Adam Caudill

Security Leader, Researcher, Developer, Writer, & Photographer

Assange, Ecuador, and the Cyberarmy

The news that Julian Assange has asked Ecuador for political asylum is flooding twitter as his supporters do their best to attract attention to his cause, and rally everyone they can to contact Ecuador’s embassy in London to urge them to grant Assange’s request. While I’ve watched the Assange case since before the first allegations came out of Sweden – that’s not my interest here, my interest is in what Ecuador could do if they wanted to.

Building a cyber-army #

Ecuador has an interesting problem right now, they can offer to help Assange – which will certainly draw the ire of the US and its closest allies, or they can do nothing – and possibly lose a chance at building a new army. Let me explain…

The governments of the US and other large powers are spending a lot of money to recruit and train what the press has dubbed ‘cyber-warriors’ (i.e. hackers) to perform offensive operations. For smaller countries – throwing a huge budget at something like this just isn’t possible, but they do have another option. If a country was to offer safe harbor to those at risk of being prosecuted for hacking and related crimes in exchange for assisting their military – they could define a new form of super-power.

The US and UK both make a habit of throwing their best hackers in prison – if Ecuador helps Assange, it could set the stage for them to help others accused of similar crimes in the future. If they are smart about who they help – they could easily build an army of hackers, an army that could set a new standard for power and control of the technology that we are so dependant on.

(Yes, I realize that Assange isn’t a hacker himself, but he has a loyal following of those that are – and the action would set the precedent making this possible.)

Whether it will be Ecuador today, or some other small state later I don’t know – but I’m willing to bet money that it will happen.

The future of war #

War has evolved in interesting ways – from arrows, to guns, then to bombs – but the next step is clear: the electron. War (and the power to make war, which I would argue is what’s really important) will be more about espionage and sabotage than it’s ever been before. Power grids, banks, communications, and industrial systems will all be targets – and the ability to manipulate these systems will define who the real super powers are.

Imagine the impact to the economy should one of the stock exchanges be attacked, and fake trades generated to drive the price of stocks down. Would we see the crash of 1929 again?

There are also far more subtle attacks that could be perpetrated against a country’s ability to make war. Changing technical drawings for example, that could cause a breakdown in a supply chain rendering supplies and equipment useless (e.g. guns bored wrong, missiles wired improperly). Something as simple as changing the quantity or product code on a military order could prevent operations due to a lack of necessary supplies. It’s attacks like these that would likely target less secure, lower priority systems, that would cause the most chaos.

It’ll be interesting to see what happens next, whatever it is – it’s sure to have repercussions for years to come.

Adam Caudill


Related Posts

  • Moving to Octopress

    As you might be able to tell from looking, something is different around here. So what’s changed? Octopress I’ve switched from WordPress to Octopress, a Jekyll-based blogging platform that generates a completely static site. So there’s no database, no dynamic code (i.e. PHP), minimal memory footprint (which is great, given my recent hosting change) and best of all – it’s fast and secure. Using Octopress, it greatly reduces the security surface of the server, which means I spend less time worrying about updates and more time writing.

  • Gpg4win & IDEA

    Huge PGP files, an ancient version of PGP, and errors every time they tried to decrypt a file – that was my completely unexpected challenge on Friday. Dealing with file processing issues really isn’t part of my job description, but I’m the closest thing my company has to an expert when it comes to encryption, so the task fell to me. After looking at the options and issues to get the server upgraded to a non-stone-age version of the PGP software, the easiest answer looked like decrypting the files with GPG – it wasn’t as easy as expected, but I did get some useful information that may help others.