The Long Tail of War: The Volunteer Cyber Army

In my last two blogs, I wrote about the growing risk of a proportional cyber response to state sanctions imposed on Russia and its leadership, and the risk to companies that have privately taken action against Russia. Today, I'll be talking about the crowdsourced cyber response on both sides, its immediate implications for organizations, and its long-term implications for the future of cyberwarfare.

Before I dive in, I want to reaffirm that the invasion of Ukraine is an abhorrent act that has taken the lives of hundreds of civilians and displaced millions of people internally or as refugees. The choice to support Ukraine by Western governments and private companies is a moral and ethical one that weighs heavily on me and my fellow business leaders. It's also one that comes with the very real risk of proportional retaliation by Russia and its allies, both government and independent. It's that retaliation for which I want to make sure every organization is prepared.

(3) Crowdsourcing as a Tactic in Warfare

Early in the conflict, Ukraine formed a volunteer IT army to target a list of Russian targets and protect Ukraine's critical infrastructure. The volunteer army is updated and coordinated in real-time using the messaging app Telegram, which now has over 300,000 followers to the IT army handle. Using the messaging service, Ukrainian officials are able to share information and objectives, effectively crowdsourcing a global cyber military. At the time of writing, the Ukrainian IT army's targets include financial services firms and procurement avenues that help Russian citizens evade sanctions.

This crowdsourcing tactic has global implications that extend far beyond the scope of activity in the Ukraine. The IT army is composed of people from around the world, many of them employed as IT professionals at private organizations. Many of us are employing or working alongside members of this army already.

At the same time, pro-Russian individuals and groups are also coordinating and marshaling resources. Notorious Russian-affiliated ransomware syndicate Conti pledged its support to Russia early on, as did UNC1151 (AKA Ghostwriter). The rise of these crowdsourced cyber soldiers on both sides of the divide will have profound implications moving forward.

On a micro-level, there is precedent for nation states targeting private individuals. And if Russia or its allied cyber forces were to take such action, it's not a stretch to imagine that an employer—who likely has little to no visibility into an employee's participation in cyber activities beyond the office—could become collateral damage.

On a macro level, the rise of crowd-sourced cyber armies will accelerate the demand for and development of increasingly sophisticated cyber weapons, many of which will be used to expand the blast radius far beyond the limits of a kinetic battlefield.

A leading indicator of this is the notable increase in the value of zero-day exploits. Before leaving The New York Times, longtime cybersecurity reporter Nicole Perlroth reported that mobile phone (iOS or Android) exploits have topped $2 million. Governments including Russia, China, North Korea, and other countries that boast robust cyber talent will no doubt continue to finance the purchase of Zero Days for independent-but-affiliated groups, which in turn will provide a lower-cost alternative to kinetic attacks. For example an individual T-14 Russian tank costs approximately $4 million. If cyberwarfare militia operations and zero day values are representative of the future of cyberwarfare, the world will see a significant increase in attacks and impact around the world.

The scale of coordinated and uncoordinated sanctions and their profound economic impact on Russia make Russian retaliation a virtual certainty. At the same time, the acceleration of crowdsourced militias in supporting these operations, radically reduces the cost of cyberwarfare while expanding the number and capabilities of the attackers.

Russia's response on the cyberfront is set to follow the kinetic war, and it's my fear that it will last a long time, with credible analysts calling this the next cold war—comparing it to a conflict that lasted nearly 50 years. The global impacts of this war are a call for the entire world to prepare for a radical increase in cyberwarfare in the coming years.