Hacking Is the New Cold War

Hackers have come to dominate global statecraft, and barely anyone is paying attention

Photo: Thomas Trutschel/Photothek/Getty Images


The question was posed online with no preamble and in broken English. It sounded like a prank, a thought experiment, or an internet troll shouting into the digital ether. It was none of these things.

This message, posted in 2016 by an account calling itself “theshadowbrokers,” began a series of events that would send shock waves through United States intelligence agencies and beyond. During a year-long escapade, the Shadow Brokers released documents that exposed how hackers working on behalf of the American government had penetrated networks around the world to delay, disrupt, and defang their targets. Their purloined files revealed that hacking was a fundamental, though mostly secret, tool of American statecraft, one deployed clandestinely against foe and friend alike.

The Shadow Brokers released more than just documents. They revealed a collection of hacking tools amassed and guarded by the National Security Agency, or NSA, that were so powerful that American hackers likened them to “fishing with dynamite.” And now this dynamite had suddenly been made available to anyone for free.

The result was predictably disastrous. Hackers from authoritarian regimes and criminal groups repurposed the exposed code for use in their own devastating cyber attacks. They rank as the most destructive hacks in history, wreaking more than $14 billion of damage, infecting hundreds of thousands of computers, and interfering with businesses across the globe. American spy agencies that were accustomed to stealing other’s secrets and penetrating others’ intelligence operations did not know what had hit them. The United States government began a massive counterintelligence investigation into the Shadow Brokers, an inquiry made much more difficult by the careful steps the group had taken to cover its tracks. Though it has not been confirmed, leaks from the investigation suggest the Shadow Brokers were Russian in origin. America’s loss was Russia’s gain.

The Shadow Brokers’ data dump and the attacks that followed were the culmination of an unmistakable trend: over two decades, the international arena of digital competition has become ever more aggressive. The United States and its allies can no longer dominate the field the way they once did. Devastating cyber attacks and data breaches animate the fierce struggle among states. Chinese hackers plunder American business secrets and steal digital consumer records while Russian hackers interfere in the power grids and electoral politics of their adversaries. Even isolated countries such as North Korea and Iran can now decimate major global corporations like Sony and Aramco. And for all the blows it has suffered, there is no doubt that the United States continues to punch back.

The chaotic arena of cyber operations is not what scholars and military planners had long imagined. They had always envisioned cyber attacks as a kind of digital equivalent to nuclear war: devastating but rare. This notion first etched itself into American consciousness with the 1983 movie WarGames, which featured a young Matthew Broderick inadvertently bringing the world to the brink of nuclear Armageddon by hacking into military computers. President Ronald Reagan saw the film the day after its release and demanded that the government investigate its premise. Over the five presidencies since, an endless string of Washington blue-ribbon commissions has addressed the specter of digital destruction. Books by academics and policymakers have conjured up images of hacked power plants and air traffic control networks, of food shortages and mass panic.

Rather than realizing this apocalyptic vision, however, cyber attacks have become a low-grade yet persistent part of geopolitical competition. They happen every day. Government hackers play an unending game of espionage and deception, attack and counterattack, destabilization and retaliation. This is a new form of statecraft, more subtle than policymakers imagined, yet with impacts that are world-changing.

TThe more competitive aspects of statecraft rely on two overlapping but distinct approaches: signaling and shaping. The distinction between the two is vital. If international relations are like a game of high-stakes poker, to signal is to hint credibly at the cards one holds, in an attempt to influence how the other side will play its hand. To shape is to change the state of play, stacking the deck or stealing an opponent’s card for one’s own use.

While cyber capabilities are increasingly versatile tools for shaping geopolitics and seizing the advantage, they are comparatively ill-suited for signaling a state’s positions and intentions.

Since the dawn of the nuclear age, the theory and practice of international relations has focused on signaling, and with good reason: humankind’s most powerful weapons have become so destructive that they cannot be used except in the most extreme of circumstances. The canonical scholarship of the Cold War period thus explained not how to win a conflict, but how to avoid it on one’s own terms. Theorists like Thomas Schelling, who received the Nobel memorial prize in economics for his studies of game theory, described how a state can gain and retain an edge without firing a single shot. To hear Schelling tell it, much of statecraft is about manipulating the shared risk of war, coercing an adversary with carefully calibrated threats so as to gain a peaceful advantage.

Today, one of the primary ways governments shape geopolitics is by hacking other countries. Hackers’ power and flexibility are underappreciated, especially by those who focus only on the most visible attacks or on an imagined civilization-ending cyber war. Government hackers continually find ways to advance their states’ interests and hinder those of their adversaries. Like a boxer who wins on points rather than with a knockout blow, they can be effective without being flashy or drawing blood.

Cyber operations show up again and again in the sophisticated modern state’s playbook. Hackers wiretap, spy, alter, sabotage, disrupt, attack, manipulate, interfere, expose, steal, and destabilize. They fray the enemy’s social fabric and denude its hacking capabilities. To understand contemporary statecraft, one must understand these shaping operations and their cumulative strategic effects.

Conversely, cyber operations are ill-suited for signaling. When states deploy cyber operations to communicate to other states, the signals tend to lack calibration, credibility, and clarity.

This is not a view aligned with conventional wisdom, with its roots in Cold War theories. Policymakers and scholars frequently present cyber capabilities as analogous to nuclear capabilities, which make signaling essential given the potentially catastrophic impacts, or as analogous to conventional military capabilities, which make signaling easier given their high visibility. For military leaders, cyber capabilities may seem like tank battalions: reliable assets that can be deployed against a wide range of targets and whose force is easily understood.

But these comparisons to nuclear and conventional weapons are misleading. Cyber capabilities are not nearly as powerful as nuclear weapons or even most conventional military capabilities. Nor are they as dependable, fungible, or retargetable as traditional arms. Maybe most vexing of all, the operational functioning of cyber capabilities is nonintuitive; while most policymakers and scholars understand what nuclear weapons and tanks can do, the possibilities, pitfalls, and processes of hacking missions are comparatively opaque.

The best way to conceptualize cyber operations is not through familiar signaling-centric paradigms, but through the framework of shaping, rooted in concepts like espionage, sabotage, and destabilization. The states that reap the most benefits from hacking are the ones that aggressively mold the geopolitical environment to be more to their liking, not the ones that try to hint, coerce, or threaten.

Governments hack ever more forcefully in their never-ending competition for preeminence. Each chapter will explore a distinct objective of this hacking and put forward one case or campaign as an exemplar. Many of the same operational steps appear in case after case, even as the end goals differ. Government hacking has evolved and accelerated over the past two decades. It used to consist of espionage operations almost entirely out of public view.

The United States and its allies had crucial advantages in this arena. But over time, states built capabilities for covert cyber sabotage, and then for overt cyber attacks. States next realized how cyber operations could have broader effects, indiscriminately disrupting adversaries’ companies and destabilizing their societies. Cyber operations are now indelibly part of international relations, and the gap between the United States and other countries has narrowed considerably.

As competition rages in this new field of global engagement, everyone on the internet is caught in the crossfire and subject to the “perpetual rhythm of struggle” that Kennan warned about. This struggle does not manifest itself in public debates at the United Nations or even the discreet summits of international leaders. It does not rely on conspicuous military mobilizations or troops that serve as human trip wires. Instead, it flows through vast server farms, ad hoc networks of unwitting participants, third-party states, and homes and workplaces nearly everywhere.

The global communications links, encryption mechanisms, internet companies, and computers that individuals use every day are the new front lines of statecraft. For better and for worse, hackers — working for, against, and within states — are shaping the future of the world.

Excerpted from THE HACKER AND THE STATE: Cyber Attacks and the New Normal of Geopolitics by Ben Buchanan, published by Harvard University Press. Copyright © 2020 by Ben Buchanan. Used by permission. All rights reserved.

Ben Buchanan is a professor at Georgetown University and is the author of two books on cybersecurity, including The Hacker and the State.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store