fourth domain: cyberspace, where nation-states monitor the electronic movements of their enemies, the digital equivalent of watching campfires at night. Computers have replaced the heralds, sending messages across secure networks. The sources of those messages, the military assets on land, at sea and in the air, are governed by the doctrine of network-centric warfare (NCW), the practice of turning information into a competitive advantage.

Cyberwarfare happens in this domain. Nation-states deploy armies of hackers who attempt to compromise the security of their opponents’ networks, to extract classified data from military systems, and to plant malicious software to disrupt operations. The vulnerability of those systems has heightened the importance of new technologies like blockchain.

Since non-military networks are exponentially more vulnerable, the doctrine of NCW has been very effective in the government and private sector. In 2020, Russian hackers penetrated hundreds of networks in the United States, exploiting weaknesses created by poor password management and phishing attacks on senior officials who had access to sensitive data. These hackers worked undetected for months, their digital campfires invisible to the American forces.

Homer tells us that the Achaian heralds stirred the god of war, exhorting their warriors to close ranks and march forward. In the theater of cyberwarfare, such messages go beyond the military, leveraging the communication grid of society at large.

Throughout the history of war, nation-states have declared their sovereign right to dominance, subduing their neighbors after proclamations meant to justify aggression. From declarations of religious superiority to manifest destiny, the messages have become more complex, along with the media transmitting them. The printing press replaced the Homeric herald. Radio and television expanded the reach of governments intent on controlling the message.

Platforms built to execute NCW have expanded not only the range of communication, but the variety of its messages. Networks connecting smart weapons operate with increasing autonomy, requiring governance of the artificial intelligence that increasingly minimizes human intervention. Above that traffic on the military networks, however, more insidious messages flow through social media channels that have been exploited by bad actors.

Russia’s campaign to interfere with the 2016 Presidential election famously compromised Facebook, instigating a level of cyber conflict that had not previously impacted the civilian U.S. population. Traditional twentieth century methods of propaganda gave way to cyber impersonation, where human and bot-based false identities stirred groups with opposing political beliefs to confront each other. These messages exhorted civilian actors, some of whom were affiliated with paramilitary groups, to challenge their own government, rather than defend it against foreign adversaries. Facebook removed most of these specious heralds, but others went undetected.

In the months before the 2020 election, a Romania-based troll farm created hundreds of Facebook accounts that posed as African-American supporters of then President Trump. Though this new variety of misinformation was quickly discovered and neutralized, it reflected a level of cyberwarfare sophistication that continues to evolve.

NCW creates state-sponsored cyber attacks through two main channels: principals and proxies. In the first channel, the element of national pride acts as a global brand, showing a nation-state’s ability to master this domain, its identity an open secret to those who would challenge its actions. The fact that the United States and Russia have penetrated each other’s power grid acts as a mutual deterrent, and also a mutual affirmation of the opposing cyber forces.

As a parallel to this principal channel, proxy entities work behind the scenes. Russia has tacitly sponsored cyber criminal organizations for years, turning a blind eye to their transgressions until the beginning of 2022. In response to a request from the United States, Russia shut down a ransomware crime group led by an individual who had previously hacked the Colonial Pipeline, an attack that caused widespread gas shortages on the U.S. east coast.

Truth has become a weapon in its own right. As the NCW framework continues to evolve, the nation-states that proclaim the truth will need to guard against those who do not. A fragile world order hangs in the balance.

The Bear and the Dragon

The doctrine of network-centric warfare (NCW) creates state-sponsored cyber attacks through two main channels: principals and proxies. A nation-state acting as principal will work with impunity, barely disguising its hacking activities, while a nation-state acting as proxy will work behind the scenes, sponsoring cyber criminal organizations without direct attribution.

Russia and China, two of the most active NCW practitioners, have used groups of hackers as proxies to execute their campaigns. While the organizational discipline of these groups has varied, they have been consistent in their approach. Russian hackers tend to be cybercriminals motivated by money, while Chinese hackers tend to be focused on establishing programmers’ collectives, with more support from official channels.

Both countries have observed, and repeatedly violated, an ongoing agreement to not target each other’s entities for intellectual property. Despite the relationship that had grown deeper before Russia’s invasion of Ukraine, China viewed Russia as a legitimate target for theft of military technology.

Russian cybercriminals have nevertheless continued to court their Chinese counterparts, adding Mandarin to the multilingual platform Ransom Anon Market Place (RAMP), which offers ransomware-as-a-service.

NCW happens at a high level, where monolithic nation-states operate with a clear distinction of interests. The cyber economies that operate at lower levels do not always distinguish between those interests. Threat actors may cross national boundaries in cyberspace to pursue compensation for their crimes. Two entities form those boundaries: the deep and dark web.

The deep web consists of any content that is not indexed by Internet search engines. This includes sites that require authentication, such as email accounts and those related to online banking. Secure messaging platforms also fall into this category, providing channels on which cybercriminals may communicate without exposing their identities.

Dark web sites are only accessible through specific web browsers (e.g., Tor or Freenet), that are designed to obscure users’ locations and hide their identities. Those sites may be used for purposes other than cybercrime, such as Russian dissidents discussing the Ukraine war.

China has not supported Russia’s invasion of Ukraine, and the uncertainty of that action’s outcome, the fact that Russia might lose the war that it started, has worked in China’s favor. Sanctions applied by the United States and its allies have heightened Russia’s dependence on its economic partnership with China. Chinese hackers have mentioned those sanctions in socially engineered emails sent to Russian defense officials. These “phishing” activities have opened backchannels of information outside the official partnership, and the same hackers have also targeted Ukrainian organizations since the invasion.

The sanctions against Russia have also heightened the importance of China’s oil imports. Despite a slowdown in its domestic economy, China has increased its purchase of fossil fuels from Russia, providing the Putin regime with a critical source of income in the face of western boycotts.

Russia has encountered significant resistance to its attempted Ukrainian takeover, and the tech front created by its relationship with China has exposed new vulnerabilities. Putin’s actions, particularly his threats to use tactical nuclear weapons, have isolated his country at a critical stage of its social and economic life cycle.

The flow of information has become especially important to China, an actor that must keep its distance from the conflict while taking advantage of it at the same time. As the relationship between the Russian bear and the Chinese dragon continues to evolve, technology will create more opportunities for surveillance and political gain.