What are Cyber Privateers and should you be afraid of them? Cyber privateers and cyber bounty hunters are criminals that are not covered under international law as government agents. In reality, this almost nullifies the chance for war to start over any particular hacking or compromised data event.
The problems hired or volunteer contractors create include a projectable legal attribution. You don't have to be able to prove a country was behind a cyber attack or hack as long as you meet certain conditions. You can literally project the blame entirely to a different entity. The legal aspects will be covered in the next article.
This also nullifies the myth cyber privateers/ bounty hunters can use government tools on civilian or otherwise protected classes of people and infrastructure at will. International law doesn't give people hired or volunteering to commit crimes under any auspices a free pass.
This represents a new class of terrorism which separates the cowardly criminal from the victim in the same sense a remotely detonated explosive would when used at a shopping mall. While this is criminal activity is spreading at a rate that raises alarm bells especially with the projection of 3 million untrained new hires over the next few years.
In the last article, I introduced you to Jimmy and Gary. After three difficult months of online Youtube training, both of our heroes were ready to take on careers as international men of mystery.
The absolute risk this presents to international peace and security should be obvious regardless of what accepted policy is. Everybody gets to spy or nobody gets to spy is the mantra this generation of Intel managers was brought along with. Most of the tools in the NSA arsenal have their start or at the very least a counterpart that is freeware.
This means disgruntled people have access to software that can literally trigger a heart attack for someone with a pacemaker, cause a seizure, or even take control of your car.
More than 70 percent of the Pentagon's Counterintelligence Field Activity (CIFA) is staffed by green badge contractors. The majority of personnel at the DIA, the CIA National Clandestine Service, the National Counter Terrorism Center, and more than 80% of the NSA budget goes to private contractors.
All of the agencies are filled with what amounts to day labor. How many of them already have the keys to the barn that potentially starts the 4 Horsemen of the Apocalypse on their way?
State sized tools give emotionally inadequate and politically repulsive people the ability to illegally mimic or ply actions that are inherently governmental in nature. These same disgruntled overpaid groups fill out the do not fly lists. They are putting people on domestic terrorist watch lists. They are deplatforming journalists and people expressing opinions contrary to their employers and taking over social media and opinion for their employers.
They are hacking websites and stealing financial account information. They gain access to bank accounts through phishing exploits and siphon your account dry. One that I am writing about did this to a family member of mine because of the exposure I'm giving. I'll get back to that later in the series.
Over the last five years, I've not only described the role cyber privateers are playing in world affairs, but have been documenting the players and the damage they are causing.
This article will describe the now accepted US cyber policies that were written by cybercriminals to give themselves cover so they can use the American people and people of the world as their own personal cash cow or reservoir. If they don't like you, no need to wonder who gets to pay for that.
The inherent problem with cyber privateers is covered in the job description as well as their rather fanciful notion they are anything but criminals.
Privateers operate as sanctioned pirates. These throwbacks pretend to operate like their 18th inspirations did. Back in the day, the sponsor country allowed them to make money attacking merchant and military vessels they didn't like but didn't necessarily want a war with. When mistakes were made, privateers supposedly made reparations to the groups they victimized. They had to identify themselves and offer a remedy for damages.
The 2019 cyber privateer or bounty hunter is under no such compunction. They don't identify themselves and their victims rarely know who hit them. In fact, when they do identify themselves, it's just to gloat. They do it in a setting that implies the message that needs to get across without confessions that would hold up in a court.
If this sounds wordy, cutesy, or alarmist, private contractors have interrupted the power grid in Venezuela and hacked into Iran's nuclear infrastructure. They are penetrating the power grid in Russia. This is an ongoing problem that's exasperated by the fact legislators rely on the terrorists to draft the laws to protect them from everyone else.
Think of it this way, if Joey, going by the cool hacker name HedCh33z3, decides he doesn't like Latvia, can he disrupt their electrical infrastructure, medical infrastructure, or elections?
The fact is they move in and out of government service so often, they never bother to switch hats or status. Think of it this way, Joey works for the NSA for a week under a subcontractor and picks up a ton of tools to stalk his Ex and sadistically destroy her life piece by piece. This is what happens when people assume the right to government powers without the authority or responsibility to use them.
Are you willing to send your kid to war or go yourself because Joey HedCh33z3's ex-girlfriend's family thinks he's a creep and they are from XXX country? Yet, we are now snugly very close to being put in this horrific position by politically and emotionally stunted people.
Privateers are Terrorists
So, where do they get the right to do this? Starting right after September 11, 2001, OSINT and cyber started as a serious money-making cottage industry. In the last article, we closed with the DOD actively hiring cyber Bounty Hunters to hack into foreign countries infrastructure.
This practice didn't just start yesterday. Since 2001, there have been many attempts to codify US hiring of cyber privateers or bounty hunters into law. What this has done is enshrine it in US cyber-policy. The DOD use of subcontractors says a lot.
What are cyber bounty hunters and cyber privateers and what do they actually do?
* Work with direct action military subcontractors
* Work for NGOs, corporations, lobby groups
* Work for US government agencies like the FBI, CIA, DIA, DOD, DNI
* Work for political parties and causes
* Work for foreign governments like Ukraine as shown in this series against the interests of the American people
* Work for themselves
They provide Intel through OSINT and hacking. They provide direct action through hacking and Information Operations. Today, they are taking on inherently governmental responsibilities and making decisions they don't have the authority to make and they make decisions that belong to State agencies.
* Who is the enemy?
* Who is friendly (or are there really any friends out there)?
* Who is a danger and how?
* Why are they a danger?
* What is their motivation?
* What steps will the US need to take to stop them, turn them in a different direction, or make peace with them?
One attempt to legalize this activity is called the Morgan Doctrine.
You're aware that the U.S. Secretary of State is actually dumb enough to host her own email server. Even if you're a third-world country without the infrastructure to create serious cyber attacks yourself, a few thousand dollars in Bitcoins to Hackers-R-US will get you zero-day exploits to crack just about any individual server. Either way, you're going to OWN that server before the next national holiday (pick your country, pick your holiday).
The Morgan Doctrine states simply that if you attack my computers (or my banking assets held in US-based computers), then under a certain set of well-defined conditions, a licensed and bonded "cyber privateer" may attack you in your home country and split the proceeds with the U.S. government"You raid our bank accounts, we raid yours. You make money from off-shore child pornography, we're going to loot your bank accounts and, with some REALLY creative black hat operations, you will be taken off the grid worldwide to the extent that you'll not even complete a cell phone conversation for the remainder of your miserable depraved life.- The Morgan Doctrine
Who decides what is right, legal, or legally binding? Is it right when someone who gets paid to find you and accuse you also makes his money from destroying your life and reputation, or directly by stealing from you?
According to the Morgan doctrine blogger who does this kind of work for Oracle, Salesforce.com, BIGFIX, and other technology companies, the answer is a big yes.
The USA followed by Ukraine makes up the highest percentage of over 50,000 readers which reflects the numbers the Ukrainian Diaspora hired to create the illusion of Russian aggression in Ukraine and the 2016 election interference meme. This is a serious attempt to push legislators for legal cover for what is accepted at the policy level.
Let's spell this out. If a cyber bounty hunter or cyber privateer say you work for Russia while they work against Russia, according to this, you picked your side in the war they get paid to fight. It doesn't matter if you don't know you're in one.
When they work for NGOs, foreign governments, political parties, and companies, they are given cover. They found out along the way they are entitled to your bank account as part of their payment as well as the joy of ruining your life every way they can.
In the private sector they now illegally, harass, stalk, and locate people with no legal justification. They are trying to facilitate renditions and executions. Let's be clear, these are your neighbors who are doing this to your neighbors.
Aric Toler and Bellingcat helped set up the functionality of Ukraine's hit for hire website Myrotvorets (peacemaker). The only goal of the site is to publish personal and contact information of anyone they consider standing against Ukrainian nationalism.
The above from Kristal Neant's article should be clear enough and she asks the right questions. Bellingcat's Aric Toler work with privateer groups has included trying to leverage their collective expertise and locate and rendition me.
Here's the kicker, almost every time I've been threatened by Ukraine, it's an American collaborator making the threat for them. The linked article shows this person designed Ukraine's Information Policy. He also wrote the policy paper for the US government's cyber policy.
The same people that testify for Congress on cyber and OSINT are the same people doing these things. Not only to me, but they are training and setting up groups in multiple countries and under different auspices.
More than one of them trained the full spectrum of alphabet agencies. CIA, NSA, DIA, FBI, DNI, DOD, and we can keep going across the board.
They were behind setting up the policy that guided the Tallinn Manual defining cyberwar and international law. We'll be opening that up within a couple of articles.
As a testament of their cyber mojo, they spent the last few years collectively trying to locate someone who didn't change locations often and used normal communications and social media. I publish articles in 5 or 6 publications regularly. I have 4 or 5 different social platform accounts.
They couldn't figure out that I was where I said I was for the last 5 years. This spring I wrote a Victory Day article with local video and interviews. Even though I clearly showed my location, they still weren't too sure.
The one thing you can say about them and their ally Bellingcatis they are consistent. Consistently wrong that is. In Ukraine, Bellingcat'schief source of Intel is Ukrainian Intelligence. This includes the Ukrainian State hackers that contacted me after my sister was hacked. Journalism from the Donbass side of the contact line is a crime against Ukrainian sensibilities. What a bunch of sissies.
This group supplies Intel to NATO and individual EU countries and makes the rounds in Congress. Bellingcat's work in Syria is chiefly supplied by the other side of Bellingcat's Intel fabricators who also work for Ukraine.
We now have Americans working with foreign Intel stalking Americans and foreign citizens/ journalists for foreign countries they know will be tortured and killed. This clearly falls under terrorist activity.
One side of the group that works for Ukrainian Intel contacted me for the first time the day after the bank account was hacked and cleaned out using the hacker's preferred method. What was the reason for the sudden communication? He wanted me to know how smart he really was.
Yet, these same so-called super spies claim to be able to find information about things people are actively trying to hide like weapons systems, motives, etc. Most of the time they don't speak the language of the country they claim expertise for. They decide guilt even though reality shows they aren't able to actually do the job. Strange, isn't it?
It was US policy to make them extra-legal but not illegal in the US after 9-11. Congress worked with these groups to write laws that refuse to criminalize what they do when it's done on citizens. In fact, it no longer matters which side of the spectrum holds the reins, they feel empowered and will continue to do so until laws are written regulating their industry.
Make no doubt about it, they are terrorists. They can be treated like terrorists and people have the right to robustly defend themselves. After I cover the legal aspect, I'll spell out what a robust defense really means.