GE-Is there any governmental or industrial sector that is hiring private hackers, IO pros, and private spies which could prove beneficial and not cost the US its status in the world or have international repercussions?
MJ-I think this is relatively straightforward. Pretty much everyone will acquire a defensive cyberwar capability, but the problem is that it may be extremely difficult to prevent an offensive arms race from being initiated. What makes this worse than conventional or even nuclear arms races is that you never really know what others have and it's extremely difficult to verify the elimination of a capability, since we are essentially talking about software tools in a world where everyone and their brother is writing code. And if there is an underlying mistrust among major powers, it will naturally promote the development of offensive capabilities (which will be described as retaliatory, of course), which then will have to be tested in some way.
GE-What is the potential of bounty hunter hackers, IO pros, and private spies fomenting war outside of all government policy or oversight?
MJ- This is a bit more complicated. If the tools really proliferate among non-state actors, it's the equivalent of selling biowarfare kits in pharmacies all over the world. Anyone can get them, then launch anthrax/black plague/whatever attacks on whatever individual, organization, city, or country they don't like at the moment. So that probably will not be allowed to happen, and we'll see something like the de-facto ban on shoulder-launched SAMs from being sold or given to non-state actors. Even the war in Syria did not seem to break that taboo. The bigger problem is governments outsourcing cyberwar to quasi-private actors, in the same way, propaganda has been outsourced to the likes of Bellingcat, censorship to Google and Facebook, killing people to Eric Prince. So, for reasons of plausible deniability, you could set up a Dirty Dozen-style outfit of cybercriminals given suspended sentences in return for cooperating with the gov't, then use them to stage cyber ops to benefit the US gov't, or at least the intel community, and do it with considerable plausible deniability and moreover hide it in some "black" budget program. I do wonder who all these Cozy Bears and Fancy Bears really are.
Professor Jasinski's point is well taken. What would the world be like if anyone could get their hands on aggressive NSA state-level tools and point them at their neighbor?
When he taught the people that would eventually become CIA and FBI OSINT agents and managers, the transition from State to privatized Intel was in its infancy. Part 2 of the series showed Richard Clarke made the US Agency transitions to the privatization of Intel. UK PM David Cameron labeled the man that got the job transitioning US agencies to privatized Intel an idiot. That was Steve Emerson and his sidekick and former gift shop cashier, the lovely Rita Katz.
From the 1990s into the 2000s and 2010s, all of the elite hack, defense, and attack tools were purposely labeled freeware for anyone that decided to pick them up. This means the scenario professor Jasinski labeled as a nightmare is already coming true.
A researcher made an elite hacking tool out of the info in the Vault 7 leak. And most of the tools in their primary form are available online free of charge.
Why did this happen?
The Guardian made the point in November 2014 with "Our choice isn't between a world where either the good guy's spy or the bad guy's spy. It's a choice of everybody gets to spy or nobody gets to spy."
So said the security luminary Bruce Schneier at BBC Future's World-Changing Ideas Summit in October"With so many cheap or free tools out there, it is easy for anyone to set up their own NSA-esque operations and collect all this data. - American Jihadi Starts Private NSA And Attacks America
This has been gradually developing into the norm in America. Your safety and the safety of your loved ones, not to mention the rest of the world is in the hands of otherwise unhireable people that are learning as they go to hack and attack foreign countries and domestic civilians.
"In a Sept. 2013 Reuters article, Jameel Jaffer, deputy legal director at the American Civil Liberties Union, said the reported incidents of NSA employees' violations of the law are likely "the tip of the iceberg" of lax data safeguards. The laws guiding the NSA's spying authority in the first place are a bigger issue, he said. "If you only focus on instances in which the NSA violated those laws, you're missing the forest for the trees," Jaffer said. "The bigger concern is not with willful violations of the law but rather with what the law itself allows."-NSA staff used spy tools on spouses, ex-lovers: watchdog
The companies and individual actors sell information. For some, this is the basis of how they market their services. They spy on other companies on regular people commit espionage and run legally dubious information operations against civilians.
But because of the work they do for both the U.S. government and private corporations, few restrictions are placed on them. Where they are supposed to be supervised by the Director of National Intelligence (DNI), in some cases they are supervising themselves and other companies and training DNI agencies to act like them.-Intel-for-Hire Undermines U.S. Intelligence (Part 2)
It is only along this line, the NYT article U.S. Escalates Online Attacks on Russia's Power Grid can be comprehended. Why is the military leaving the nation's Commander in Chief blinded from what has the potential to spark a hot war? How?