The Weaponization of the Internet: Options & Tactics for States

In the world of state-sponsored cyber hacking and propaganda, there is no one-way street. Major state actors like China, Russia and the U.S. are victims of internet-enabled strikes just as much as they are the perpetrators of strikes against other state actors. The body of evidence surrounding this field is obfuscated by how state actors intentionally conceal their tracks, in a manner that is uniquely possible over the Internet, but less so in physical warfare.

In this article, we will analyze the Weaponization of the Internet, defining its permutations as denial of service (DoS) and censorship, hacking to gain unauthorized access, and Internet-enabled propaganda to disrupt or influence public opinion. We will then delve into case studies of state actors: China, Russia and the U.S. We will advance the argument that Internet-based offensive technologies will not only become an integral part of state-security, but they will also become the first line of offense against other states. Lastly we will argue that prevailing defenses aimed at preventing hacking and propaganda are insufficient, and therefore the orientation of defensive thought must shift from building higher firewalls to predicting security breaches before they occur.


The rise of the Internet and related technologies has transformed the world, revolutionizing nearly all aspects of everyday life, including crime. Broadly speaking there are three mutually exclusive categories of Internet Weaponization: (1) blanket attacks on states, communities & infrastructure, through: DoS, worms, malware, and censorship; (2) targeted attacks (‘cyber hacking’) on individuals, organizations & companies through phishing & user-identification attacks; and (3) non-criminal propaganda which uses social media & news media outlets to disseminate information with the intention of swaying public opinion.

Virus, Malware & Denial of Service

The most lethal computer virus in history, ‘ILoveYou’, was released by a non-state actor (a Filipino computer science student) on May 5, 2000 spreading over email with a title subject “LOVE-LETTER-FOR-YOU.txt.vbs” resulting in $10 billion in damages to government and corporate networks. Between April 27 and May 9, 2007 Estonia served as a testing ground for coordinated attacks by a distributed group of Russian hackers, including: ‘flood attacks’, ‘smurfing’, and ‘bricking’, shutting down Estonia’s government & banks for twelve days. Lastly, the release of ‘Stuxnet’ by the Israel’s Mossad in concert with U.S. Cyber Command in June 2010 represented a quantum leap in malware complexity. Stuxnet succeeded in shutting down 1,000 centrifuges at Iran’s nuclear enrichment facility in Natanz, and rendering impossible the activation of the Bushehr nuclear facility. These examples demonstrate both the evolution of viruses from trivial individual use to state-sponsored use, and its growing complexity.


Internet censorship takes the form of controlled suppression of what can be accessed, published or viewed freely elsewhere. Political censorship becomes the weapon of choice for non-democratic governments attempting to suppress subversion to their authority, most notably the shut down of the Internet by ex-President Mubarak on January 27th 2011 during the peak of the Arab Spring, and similar curtailment of the Internet in other Arab states. However the largest ever orchestrated censorship of the Internet remains China’s ‘Great Firewall’ (Golden Shield Project 2003), a massive surveillance and censorship program affecting 700 million users (roughly 25% of all internet users).

Cyber Hacking

Undoubtedly the most lethal form of Internet Weaponization remains targeted hacking with criminal intent. The most popular method, ‘Phishing’, describes an attempt to obtain sensitive information such as usernames, passwords, financial detail for malicious reasons (theft, extortion), by disguising as a trustworthy entity. Attempts directed at specific individuals or companies have been termed ‘Spear Phishing’. ‘Social Engineering’ involves using social skills to obtain or compromise information, and ‘Cross-site scripting’ refers to type of code injection attack incorrectly validating user data, inserted on a page via an altered link or web form.

While cyber hacking remains the practice of choice of criminal organizations and hacktivists, it requires statecraft-level thinking to serve as an effective means of waging cyber warfare against a state. Thus cyber hacking techniques are part of the arsenal of intelligence departments worldwide, and especially used by Beijing, Moscow and Washington.


The use of propaganda by organizations or states to advance political goals is nothing new. However, its effective use over the Internet is a relatively new concept. Given the reliance of search engines and social media on the ‘credibility’ of the news source to engender its news worthiness to the top of search results, propaganda requires many page views and ‘likes’ to be successful.

Much attention has been focused on Islamic States’ successful use of propaganda as a recruitment tool (both for people joining the so called Caliphate, and for me too attackers in the West). Islamic State, must, however, focus its efforts on emotionally captivating media on a sentimental audience (namely other Muslims). Alternatively Russia’s efforts at cyber propaganda combine traditional news outlets (RussiaToday & Sputnik), cyber hackers, trolls and bots to take ‘rig’ search results into displaying fabricated stories irrespective of their factual validity. Examples of these strategies in action abound, from propaganda campaigns in Ukraine, to the Scottish independence referendum, the 2016 U.S. presidential elections.

State Actors: China, Russia, and The United States

China’s primary offensive requirement for the Internet is (1) domestic censorship, and (2) corporate and military espionage. These requirements reflect China’s own geopolitical condition: one where national unity and the Communist Party’s monopoly on power rests on its ability to deliver economic gains while simultaneously suppressing dissent. To that effect, China’s Ministry of Security Service (MSS) released in 2006 the Golden Shield Project ‘Great Firewall’ resulting in censorship for 700 million users. Additionally, China’s elite hacking group within the People’s Liberation Army Unit 61398 has scored an impressive array of hits against American defense industry, civil administrative departments, and the United States Armed Forces.

However, whereas China relies on sheer manpower to engage in cyber hacking against geopolitical enemies (be that Japan, Taiwan, U.S.) fully relying on an army of 1.5 million hackers distributed across the mainland, it lacks the speed and skill that Russian hackers have cultivated over twenty years, or the asymmetry of access which America’s Directorate of National Intelligence commandeers. Going forward, China remains most vulnerable to subversive propaganda oriented towards discrediting the Communist leadership.

Russia’s primary offensive requirement for the Internet is as an (1) extension of its military arsenal when advancing its geopolitical goals, and (2) as a form of ‘digital sovereignty’. Russia’s experience in cyber warfare is unparalleled, having successfully utilized denial of service tactics to complement two ground offensives (Georgia 2008 and Ukraine 2014) & additionally in Estonia in 2007. Indeed, Russia’s ‘Gerasimov Doctrine’ outlines the user of cyber warfare as an integral part of ‘hybrid warfare’ whereby there is no direct culpability to Russian ground forces of a military strike. Nevertheless, these measures reflect tried & tested Soviet doctrine to engage in ‘active subversive measures’ to destabilize enemies in order to advance its geopolitical goals. Americans came face-to-face with this updated method of warfare known as ‘insinuendo’ propaganda, during the 2016 Presidential elections. A combination of state-sponsored news (RussiaToday and Sputnik), bots, fakes news webpages and cyber hackers managed to expose weaknesses within American political institutions (namely the Democratic Party Convention) to undermine trust in the electoral process.

Secondarily, Russia’s government sees an unregulated Internet with suspicion. The Kremlin has over the past five years enacted laws to encroach on the freedom of information of the Internet to the point where some suspect a similar firewall will exist to that of China. The political objectives of Internet censorship are oriented towards steering public opinion in favor of Russia’s ruling party, and also depriving Western technology firms of access to identifying details of Russian citizens; hence their objective of ‘digital sovereignty’.

Going forward, Russia has a target rich environment of opportunities to deploy its army of hackers, bots, and mainstream news agencies to advance its geopolitical interests (be that undermining NATO or the European Union). These include propaganda in support of Eurosceptic nationalists parties in upcoming elections like France, Germany and Serbia. Conversely, Russia’s ruling party is at risk of similar tactics deployed against during the 2018 elections, should the U.S. seek to deploy large-scale digital resources to unseat the incumbents.

Lastly we turn to the United States, which maintains a near asymmetric dominance of Internet surveillance, big data computing power, and best-in-class signals intelligence (SIGINT) and satellite intelligence (SATINT) to back that up. America’s offensive requirement for the Internet are oriented towards (1) asymmetric dominance of access; and (2) neutralizing threats to America and its allies.

The extent of America’s surveillance and cyber hacking power was not publicly known until Edward Snowden released a trove of National Security Agency (NSA) files related to the existence of PRISM, a mass, global internet & telephony surveillance program. PRISM is a tool used by the U.S. NSA to collect private electronic data belonging to users of major Internet services like Gmail, Facebook, Outlook, and others. It’s the latest evolution of the U.S. government’s post-9/11 electronic surveillance efforts, which began under President Bush with the Patriot Act, and expanded to include the Foreign Intelligence Surveillance Act (FISA) enacted in 2006 and 2007. NSA programs collect two kinds of data: metadata and content. Metadata is the sensitive byproduct of communications, such as phone records that reveal the participants, times, and durations of calls; the communications collected by PRISM include the contents of emails, chats, VoIP calls, cloud-stored files, and more.

While China and Russia maintain their own domestic surveillance programs, neither has unfettered access to global user metadata as the U.S. Directorate of Intelligence. This program alone has advanced America’s national security interests (particularly in counter terrorism), but elsewhere too.

The biggest weakness in America’s indiscriminate Internet surveillance is the legal framework and civilian oversight under which it is held to account (arguably a major source of strength). Whereas China and Russia do not have oversight boards governing use and monitoring noncompliance, the U.S. does, curtailing its scope of use. However, despite these controls, U.S. intelligence engages in the use of malware, cyber hacking, and to a lesser extent propaganda, to further its pursuit of organized criminals, terrorists, and against states.

Concluding Thoughts

The Book of Genesis tells us the story of Joseph, who has been given the gift of foretelling the future. This gift enables Joseph to foresee a shortage of grain within the Egyptian kingdom, and engage in history’s first example of a futures contract, buying and taking possession of grain stocks in advance of a famine.

In this article we have presented a comprehensive overview the universe of methodologies available to conduct warfare via the Internet (be that through state actors or non-state actors). For governments, organizations and corporations operating or subscribing to managed security service providers (MSSP’s), building adequate defenses doesn’t start with stronger and higher firewalls, but with identifying security breeches before they materialize. To accomplish this task, security and analytics efforts must shift their thinking towards artificial intelligence-based algorithms that analyze data from over millions of sources across the open, deep, and dark web, in all languages, and in real-time. The task, practically impossible ten years ago, is now feasible through so called ‘Web Intelligence Engines’. By identifying keywords, hashtags and zero days that bubble-up to a critical level, potential victims of cyber hacking are able to prepare defenses in advance of planned attacks.

Jesse Sandoval is a graduate of Stanford University in International Relations & Economics. Jesse Sandoval is based in Los Angeles, works in the private equity industry and actively blogs on foreign affairs. He may be contacted at and followed @jesssandoval

One clap, two clap, three clap, forty?

By clapping more or less, you can signal to us which stories really stand out.