The Case for Treating Hackers Like Pirates

When we get a glimpse of future threats, it’s wise to rummage through the lessons of the past. 

By
110

The Colonial Pipeline, which provides roughly 45 percent of the East Coast’s oil, gas, and jet fuel, was hacked last week by a group called DarkSide. The cyberattack forced the pipeline owners to shut down operations, leading to long gas lines in many American cities. 

The incident has sparked a long-overdue discussion about how to deal with what may be one of the biggest national security threats of the 21st century. A host of countries, including the United States, have sophisticated cyber operations. The Chinese have penetrated large swaths of our infrastructure. Russia and North Korea have sown mischief on several occasions. 

Last year, Russia hacked into the cybersecurity firm Solar Winds, whose clients include Microsoft and numerous U.S. government agencies, among them the Defense Department, the Department of Homeland Security, the State Department, the National Nuclear Security Administration and the Treasury. 

In 2014, the Guardians of Peace, now more commonly known as the Lazarus Group, hacked into Sony Pictures’ computers and stole a treasure trove of information, including emails between executives, personal data, salary information and copies of unreleased films. The hackers’ stated aim was to prevent the release of the comedy “The Interview,” which made fun of North Korea’s crapulent boy king Kim Jung Un. The FBI designated Guardians of Peace a North Korean state-sponsored hacking organization.

Keep reading with a free account
Create a free Dispatch account to keep reading Get Started ALREADY HAVE AN ACCOUNT? SIGN IN
110
By
Comments (110)
Join The Dispatch to participate in the comments.
 
  1. Avatar photo
    Man-Eating Cow

    Another aspect of treating hackers like pirates, which I actually thought would be the point of this piece, is this: Pirates were (and are) hostis humanis generii, the enemies of all mankind. Under international law, this means that any nation has jurisdiction to arrest, try, and punish pirates.

    I see value in applying this same jurisdictional rule to hackers.

    Collapse
  2. Avatar photo
    Ben Connelly

    “Pirates also had their own codes.”

    Ah yes, the Pirate’s Code. Of course as we all know, it was “more what you’d call guidelines than actual rules...”

    Collapse
  3. Avatar photo
    3ld3r

    Big issue is that, unlike the ocean, every piece of the internet is owned by someone. In order for this to work, cyber privateers would have to co-opt friendly infrastructure or 3rd party, innocent infrastructure to execute operations, where the potential then exists of collateral damage that would make the US responsible if the private actor makes any tradecraft mistakes (very hard to avoid over time).

    In the sailing ship analogy, it's like having a civilian vessel with who knows what inside strapped to the privateer during every attack

    Collapse
  4. Avatar photo
    Johntadian

    The focus for retribution for last week's Colonial hacking seems to be misplaced on catching and punishing the the hackers. A better way to use privateers is for them to focus on the countries turning a blind eye to the activities they surely know are occuring on their soil. If Putin, or a couple of his cronies were to wake up and find their squirreled-away nest eggs suddenly drained to zero; or their military communications were mysteriously scambled, we could quickly see a MAAD situation develop in the cyberworld. Until complicit governmental bad guys see the downside of harboring these criminals, while professing plausible deniability, we will see an escalation of these activities.

    Collapse
  5. Doug Davidson

    Playing prevents alone isn't enough. Biden's EO this week was, for someone in cybersecurity, a "everyone must do what you should have been doing" as a lot of the items that were listed, like multifactor authentication and logging network activities, are just basics.

    I believe we do have more offensive capability than we let on. See reports that the Darkside servers are down and their bitcoin stash drained (https://krebsonsecurity.com/2021/05/darkside-ransomware-gang-quits-after-servers-bitcoin-stash-seized/). In some reports that has been attributed to the 780th military intelligence brigade.

    The issue with using quasi government connected groups or a letter of marque approach is controlling the pirates. The impact from an old pirate scenario ("Argh, matey, let's ransack that thar frigate for its gold and beer!) on a random encounter is a far cry different than a random cyber encounter ("Hey, dudes, look I can shut the cooling process on the reactor down."). If I unleash cyberwarriors without some command and control bad things that touch the physical world (e.g water treatment plan in FL a few months back) will happen and people may die.

    Collapse
  6. Avatar photo
    Victor Clairmont

    Pirates of the Cryptocurrency!

    Yarrrrr, hand me ‘em Bitcoinz and Dogecoinz, less I rinse yar down in hacked kitten vids forever loopin on your 2k worth PC!

    Yarrrr I’ll never release’em, yar secret affair emails to yar side nanny! Pay up or walk the metaphorical digital plank when I hand over yar files to your wifey!


    ......

    Nah doesn’t have the same ring as being gutted or tossed overboard to be eaten by sharks....

    But yes Jonah, they are digital pirates.

    Collapse
  7. Avatar photo
    Mike B

    Pirates when caught were hanged on the spot. Might be considered a bit harsh today.

    Collapse
  8. Avatar photo
    Dave T

    Russia, China, Israel, Iran, and freaking North Korea have teams of hackers roaming around kicking doors and breaking stuff. I am seriously curious about what leads Jonah to believe that the USA, UK, Australians, etc, don't **already** do a bunch of this?

    Collapse
  9. Boatbody

    Given that hackers who don't care about the world we live in, can push us back into the 19th century for a long time, with subsequent starvation and deaths, I think the death penalty by Seal Team Six is quite appropriate.

    Collapse
  10. David A L

    I take a darker view of the Darkside: when someone attacks your critical infrastructure and vital interests, you don't prosecute them and hope for a conviction, you hunt them down and kill them or otherwise neutralize them. A few well publicized reprisals will go a long way towards moderating the impulses of even the greediest criminals.

    Collapse
Load More