Information Warfare: Raiders of the Lost Exploit

News Categories

Books of Interest

Black Saturday: An Unfiltered Account of the October 7th Attack on Israel and the War in Gaza

The Devil's Playground: The Story of Two Charlie and The Arghandab River Valley

Targeted: Beirut: The 1983 Marine Barracks Bombing and the Untold Origin Story of the War on Terror

Forged in War: A military history of Russia from its beginnings to today

From Amazon
As an Amazon Associate I earn from qualifying purchases

Next:WARPLANES: UAVs Replacing F-16s

Information Warfare: Raiders of the Lost Exploit

Archives

Latest
Most Read

SURFACE FORCES : Dutch Determination

LEADERSHIP: Managing Wartime NATO

BOOK REVIEW: Birth and Fall of an Empire: The Italian Army in East Africa, 1935-1941

ATTRITION: Decapitating Hezbollah

PROCUREMENT: American Aid For Ukraine

PHOTO: Birds And Angels

LEADERSHIP: American Taiwan Alliance

AIR WEAPONS: Drones Raid Northern Russia

Information Warfare: China Demands Better Censorship

Attrition: Decapitating Hezbollah

Procurement: American Aid For Ukraine

Air Weapons: Drones Raid Northern Russia

Leadership: American Taiwan Alliance

Naval Air: 21st Century Catalina

Submarines: Chinese Sinking Submarine

Forces: North Koreans Join the Russian Army

Air Weapons: Customarily Explosive

WARS Myanmar: The Forever War Powered By Meth

Forces: NATO Plans To Add Brigades

Air Weapons: Bombing Underground Targets

Artillery: SDB Excels In Ukraine

Artillery: HIMARS Supremacy

Procurement: Going After The Russian Economy

Space: Stolen Starlink

July 12, 2007: Cyber War commanders are resigned to the fact that they will have to use mercenaries if they want to survive any future Internet based conflict. Much use is being made of mercenaries right now, in the race to build up stockpiles of munitions. In Cyber War, the ammo is information. That is, knowledge of vulnerabilities in software connected to the Internet, or major networks not connected to the Internet.

The software vulnerabilities are basically bugs that enable a hacker to gain access to a computer they are not supposed be in. Not all vulnerabilities are equal. Some are much more valuable than others. Commercial Internet security firms offer rewards to people (usually software engineers who spend too much time on the Internet) who first discover a "zero day vulnerability" (this is a bug that has not yet been put to use by a hacker to create a "zero day exploit.") The rewards can sometimes exceed $100,000. The commercial security firms, which provide services for corporate and government clients, offer the rewards openly. There is a more lucrative underground market, financed by criminals and some governments, that offer even larger rewards.

The commercial firms get after the software publishers to fix the bugs, but they have noted that this takes, on average, 348 days. The publishers know that every time they open their source code to repair something, there is high risk of creating more bugs. Moreover, it's expensive to fix the bug, test the patched software, and then distribute it to their customers. Thus, unless the bug is highly likely to be exploited, it is not attended to right away. The problem with this approach is that the software publisher may not be aware of how exploitable the bug is. Criminals and Cyber Warriors have an interest in finding ways to exploit bugs that appear relatively harmless. That turns the bug into ammunition, for the Cyber War, and a way to make money, for the criminals.

In preparation for a Cyber War, ammo supply is critical. Put simply, whoever has the largest number of vulnerabilities (unpatched, of course), and has turned them into exploits, will win. There's a lot of evidence that the United States and China have both compiled large arsenals, and tested a lot of their stuff. Other countries are players as well, but the U.S. and China appear to be the superpowers of Cyber War.

The U.S. has an edge in the number of potential "mercenaries" (commercial security firms, and freelance experts) it could enlist for the war effort. China openly encourages its hackers to go out and practice on foreigners, especially the Japanese (still hated for World War II era atrocities) and the United States. China is also believed to have arrangements and understandings with the gangs that specialize in Internet based crime. Remember, China is still a police state, and communist secret police organizations have long been known to use criminal organizations for all sorts of things.

In the United States, some police agencies have been known to at least open up communications channels with Internet criminals. If only for intelligence purposes. But in wartime, offers of employment might made as well.

There hasn't been a full out, no-holds-barred Cyber War yet. But there's no longer any doubt that it is possible. And the major powers are getting ready.

Make A Comment View Comments (2)

MARINES: American Naval Infantry Go To War

Article Archive

Information Warfare: Current 2023 2022 2021 2020 2019 2018 2017 2016 2015 2014 2013 2012 2011 2010 2009 2008 2007 2006 2005 2004 2003 2002 2001 2000 1999

Help Keep Us From Drying Up

We need your help! Our subscription base has slowly been dwindling.

Each month we count on your contributions. You can support us in the following ways:

Make sure you spread the word about us. Two ways to do that are to like us on Facebook and follow us on Twitter.
Subscribe to our daily newsletter. We’ll send the news to your email box, and you don’t have to come to the site unless you want to read columns or see photos.
You can contribute to the health of StrategyPage.

Subscribe Contribute Close

News Categories

Ground Combat

Air Combat

Naval Operations

Special Operations

Human Factors

Special Weapons

Warfare by Numbers

Logistics

Tools

Information Warfare: Raiders of the Lost Exploit

Leave a Comment:

MARINES: American Naval Infantry Go To War

WARPLANES: UAVs Replacing F-16s

Article Archive