In addition, massive exports of small arms by the US, the former Soviet Union, China, Germany, Belgium, and Brazil during the Cold War took place commercially and to support ideological movements. These small arms have survived many conflicts and many are now in the hands of arms dealers or smaller governments who move them between conflict areas as needed.
The current activities of Anonymous demonstrate the same type of small arms proliferation albeit in a virtual plane. Driven largely by ideological activities, Anonymous distributes a revamped version of the Low Orbit Ion Cannon (LOIC) tool used in mass Distributed Denial of Service (DDoS) attacks. LOIC was the primary weapon used by Anonymous in its ongoing "Operation Payback" DDoS campaign against film and recording industry associations, as well as other organizations involved in anti-piracy efforts. The application was originally created by a user named Praetox and was used in several mass attacks over the years, including Anonymous' campaigns against the Church of Scientology or the Australian government or the Iranian election protests last year. In January 2009 the code of the Windows program was released on SourceForge as an open source project and a cross-platform Java version was later created. This release allows for the proliferation of code that can be enhanced, improved, and utilized in low intensity conflicts with the potential for significant media coverage.
Last year another developer branched off the code and added a new feature called "Hive Mind" to the tool. This feature allows users to relinquish control over the application after installation and makes it act as a botnet client, which can be controlled from an IRC channel. This method of virtual small arms proliferation allows like-minded individuals to participate in DDoS activities based upon their ideology while giving up control to centralized resources.
Small arms and light weapons have been responsible for the majority of the combat deaths in recent wars and figure in much of the crime and civil violence visited upon vulnerable societies around the world (Klare). Virtual small arms are currently responsible for all the malware activities around the world today. This will continue for the foreseeable future and be the bane of most governments and anyone who disagrees with a group capable of extracting virtual revenge, censorship, and elimination of the right to disagree or have a different ideology.
Virtual small arms are ideal methods for online disruption. They are widely available, low in cost if there is even a cost at all, they deliver a strong payload, simple to use, highly portable, easily concealed, and potentially possess legitimate military, police, and civilian uses (Klare). These virtual weapons are light in footprint, and so can be used by the very young yet technically astute who have played such a significant role in recent virtual conflicts.
But once the virtual conflict is over, virtual small arms still exist in the hands of the participants. Virtual small arms can easily be used to start other conflicts that may be more personal. It creates a surplus of virtual small arms establishing a culture of hacktivism and an endless circle of virtual conflicts.
The latest concern is the revelation today that Anonymous has acquired much of the code related to Stuxnet. According to some �experts� malware is largely uncharted territory for Anonymous, �which has built its notoriety on crippling the websites of governments and multinational corporations, such as Visa and MasterCard, which it deems a threat to freedom of speech (Halliday, 2011).� The problem is that no one really knows the capabilities of Anonymous since it is such a loose knit group who come together to crowdsource their targets and attacks based upon a shared ideology or belief. Anonymous uses Web 2.0 technologies to establish a community-based design for their focused efforts. They even use Web 2.0 as a method to propel their payload to new levels.
Regardless, the residual virtual small arms left over by Stuxnet provides a foundation for melding together new attacks that can be leveraged in much the same way that LOIC has been leveraged and matured over time.
The asymmetrical methods of cyber hacktivism used by Anonymous and other such organizations make it extremely difficult for nation-states. Governments are struggling to create their own cyber defenses based upon outdated laws while asymmetrical attacks are increasing in scope, frequency and lethality.
The response is to create and leverage cyber mercenary forces (http://blogs.csoonline.com/cyber_mercenaries_avatar_forces). These are civilian-based organizations and/or individuals who have the skill, moxie and risk appetite to combat those who participate in illegal activities against commercial entities, individuals and governments. Currently personified by the lone wolf Th3J35t3r (The Jester), the single-mindedness of such individuals and/or groups combined with technical skill, cyber counter intelligence capabilities and a penchant for offensive action (taking the fight to the adversary�s doorstep) is what is required. Cyber mercenaries have the same asymmetrical capabilities as their adversaries.
If contracted by commercial and/or government entities, cyber mercenaries could acquire the funding and technology to rapidly increase their cache of virtual small arms. Access to the technical repositories, financial resources and knowhow of government and non-government organizations (NGOs) could enable cyber mercenaries to expand offensive activities with maximum lethality, quickly and efficiently. But what of the potential for virtual arms to be left behind? Would this parallel the same activities we have seen over and over again in the physical world with respect to the proliferation of small arms?
Cyber mercenaries are already being employed by the US government and have been for several years. The cyber mercenaries of today though are in place as a defensive measure. They analyze malware, reverse engineer malware and examine penetration attempts, attacks, and deal with incident response and handling. What needs to be leveraged and organized are small teams of cyber mercenary groups with offensive capabilities and the will to strike at a moment�s notice.
The days of the virtual aircraft carrier operating in small corridors attacked by a multitude of speed boats each packed with enough explosives to immediately disable the vessel is upon us. Until such time governments figure out how to deal with such fast moving, guerilla-style, virtual asymmetrical attacks, they should rely upon cyber mercenaries. It is time to organize.
It is not illegal to use offensive-based cyber mercenary groups to drop cyber jihadist sites. We are at war with Al-Qa�eda and the Taliban in terms of physical action. We should be at war with them as well in the virtual world. We know where their sites are; we know their vulnerabilities; we have those like Th3J35t3r who temporarily remove them from their virtual perches acting in the interests of the US government even though not condoned or authorized by the US government to do so. Regardless, this hacktivism is correct and just. It carries the war to the doorstep of our enemies. It disrupts their communications which is a core tenet of offensive warfare.
The capabilities of such people should be leverage creating cyber mercenary organizations to combat the oncoming tide and virtual onslaught that is at our doorstep.
