Nina A. Kollars
It is tempting to characterize conflict in Game of Thrones as one of great power competition, viewing the competition through the lens of realism. It is easy to view the struggle as an anarchic one between similar family structures acting in their own self-interest and building their power to promote familial self-preservation. In short, it is all too tempting to view Westeros as the ultimate Hobbesian playground. As viewers of the popular series will attest, life in Westeros is nasty, brutish, and short. However similar to real-world international relations, a pure-realism viewpoint falls short in understanding the conflict, due to the exclusion of actors who are not part of the major families.
To be clear, the primary factor that initiates conflict in Westeros is not power disparities between families or a product of an anarchic system (as realism would predict) but malicious data manipulation by a nonstate actor. The threat is not dragons or White Walkers but a single hacker, Petyr Baelish—the money lender and brothel owner who attempts to pwn both the Starks and the Lannisters for personal glory and gain and maybe a little bit of schadenfreude.1
Certainly, politics and tension exist in Westeros, but conflict between the head families began with manipulated data. The bloodshed begins early in season 1, when Baelish convinces Catelyn Stark that the dagger intended to kill her son belongs to the rival Lannister family’s own Tyrion. The events that follow spark a brutal, bloody war between the two families, and as chaos ensues, Baelish manipulates data to sow further political instability, adroitly maneuvering to maximize his own profit and stature. To use Baelish’s own words, “Chaos isn’t a pit. Chaos is a ladder.”2
Baelish is neither king nor ruler nor powerful leader in any meaningful sense. Instead, he is a man who deals in information. He excels as an information broker with a network of informants and secrets that he leverages for his own gain—no matter the disruption it causes. In contemporary parlance, Baelish is a black hat hacker. Like the black hats in our reality, Baelish has expert skills in social engineering and is situated within a networked information system. Baelish proves himself to be a most formidable hacker, because he understands how to manipulate data, data systems, and humans. He is the ultimate black hat, because he uses the system entirely for his own gain. He doesn’t care about the health of the kingdom, the security of the leadership, or the strength of its military. Baelish wants money, power, and glory, and he uses hacker-like skills to get it. And like any good hacker, he occasionally disrupts the system for the lulz.
Thankfully, another sort of hacker emerges in Westeros to balance the chaos Baelish unleashes. This is Varys, alternately known as the Spider or as the Master of Whispers. As Baelish’s archnemesis, Varys is equally as masterful at manipulating information networks. Another hacker of social systems, Varys differs from Baelish in that Varys sees himself as protector and maintainer of the health and well-being of all the citizens of Westeros. No fan of purposeless chaos, Varys sees himself as a stabilizing figure. In contrast to Baelish’s black hat role, Varys functions as a white hat hacker, a preserver and protector of system stability.
Still, one should hesitate in just how much comfort to take in Varys’s work. In his own words, “I did what I did for the good of the realm.”3 Varys judges for himself, takes action on his own, and helps who he—individually—judges should be aided. In this sense, any temptation to see Varys as an agent subsumed under the state is false. Varys is undoubtedly also a nonstate actor. The difference is that he seeks to ensure the well-being of a system he prefers. While he works to pwn Baelish, he isn’t always working in favor of the ruling regime. Westeros’s cyberraven comms and little bird-mice networks can be just as easily utilized for personal gain as they can for the public good. And while we are tempted to say that Varys is a force for the kingdom’s good, his actions aren’t always specifically regime preserving. While we can resolutely abhor Baelish for his selfishness, Varys’s form of justice could easily run afoul of a regime worth supporting.
This brings us to the driving question of this writing. How might Baelish’s and Varys’s behavior inform the way we think about modern military conflict? Most broadly, the answer is that the role of nonstate actors capable of manipulating information systems should be among our foremost concerns, both during times of geopolitical competition and during times of open warfare.
Given the increased interconnectedness of modern information systems (spawning more points of potential network vulnerability), the Baelish-Varys pwnage behavior proves increasingly important to understanding contemporary geopolitics.
This writing posits that modern conflict is less a playground for decoration-laden master strategists with their complex militaries and more a utopia for shrewd (often less heroic) hackers with their relatively simple methods of system hacking. More succinctly, the outcome of future conflict will rely more than at any point in the history of warfare on the struggles between white and black hat hackers. It is worth our time to understand what drives these two types of actors and what we can be doing now to prepare for this type of competition.
Black hat hackers operate as self-interested manipulators of information and information systems. Black hats are information brokers, and they do so to benefit themselves—whether it be for glory, riches, or power. Black hats care little about the discord they might sow, so long as it furthers their own private goals. Be it raven scrolls or bots on the internet, we would do well to heed this lesson in the modern era. Beware the disruptive danger of nonstate actors capable of information system manipulation! At best, they make our militaries, governments, and communities less efficient. At worst, they make the systems untrustworthy, and when trust breaks down, clear lines of decision-making go awry. Distrust of information systems is problematic, and black hats only exacerbate that problem. They not only increase criminality and chaos in a system, but they make it easier to blur lines. They literally make it difficult to trust the information systems we rely on to function. One needn’t look any further than the current debacle of Russian meddling in our own election systems, feeding polarized media cycles and undermining the public’s trust in voting. It is one thing to hack Sony to demonstrate dissatisfaction with a depiction of a North Korean leader—it’s another thing when meddling in data causes a nation to doubt its own democratic political processes. And yet here we are.
In terms of military and elite-government decision-making, could this erosion be the cause of a world war? This author finds it unlikely as a first-order cause but worries deeply that it will undermine national reliance on information systems both public and private. Insofar as military decision-making in wartime seeks to enable global joint operations, continues to be pushed downward onto the battlefield, and aims to engage in cross-service and cross-domain operations, the reliability of information within those networks as they cross service, country, or system borders is susceptible to manipulation. Military cooperation, at every level, gets harder.
On the peacetime governance side, it is trustworthy information systems that make it possible to sort democratic states from those merely claiming to be democratic—literally. Transparent processes that communicate the will of the people to government systems and the mutually transparent systems that demonstrate the actions of militaries and government leaders to the public—these are the core mechanisms that separate democracy from other regimes. Information, trustworthy information, connects the heart of a republic to its mind. Undermining trust in that flow undermines democratic regimes, their global cooperation schemes, the international laws they seek to uphold, and ultimately systemic stability.
As such, the Baelish problem is deeper than simple criminal disruption. Baelish is more than a casual black hat hacker making his money on the dark side of the system. He’s worse. He not only blurs the distinctions between criminal activities and those that fundamentally alter political power structures, but he also blurs the distinction we draw between wartime activities and peacetime politics. Is Baelish waging war? Is he manipulating? Or is he trying to topple a regime, using methods just shy of overt violence? When something goes wrong, do we blame the Lannisters for the attack using bad data? Or just Baelish’s treachery? As it is in Westeros, the same is increasingly true for black hats manipulating the modern system. Increasingly, we are finding that nonstate cyberthreat actors are slippery when it comes to intent, often blurring the lines between criminal economic behavior and state-sponsored political agendas. This is the current and (my guess is) the future reality of the cyberthreat space—it will be harder and harder to discern the difference between criminal and political actors. We may even reach a time when the distinction just isn’t useful at all. Advanced persistent-threat actors like North Korea’s Lazarus Group are unabashedly both. They make their money hijacking cryptocurrency wallets, and they hack patriotically for the regime.4
Consider OceanLotus, a group reportedly working out of Vietnam, whose bailiwick since 2014 appears to be spearfishing (targeted email campaigns intended to make recipients download malware) of manufacturing and hospitality companies operating in Vietnam (both domestic and foreign).5 Prior to this, however, the Electronic Frontier Foundation indicated that OceanLotus had been found to attack dissidents and journalists in Vietnam since 2013.6 While it is possible that OceanLotus’s political activities were the result of its own preferences, it is equally likely that they were simply paid to do so.
Consider also the case of a group called C0d0so0 based out of China. C0d0so0 is generally described as a freelance Chinese hacking group rather than a state-operated organization. Nevertheless, in 2014 C0d0so0 breached Forbes.com. The attack initially appeared to be a broadly targeted attempt to steal credentials from a highly visited site, but later forensics indicated that the group’s interest was in only a select few visitors to the site—specifically defense sector firms.7
Black hat freelancing is a rising, vibrant global service industry, made possible through deep-web spaces that enable private communication, dark-web markets, and cryptocurrencies that obscure the transfer of funds. The markets differ between Russian, Chinese, and U.S. sites, but no country is immune to the effects or the birth of these markets. The cost for stolen data services ranges from low-end credit card data sales at approximately one dollar per card to targeted hacking of email accounts at about one hundred dollars each.8 As new technologies are pushed onto the marketplace, malware can be adapted to attack it. Among the hottest trends in the Chinese service market is the tailoring of malware to mobile technologies that enables mass spamming and phishing attacks.9 Efforts to stem these services have resulted in a globally uncoordinated and vastly ineffective game of internet whack-a-mole. It will be some time, if ever, before states learn how to manage the rise of the black hat service market—when, that is, states aren’t buying into it themselves.
Although it’s a tempting response to the threat posed by black hats, the answer is not simply to fight fire with fire and hire white hat hackers. The motivation of the white hat can also be fraught with contradiction for any ruling regime. Working toward the stability of a system isn’t the same thing as loyalty to a particular regime. As season after season of Game of Thrones demonstrates, Varys changes loyalties as he judges who might preserve the kingdom best. This, in practice, is likely part (though obviously not sufficiently all) of why the U.S. military and intelligence agencies attempt to “grow their own” hack talent, rather than rely on the public pool. Recall that Edward Snowden considers himself a white hat, and frankly, many in the white hat hacking community concur with Snowden’s self-labeling. It should function as a sober reminder that just because the United States is a country of free citizens with a democratic process does not mean that white hat preferences for preservation of stability naturally align. And when they do not, data gets stolen and often publicly distributed.
Our intelligence and military communities are well aware of these risks and are still attempting to find a balance between hiring the best talent and protecting against insider threats. This explains why DoD efforts to “Hack the Pentagon,” “Hack the Air Force,” and similarly (poorly) titled events aren’t so much white hat hacking events as they are vulnerability research intended to find security loopholes in publicly facing websites. The DoD wants the capabilities and talent but recognizes that white hats do not necessarily signify love for U.S. national security agencies (not that they necessarily should either—there’s a real argument for leaving white hats to do their work as part of a healthy information ecosystem rather than trying to capture them as federal cyberwarriors).
Ideally, the real-world problem of information systems’ reliability and modern conflict would be as narrow as that of one or two Baelishes or even just a matter of telling the Baelishes and Varyses apart (something not always possible). Westeros is truly a fantasy world that presents us with two agents who operate at the apex of an information system. In an era of networked connectivity and instantaneous communication, the potential for self-interested information brokers—whether white hat or black—to affect systems is broad and staggering. In this sense, the problem of Westeros’s systems pales in comparison to the modern cyberthreat conflict space. The series features two actors who can pwn the system. The truth is that there are tens of thousands of Baelishes and Varyses engaged in a global push and pull for the preservation or corruption of data. Even more confoundingly, being either self-interested or community-preserving is not a consistent state for the hack community—hackers can and do change hats. Meanwhile, states, marketplaces, and communities are caught in the crossfire.
It is often the case that young black hats just learning their trade eventually come to see the error of their ways and turn white hat “before they’ve been sentenced for their first felonies.”10 For this very reason, Null Space Labs was created by hacker (and penetration-testing consultant) Datagram and his colleagues in Los Angeles to direct the energies of young hackers before they venture down the wrong path.11 Similarly, crowd-sourced programs on vulnerability research—like those at BugCrowd, where they are known as bug bounties—also provide an outlet for young hack types to make money and develop their skills while operating within the law.12 But it is equally possible that what began as benign tinkering in cyberspace can turn malicious, particularly for skilled populations in parts of the world where opportunities are few or in places where politics have resulted in disaffected citizens. For talented hackers trying to make money to support their families, there are choices that must be made, and the dark side is sometimes the only option to get paid.
Finally (if the hacking metaphor hasn’t already jumped the shark), I offer the following thought on future hacking efforts. As in Westeros, the modern real-world information system is neutral, and those with the capacity to manipulate it can do so either disruptively or as an act of preservation. If the reader will forgive this stretch to the potential artificially intelligent information future, there remains Brandon Stark, who by the end of season 7 has become data omnipotent—he can seek out the data to any question he is asked both backward and forward in time. In doing so, Bran is the one who ends up pwning the pwner Baelish, by revealing Baelish’s deception with the dagger. This technological temptation too, however, has its limitations. Bran can only see what he seeks to observe, and as such, his capacity to check against data manipulation is limited by the scope of his question. In this way, similar concerns should be on the forefront of the national conversation about the use of artificial intelligence for national security and military purposes. In May 2018 many extremely talented Google employees tendered their resignations in response to learning that their AI research would be applied to military purposes. We would be wise to step carefully into this space. Information, its manipulation, and the systems that provide it are the deep variables at play in the potential for and exercise of conflict between countries—and they will only be more at play in the conflicts of tomorrow.
1. Pwn (pronounced “pōn”) is a slang term used by hackers to refer to the compromise of someone else’s computer or network. Used more broadly, it refers to the domination of one over another. You can pwn or be pwned. The term, according to hack folklore, comes from a typo when the writer was attempting to type the word own (as in “you have been owned”).
2. In addition, this line from Baelish is obviously crafted for the eponymously titled overall episode, “The Climb.” David Benioff and D. B. Weiss, “The Climb,” season 3, episode 6, dir. Alik Sakharov, Game of Thrones, aired May 5, 2013, on HBO.
3. Benioff and Weiss, “The Climb.” The scene between Baelish and Varys is markedly tongue-in-cheek as the two information brokers come together to spar verbally. No small nod to the difference in motivations between the agents.
4. Rosie Perper, “New Evidence Reportedly Puts North Korean Hackers behind a List of High-Stakes Bitcoin Heists,” Business Insider, January 19, 2018, https://www.businessinsider.com/north-korea-lazarus-group-behind-cryptocurrency-cyber-attack-wannacry-sony-2018-1.
5. Nick Carr, “Cyber Espionage Is Alive and Well: APT32 and the Threat to Global Corporations,” Threat Research, May 14, 2017, https://www.fireeye.com/blog/threat-research/2017/05/cyber-espionage-apt32.html.
6. Eva Galperin and Morgan Marquis-Boire, “Vietnamese Malware Gets Very Personal,” Electronic Frontier Foundation, January 19, 2014, https://www.eff.org/deeplinks/2014/01/vietnamese-malware-gets-personal.
7. Josh Grunzweig and Bryan Lee, “New Attacks Linked to C0d0so0 Group,” Palo Alto Networks, January 22, 2016, https://researchcenter.paloaltonetworks.com/2016/01/new-attacks-linked-to-c0d0s0-group/; Ericka Chickowski, “Chinese Hacking Group Codoso Team Uses Forbes.com as Watering Hole,” Dark Reading, February 10, 2015, https://www.darkreading.com/attacks-breaches/chinese-hacking-group-codoso-team-uses-forbescom-as-watering-hole-/d/d-id/1319059.
8. Pierluigi Paganini, “Pricing Policies in the Cyber Criminal Underground,” InfoSec Institute, October 7, 2014, http://resources.infosecinstitute.com/pricing-policies-cyber-criminal-underground/.
9. Pierluigi Paganini, “Chinese Criminal Underground Is Doubled between 2012 and 2013,” Security Affairs, September 6, 2014, http://securityaffairs.co/wordpress/28074/cyber-crime/chinese-underground.html.
10. Thank you to Casey Ellis at BugCrowd for this line; I’m cribbing directly from a telephone conversation I had with him.
11. For more about Null Space Labs, see their website at https://032.la/, last accessed March 5, 2019.
12. For more on BugCrowd, see the BugCrowd blog “About” page, at https://www.bugcrowd.com/about/blog/.