|TL;DR: All those 90's hackers have built things that warp the Internet in strategically interesting ways.|
I had a comment from one of the policy experts who reads this blog. She asked "That was interesting, but how is that relevant to policy people?"
That's a good question! One quick answer to that is that analyzing the "birth" of cyber is a good way to understand why Cyber is not the same as Nuclear/Bio/Chem when it comes to regulation.
The first thing I want to help policy-peeps understand is that a cyber weapon is anything that changes the terrain of cyberspace.
- This can be by allowing you to offer information without it being blocked by your adversary: think Wikileaks, Pirate Bay, or Tor Servers
- It can also be something that allows you to access confidential information (think NSA's QUANTUM)
- Or it can be something that offers situational awareness (like Shodan or a rack-mount of Qualys servers with a team of people that really know how to use it)
- Or a program that offers a hardware implant for every router on the market
But in general, real "Cyber Weapons" are very large programs - staffed by ten people minimum each. And they change the fundamental way the network works, as opposed to having a list of features like a commercial product.
And every one of those groups from the 90's knows that and has been in places where they have built them and many of those people continue to build them to this day. This is one of the differences between, say, Nuclear and Cyber. Whereas Nuclear was largely started in one place, Cyber started all over the world at about the same time. Remember that it took a letter from Einstein himself to start the Manhattan program, because only he understood the ramifications of the theories, and had the political push to make it happen.
But it is not a mistake that ten years ago there was a huge exodus of offensive talent from the intelligence community to Microsoft and Google and now they are at the forefront of the strategic war. It is not a mistake that the people involved in those 90's hacker groups have a different understanding of the possibilities of cyber.
And so WhatApp has strong end-to-end crypto, Napster offered files that were hard to remove from the net, and Wikileaks and Pirate Bay still exist even after massive US Government attempts to blot them from the Internet. What do you think the members of "Hacked By Owls" did after they were done defacing things? Lots.
I could go on, but think as a policy person to yourself: How would the world be different from a policy perspective if every major country on Earth had nuclear technology at first, instead of just the US? Too often the policy world asks itself "How is Cyber similar to Nuclear Weapons?" instead of asking how they are different.
And if you see something in the news that changes the Internet, anything really, ask yourself where it came from. Chances are one of those 90's hackers teams is behind it.