Source: Cambridge University Press
Cyber Mercenaries explores the secretive relationships between states and hackers. As cyberspace has emerged as the new frontier for geopolitics, states have become entrepreneurial in their sponsorship, deployment, and exploitation of hackers as proxies to project power. Such modern-day mercenaries and privateers can impose significant harm undermining global security, stability, and human rights.
These state-hacker relationships therefore raise important questions about the control, authority, and use of offensive cyber capabilities. While different countries pursue different models for their proxy relationships, they face the common challenge of balancing the benefits of these relationships with their costs and the potential risks of escalation. This book examines case studies in the United States, Iran, Syria, Russia, and China for the purpose of establishing a framework to better understand and manage the impact and risks of cyber proxies on global politics.
Table of Contents
Part I: Of Brokers and Proxies
- Cyber Proxies: An Introduction
- Proxies: An Instrument of Power Since Ancient Times
- Cyber Power: Geopolitics and Human Rights
Part II: Cyber Proxies Up Close
- Cyber Proxies on a Tight Leash: The United States
- Cyber Proxies on a Loose Leash: Iran and Syria
- Cyber Proxies on the Loose: The Former Soviet Union
- Change Over Time: China’s Evolving Relationships
Part III: Implications
- The Theory: State Responsibility and Cyber Proxies
- The Practice: Shaping Cyber Proxy Relationships
- Conclusion: Cyber Proxies, the Future, and Suggestions for Further Research
About the Author
Tim Maurer is the co-director of the Cyber Policy Initiative and a fellow at the Carnegie Endowment for International Peace. Since 2010, his work has been focusing on cybersecurity, human rights in the digital age, and Internet governance, currently with a specific focus on cybersecurity and financial stability.
“Tim Maurer’s Cyber Mercenaries is a comprehensive and cogent description of how nation-states engage proxy actors to carry out cyber-based espionage, information operations, and even acts of destruction. Combining deep research with compelling analysis, Maurer demonstrates that this increasing blend of public and private cyber aggression challenges our concepts of sovereignty, international law, and even warfare. Indispensable for government and private sector policy makers.”
—Michael Chertoff, former U.S. Secretary of Homeland Security and Executive Chairman of the Chertoff Group
“The cyber revolution is accelerating the diffusion of power in global politics. Non-state actors are increasingly important, but they form a complex set of alliances and arrangements with governments. Some are proxies for government on a tight leash; some virtually roam free. Tim Maurer continues his pioneering work on cyber politics with this important exploration of cyber mercenaries.”
—Joseph S. Nye, University Distinguished Service Professor at the Harvard Kennedy School of Government and author of The Future of Power
“Anyone who wants a thorough understanding of cyber operations, including proxies, must read this book. Maurer is an investigative scientist and provides the first blow-by-blow account of real cyber operations that use proxies. He uncovers new information about existing proxy relationships between nations, what feeds the proxy relationship, and how countries differ in how proxies are used in a depth never seen before. If you’re going to read one book on offensive cyber, read this one.”
—David Brumley, Director of CyLab at Carnegie Mellon University, and Winner of DARPA’s Cyber Grand Challenge
“A must-read for anybody interested in how states use hackers and for what ends. Rigorously researched, Maurer offers the first comprehensive study of proxy relationships in the cyberspace domain.”
—Eric Rosenbach, Co-Director of the Belfer Center at the Harvard Kennedy School, former Pentagon Chief of Staff and Assistant Secretary of Defense
“Cyber Mercenaries is a very timely book focusing on cyber proxies - subjects often hidden behind the wall of government secrecy while playing an increasingly important and visible in cyber operations. States have a long history of using conventional proxies, cyber proxies are ‘the newest kids on the block’. Based on academic research and case studies, Tim Maurer addresses the capabilities of cyber proxies, the different types of cyber proxies and their relationships with states in the manner that is both very insightful and catching for policy makers, practitioners of international relations, academia, experts and citizens alike.”
—Marina Kaljurand, Chair of the Global Commission on the Stability of Cyberspace and served as the Foreign Minister of Estonia from 2015-2016
“Authoritarian regimes, like China, Russia, and Iran like to hide their tracks in the digital wilderness by outsourcing cyber espionage operations to the criminal underworld. Others prefer to keep a tight leash, but still employ hundreds of contractors to aid their strategic ambitions. Tim Maurer’s Cyber Mercenaries offers the first systematic scholarly treatment of how and why governments use proxies to do their bidding in cyberspace. Weaving together high-level theories and historical analogies with highly detailed case studies, Maurer’s book helps illuminate how governments maneuver for influence in cyberspace today. A must read for scholars and students alike.”
—Ron Deibert, Director of the Citizen Lab at the Munk School of Global Affairs, University of Toronto
“As the technology and use of cyber means has evolved, there has been a persistent lag in understanding by political leaders and citizens of those means. Cyber Mercenaries is an important contribution to closing that gap. Building on conceptual frameworks from international relations scholarship and Just War theory, and illustrating with several contemporary case studies, Maurer shows how existing international law and political agreements likely offer an incomplete basis for maintaining stable expectations and relations among states as cyber interactions increase in the years to come.”
—Daniel Baer, former U.S. Ambassador to the OSCE and Deputy Assistant Secretary for the Bureau of Democracy, Human Rights, and Labor
“Countries such as Iran and Syria have become increasingly adept at exploiting the ambiguity of cyberspace to their benefit. They frequently engage in coercive cyber operations against domestic and regional political adversaries and embrace proxies to evade accountability. Cyber Mercenaries provides an authoritative framework for understanding how Iran and Syria pursue their strategic interests in cyberspace. Maurer is especially skillful at bridging a scholarly perspective with accessible examples and language, and in doing so makes a significant contribution to breaking down barriers and improving the public discourse.”
—Collin Anderson, lead author of Iran’s Cyber Threat: Espionage, Sabotage, and Revenge
“Cyber Mercenaries is comprehensive and sophisticated guide to growing threat of hostile actions in cyber space for which a nation cannot or will not take responsibility. Tim Maurer explains in clear language the policy implications for attribution, deterrence, military stability, and the potential of emerging international norms.”
—Robert Axelrod, the Walgreen Professor for the Study of Human Understanding at the University of Michigan and MacArthur Prize Recipient
“In Cyber Mercenaries, Tim Maurer sheds light on the complex, covert relationships that have been forged between governments and their proxies in cyberspace, where national security norms and strategies have been upended. Maurer describes new systemic security vulnerabilities faced by connected societies, as state and non-state actors of all stripes capitalize on the instantaneous extraterritorial reach made possible through cyber technologies. This book provides an important framework for thinking about norms on cyber proxies, consistent with universal human rights and international law. This is an important contribution to the global conversation about governance in the digital ecosystem.”
—Eileen Donahoe, Executive Director of Stanford University’s Global Digital Policy Incubator and former U.S. Ambassador to the UN Human Rights Council
“The use by states of proxies - mercenaries and privateers - is nothing new. But in the information age the use of such proxies has become both more pervasive and more concerning in view of the potential for ill-judged or ill-disciplined behaviour to be attributed to states with potentially escalatory consequences. Tim Maurer has produced a ground-breaking and rigorous study of this phenomenon drawing on a wide range of case studies.”
—Nigel Inkster, Senior Adviser at the International Institute for Strategic Studies and former senior official of the British Secret Intelligence Service
“A timely book on the subject which is of extreme importance to everybody.”
—Andrei Soldatov and Irina Borogan, authors of The Red Web: The Struggle Between Russia's Digital Dictators and the New Online Revolutionaries
“Cyber Mercenaries is an excellent introduction to this topic for the general public, and at the same time it can serve as advanced reading for cyber pundits and specialists interested in the rising influence of non-state actors in the cyber domain. It is especially to be recommended for its (rare) ability to address and remain readable for a wide and heterogeneous audience, ranging across the general public, international relations scholars, historians, lawyers, and policy makers alike.”
—Valentin Weber, Lawfare
-
- Podcast
A Discussion Of Tim Maurer's New Book: Cyber Mercenaries
- Tim Maurer
- April 2, 2018
- Hoover Institution
Ben Wittes, co-chairman of the Hoover Institution’s National Security, Technology, and Law Working Group, interviewed Tim Maurer and discussed Maurer’s new book, Cyber Mercenaries: The State, Hackers and Power, an exploration of the intersection between cyberspace and geopolitics.
-
- Excerpt
Why the Russian Government Turns a Blind Eye to Cybercriminals
- Tim Maurer
- February 2, 2018
- Slate
The use of cyber proxies in the former Soviet Union today demonstrates a lot more about the political realities in those countries than just the role that hackers play.
-
- Op-Ed
Here’s How Hostile States Are Hiding Behind ‘Independent’ Hackers
- Tim Maurer
- February 01, 2018
- Washington Post
Many states are employing ostensibly independent hackers as proxies to project influence both domestically and overseas.
-
- Excerpt
Cyber Mercenaries and the Crisis in Ukraine
- Tim Maurer
- January 30, 2018
- Council on Foreign Relations
Many states outsource their cyber operations to non-state actors, with varying degrees of control over their actions. The crisis in Ukraine is a perfect example of this phenomenon.
-
- Op-Ed
Type Softly, Carry a Big Gun
- Tim Maurer
- January 26, 2018
- Mark News
To understand how Iran uses cyber proxies, it’s important to understand how Tehran thinks about cyber security in the first place.
-
When States Pretend to Be Terrorists or Hacktivists in Cyberspace
- Tim Maurer
- April 18, 2017
- Cipher Brief
International humanitarian law applies only to international and non-international armed conflicts. Most offensive cyber operations to date have not taken place during an armed conflict.
-
‘Proxies’ and Cyberspace
- Tim Maurer
- December 17, 2016
- Journal of Conflict and Security Law
States use proxies to project power through cyberspace, some capable of causing significant harm. But there is a lack of clarity on what, exactly, the term ‘proxy’ means.
-
- Book chapter
Cyber Proxies and the Crisis in Ukraine
- Tim Maurer
- 2015
- NATO Cooperative Cyber Defence Centre of Excellence
An exploration of the role that non-state, ‘proxy’ cyber actors have played in the Ukraine crisis.