1. The worst offenders have not been who you’d think.
Staff illustration by Zaur Eylanbekov
Rise of the
Cyber Militias By Robert S. Dudney
T he Zapatista National Libera-
tion Army in 1994 opened a
guerrilla war in Mexico. In 1998,
the Zapatistas went cyber. This leftist band,
aided by European hackers, first shut down
In 1999, the US mounted some cyber at-
tacks in Operation Allied Force, the NATO
air war over Serbia. The US action led to
a counterattack by nongovernment Serb
groups, and eventually by Russian hackers.
The perpetrators made no effort to
conceal what they were doing. There were
various reasons for this. Civilian militias
wanted to show the attacks were not of-
ficial Russian government operations. As
Mexican police and other websites. Then, In the OAF “kinetic” war, a USAF B-2 for the Russian Mafia, said Borg, it wanted
it ranged further, lashing at US targets and accidently bombed the Chinese Embassy credit for its “patriotic contributions,” and
paralyzing the Frankfurt Stock Exchange. in Belgrade. Chinese cyber militias soon so “they let us watch.”
This was a signal event—the first time launched a cyber campaign against US According to US sources, Russian
that a “cyber militia” took part in a regional targets, and pro-NATO hackers responded cyber militias mounted similar attacks on
conflict. It is an increasingly common oc- with counterattacks on Chinese sites. Estonia in 2007 and Kyrgyzstan in 2009.
currence, say some cyber experts. In the latter event, the attack shut down
One is Scott Borg, director and chief A Loss of Control Kyrgyzstan’s two main Internet service
economist of the US Cyber Consequences These unofficial cyber armies soon providers, temporarily eliminating roughly
Unit, a nonprofit research institute that became organized and effective. Such 80 percent of Kyrgyzstan’s bandwidth.
investigates the dangers of cyber attacks. At was the case later in 1999, said Borg, Today, cyber experts see signs that
a recent conference in Colorado Springs, when there was a “not so minor cyber groups in different nations are forming
Borg listed some 20 “significant” cyber war” between China and Taiwan, the two alliances. Worse, the militias, which to
campaigns that have occurred since 1998. historic antagonists in the Far East. this point have been restrained and na-
(See chart, p. 89) Also in 1999 came a cyber war in con- tionalistic, may slip the leash altogether
One notable thing, said Borg: Most nection with the long-running conflict in and pursue their own independent goals.
of these cyber wars stemmed from local Kashmir. It again pitted against each other In China, the government has been able
conflicts. Moreover, they have not, for the cyber militias of Pakistan and India, to cue its cyber militias, indirectly, about
the most part, been the work of nation- though undoubtedly with government what is expected of them, said Borg. So
states, but rather of informal and loosely support on both sides. In this round, India far, they have pretty much followed the
organized civilian groups—sometimes was the more active fighter. rules. To a lesser degree, this has been the
aided by organized crime. In the final cyber war of 1999, the case in Russia, too.
“The big theme here is ethno-nation- Iranian-backed group Hamas attacked “I’m sure that Russia is not going to
alists, who are not governments, ... car- Israeli cyber targets. From that point on, be able to maintain control over time,”
rying out very aggressive and extensive cyber attacks have been chronic features warned Borg, “and I think it will break
cyber campaigns,” said Borg. He went of the Arab-Israeli tensions in the Middle down in China as well.”
on, “They often have the tacit support East, said Borg. This is true also in many other nations.
of governments. They maybe are quietly, Among the more interesting cyber “I worry that these [informal ties] could
in the background, being encouraged campaigns was that staged simultaneously break down,” said Borg, “and the cyber
by governments, but they are not really with Russia’s 2008 invasion of Georgia. militias will stop showing the kind of
government operations. These are civil- It was an extensive militia effort, and it restraint they’ve shown so far. No critical
ian operations.” came in two waves. infrastructure has been targeted—yet.”
While governments have encouraged The first wave was carried out by Rus- Because cyber war is now so firmly en-
and influenced these cyber conflicts to sian organized crime, which used botnets trenched as a feature of local conflicts, they
varying degrees, they do not control these to attack 11 targeted websites in Georgia. have the potential to erupt quickly and to
cyber warriors. “They are militias,” he Those sites were under attack throughout escalate, spread, and disrupt international
said. “I don’t know what else to call them.” hostilities. affairs in heretofore unseen ways. As a
Ever since the Zapatista operations in The second wave featured Russian at- case in point, Borg cites the aftermath of
1998, virtually all regional conflicts have tacks on 40 other targets on a detailed list. the 2008 Russia-Georgia fight.
had a cyber component. Later in 1998, for These were attacked by civilian hackers, He notes that, in that conflict, Georgia
example, India performed some nuclear organized by social websites. “It was a got pounded by Russian cyber mobs, but
tests, and nongovernment Pakistani ethno- very disciplined attack,” Borg noted. “They it made little effort to counterattack in
nationalists attacked Indian cyber targets. had a list of targets. They went after those any significant way. Georgian hackers
The campaign, which went on for months, targets in a prescribed set of ways, ... and were careful to avoid cyber attacks on
was “quite significant,” said Borg. they never deviated.” Russian physical infrastructure indus-
88 AIR FORCE Magazine / February 2011
2. tries such as oil refineries, chemical
plants, pumping stations, and electric Selected Regional Cyber Conflicts
power generators.
Ever since, though, Georgian hackers 1998
have been organizing, determined that, if
Zapatista sympathizers vs. Mexico
Russia hits them again, they will hit back
Zapatista sympathizers vs. DOD, Frankfurt Stock Exchange
as hard as they can. According to Borg, Pakistan vs. India (after nuclear tests)
the same thing is taking place in Latvia,
Kyrgyzstan, Kazakhstan, Estonia, and 1999
Lithuania.
NATO (in Kosovo) vs. Serbians (and Russians)
“The attackers, if they are going against China vs. US (bombing of Chinese Embassy in Belgrade)
Russians, will not be restrained,” said Borg. China vs. Taiwan
“They will hit Russian critical infrastruc- India vs. Pakistan (during conflict in Kashmir)
tures if they can. At that point, it is very Hamas vs. Israel
doubtful that the Russian government, even
if it tries, will be able to keep its civilian 2000
militias from hitting back.” Azerbaijan and Turkey vs. Armenia
In short, the conflict will not only es- Hezbollah vs. Israel
calate and spread, but it will likely spin
out of control and do significant damage. 2001
Borg says similar situations are develop- China vs. US (after downing of US Navy EP-3 aircraft)
ing in other parts of the world, particularly
the Far East. There, the biggest concern 2005
is China, simply because of the size and Indonesia vs. Malaysia (dispute over Celebes Sea)
skill of its cyber militias. Indeed, China’s China and South Korea vs. Japan (dispute over Japan war crimes)
Ministry of Public Security announced German Neo-Nazis vs. the world
that, in a Nov. 30 crackdown, it had ar-
rested 460 suspected cyber criminals and 2006
closed more than 100 websites catering Muslims vs. Denmark (during furor over Muhammad cartoon)
to hackers.
“It is possible that China in the future 2007
will still be able to control its own cyber
Russia vs. Estonia
militia, as it has done in the past,” said Borg, Israel vs. Syria (supporting air attack)
“but other countries definitely won’t.”
The dangers are enormous. The worst 2008
attacks would be ones that physically
Russia vs. Lithuania
destroy infrastructure—wrecking big Russia vs. Georgia (during invasion by Russian troops)
electric generators, blowing up oil refiner-
ies, disrupting pipelines, crashing trains 2009
in tunnels, causing toxic chemicals to
Russia vs. Kazakhstan (news agencies)
leak from chemical plants, and so forth. North Korea vs. South Korea and US
As Borg recently said, “The total eco- Russia vs. Kyrgyzstan
nomic destruction caused by an intense
campaign of such attacks could be greater 2010
than the damage done to Germany and
WikiLeaks’ US opponents (and others) vs. WikiLeaks’ supporters
Japan by strategic bombing during World
War II.” Source: US Cyber Consequences Unit
These kinds of attacks are very difficult
to mount and at present are within the
grasp of nation-states only. The worry is What’s more, cyber militias pose a knocked off line but also their activities
that such techniques are rapidly leaking threat to America’s vast webs of business could be corrupted.”
out into the world of subnational civilian outsourcing to nations such as India, which Borg warns that, despite the prominence
groups. is at daggers drawn with both China and of regional cyber militias, there has been
“So,” said Borg, “we have a situation Pakistan. virtually no discussion of the threat at US
that could easily get out of hand.” “India could easily be involved in a Cyber Command or elsewhere in the US
While direct physical attacks are scari- major cyber conflict,” said Borg. “Sud- government.
est, Borg notes, other types of cyber attacks denly, all of these call centers, all of “We talk a lot about nation-state at-
could cause great harm. He points out these business outsourcing processing tacks,” he said. “I think that there is a
that the US is “completely dependent” on centers that do all of the back office great danger that we are neglecting—even
global supply chains—not just for oil and support for our financial institutions missing—the main thing we need to be
other commodities but for services and and so on, could not only be suddenly worried about.” n
specialized parts for industrial uses—and
that these can quickly be disrupted by Robert S. Dudney is a former editor in chief of Air Force Magazine (2002-2010).
determined attackers. His most recent piece was “The Lavelle Syndrome” in the September 2010 issue.
AIR FORCE Magazine / February 2011 89
![The worst offenders have not been who you’d think.
Staff illustration by Zaur Eylanbekov
Rise of the
Cyber Militias By Robert S. Dudney
T he Zapatista National Libera-
tion Army in 1994 opened a
guerrilla war in Mexico. In 1998,
the Zapatistas went cyber. This leftist band,
aided by European hackers, first shut down
In 1999, the US mounted some cyber at-
tacks in Operation Allied Force, the NATO
air war over Serbia. The US action led to
a counterattack by nongovernment Serb
groups, and eventually by Russian hackers.
The perpetrators made no effort to
conceal what they were doing. There were
various reasons for this. Civilian militias
wanted to show the attacks were not of-
ficial Russian government operations. As
Mexican police and other websites. Then, In the OAF “kinetic” war, a USAF B-2 for the Russian Mafia, said Borg, it wanted
it ranged further, lashing at US targets and accidently bombed the Chinese Embassy credit for its “patriotic contributions,” and
paralyzing the Frankfurt Stock Exchange. in Belgrade. Chinese cyber militias soon so “they let us watch.”
This was a signal event—the first time launched a cyber campaign against US According to US sources, Russian
that a “cyber militia” took part in a regional targets, and pro-NATO hackers responded cyber militias mounted similar attacks on
conflict. It is an increasingly common oc- with counterattacks on Chinese sites. Estonia in 2007 and Kyrgyzstan in 2009.
currence, say some cyber experts. In the latter event, the attack shut down
One is Scott Borg, director and chief A Loss of Control Kyrgyzstan’s two main Internet service
economist of the US Cyber Consequences These unofficial cyber armies soon providers, temporarily eliminating roughly
Unit, a nonprofit research institute that became organized and effective. Such 80 percent of Kyrgyzstan’s bandwidth.
investigates the dangers of cyber attacks. At was the case later in 1999, said Borg, Today, cyber experts see signs that
a recent conference in Colorado Springs, when there was a “not so minor cyber groups in different nations are forming
Borg listed some 20 “significant” cyber war” between China and Taiwan, the two alliances. Worse, the militias, which to
campaigns that have occurred since 1998. historic antagonists in the Far East. this point have been restrained and na-
(See chart, p. 89) Also in 1999 came a cyber war in con- tionalistic, may slip the leash altogether
One notable thing, said Borg: Most nection with the long-running conflict in and pursue their own independent goals.
of these cyber wars stemmed from local Kashmir. It again pitted against each other In China, the government has been able
conflicts. Moreover, they have not, for the cyber militias of Pakistan and India, to cue its cyber militias, indirectly, about
the most part, been the work of nation- though undoubtedly with government what is expected of them, said Borg. So
states, but rather of informal and loosely support on both sides. In this round, India far, they have pretty much followed the
organized civilian groups—sometimes was the more active fighter. rules. To a lesser degree, this has been the
aided by organized crime. In the final cyber war of 1999, the case in Russia, too.
“The big theme here is ethno-nation- Iranian-backed group Hamas attacked “I’m sure that Russia is not going to
alists, who are not governments, ... car- Israeli cyber targets. From that point on, be able to maintain control over time,”
rying out very aggressive and extensive cyber attacks have been chronic features warned Borg, “and I think it will break
cyber campaigns,” said Borg. He went of the Arab-Israeli tensions in the Middle down in China as well.”
on, “They often have the tacit support East, said Borg. This is true also in many other nations.
of governments. They maybe are quietly, Among the more interesting cyber “I worry that these [informal ties] could
in the background, being encouraged campaigns was that staged simultaneously break down,” said Borg, “and the cyber
by governments, but they are not really with Russia’s 2008 invasion of Georgia. militias will stop showing the kind of
government operations. These are civil- It was an extensive militia effort, and it restraint they’ve shown so far. No critical
ian operations.” came in two waves. infrastructure has been targeted—yet.”
While governments have encouraged The first wave was carried out by Rus- Because cyber war is now so firmly en-
and influenced these cyber conflicts to sian organized crime, which used botnets trenched as a feature of local conflicts, they
varying degrees, they do not control these to attack 11 targeted websites in Georgia. have the potential to erupt quickly and to
cyber warriors. “They are militias,” he Those sites were under attack throughout escalate, spread, and disrupt international
said. “I don’t know what else to call them.” hostilities. affairs in heretofore unseen ways. As a
Ever since the Zapatista operations in The second wave featured Russian at- case in point, Borg cites the aftermath of
1998, virtually all regional conflicts have tacks on 40 other targets on a detailed list. the 2008 Russia-Georgia fight.
had a cyber component. Later in 1998, for These were attacked by civilian hackers, He notes that, in that conflict, Georgia
example, India performed some nuclear organized by social websites. “It was a got pounded by Russian cyber mobs, but
tests, and nongovernment Pakistani ethno- very disciplined attack,” Borg noted. “They it made little effort to counterattack in
nationalists attacked Indian cyber targets. had a list of targets. They went after those any significant way. Georgian hackers
The campaign, which went on for months, targets in a prescribed set of ways, ... and were careful to avoid cyber attacks on
was “quite significant,” said Borg. they never deviated.” Russian physical infrastructure indus-
88 AIR FORCE Magazine / February 2011](https://image.slidesharecdn.com/0211cyber-121219153850-phpapp01/85/0211cyber-1-320.jpg)
