Privateering Cyber Report

Published On : 2022-12-05
Share :
Privateering Cyber Report


The rise of the use of cyber criminals for privateering is a growing concern for organizations and governments worldwide. The term itself comes back to 2007 when it was used in a speech by the Estonian Defense Minister Jaak Aaviksoo aboutthe massive cyber attack originating in Russia that crippled the country that year and also aboutmid-19th century international norm, that put stop to the practice innaval commerce raiding.

Privateering is the practice of utilizing cyber criminals to conduct malicious activities forfinancial gain, to disrupt informational and economic flows of the enemy,and steal intellectual property by way of private proxy. A comprehensive view of how norms have changed over time is necessary to understand the current state of privateering. Privateering has become a lucrative and profitable business for cybercriminals, allowing them to operate with little oversight or regulation in exchange for sanctioned status with the government even thoughthe privateer is breaching international and domestic law. This paper will discuss the rise of privateering, the risks associated and potential solutions to mitigate the threats.


Privateering is a form of cybercrime in which organizations or individuals hire cyber criminals to conduct malicious activities such as data theft, malware attacks, and distributed denial-of-service (DDoS) attacks. Privateers are typically paid a fee for their services or notoriously in the case of Russia given a free hand in the conduct of cybercrime in exchange for committing some time and skills to attacks done on behalf of the government. Privateers may be provided with tools, technology,or additional financing and manpower to carry out their malicious activities, as has likely recently been the case with Russia’s Killnet group.

Privateering groups can be used to target organizations and individuals for financial gain or to disrupt company or even governmentoperations or services. Privateers are often more affordable than hiring a professional security consultant, not bound by law,and can provide a more discreet approach to malicious activity and thus deniability to the government, which can then point to the activity as the action of “patriotic hackers”, a line repeated many times by the Russian government for example. The infiltration of malicious software into SolarWinds systems was traced back to Russian intelligence, then Chinese hackers were reported to be exploiting this vulnerability. North Korean and Iranian hackers are often blamed for other cyberattacks, however, it is not often that nations admit to being behind hacking activities.

A comprehensive view of how norms have changed over time is necessary to understand the current state of privateering. During the 13th to early 19th century, privateering was a common practice among nations and substrate actors. Privateers were essentially pirates that would operate on a government license to disrupt an enemy’s trade to hinder their war efforts. In its original form, privateering was originally beneficial for merchants and the British government but it eventually became a problem for British Naval power. A similar struggle is taking place today in cybersecurity, where privateers began to resemble semi-state actorsamong nations. Cybersecurity has been considered a private concern, with the government playing a minimal role but at the same time, privateering actors are exploiting vulnerabilities in cyberspace without following the traditional state-versus-state framework of norms of conduct. The comparison to a time in which semi-state actors such as naval privateers and mercantile companies provides valuable insights into conflicts between objectives of gaining economic advantage and stability within trade systems.

Historically, privateers were mainly used during a time of war. The longer the conflict lasted, the more privateering was professionalized and institutionalized and after the cessation of hostilities,the institutionalized privateers were integrated into the government navy, worked on merchant ships, or became unlicensed pirates. The line between privateering and piracy was often not clear and these unregulated actors could serve as a substitute for declared war in their actions. In this,we can see many parallels, with criminal hacking groups having been put to use by the government of countries like Pakistan, North Korea, Iran, Russia, andChina in times of increased tension in international relations with their increasing institutionalization in times around armed conflict or risk of armed conflict and their use for de facto undeclared warfare against enemies of the government.

Privateering TodayAnd Its ETLM Attribution

The rapid spread of the internet in recent years has led to an increase in dependence on networked functions for basic everyday functioning in organizations and on an individual level across the globe. Just as sailors ventured forth into uncharted waters in search of new trade routes and riches, so too do we explore cyberspace in search of knowledge and entertainment. In the absence of state protection, individuals must rely on their abilities to fend off online dangers. In such an environment, defensive and offensive skills are sought by a variety of actors,and smaller companies that cannot afford a comprehensive internal security approach are often left to stand against state-backed privateers, who are hardly deterred by the law or defensive capabilities of private companies.

As early as 1989 a group of German hackers was apprehended for their intrusion into U.S. government and corporate computers and allegedly selling their loot to Soviet spies. The Yahoo hacks of 2013 and 2014 were attributed to a group of cybercriminals who were reportedly paid by the Russian FSB (successor organization to KGB) and while one Canadian-Russian was extradited to the USA, the three other suspects who the FBI believe were responsible for the crime arestill free and live in Russia. Additionally, the attacks against Estonia and Georgia in 2007 and 2008, or the Shamoon malware attack against Saudi Aramco were probably perpetrated by cyber privateers working at the behest of foreign governments operating from Moscow and Tehran.

The biggest example of a privateering actor impacting several states within a nation has been observed only last year, when agroup of Russian cybercriminals known as DarkSide disrupted operations of a large-scale oil pipeline operator in charge of the US Colonial Pipeline that originates in Houston, Texas, and carries gasoline and jet fuel mainly to the Southeastern United States. As a result, fuel shortages began to occur at gas stations amid panic buying as the pipeline shutdown entered its fourth day. Alabama, Florida, Georgia, North Carolina, and South Carolina all reported shortages with almost ¾ of gas stations running out of fuel in the hardest hit areas while average fuel prices temporarily rose to their highest values in almost a decade. Researchers posit that the group responsible was split with at least some of its members coming under “privateering license” in Russia with the eruption of the Russian war in Ukraine, where the attackers probably focus on further targets in the energy industry and critical infrastructure.The episode further popularizes the notion of privateering in cyberspace, whereby cybercriminal organizations refrain from the activity against entities within their haven nation.

This fall Italy’s NationalCyber Security Agency has warned about increasing risks of cyber attacks against energy operators and infrastructure-administering agencies. The warning came after breaches in two major Italian energy corporations; the oil giant Eni was hit by a ransomware attack, while the Italian energy agency in charge of Italy’s electricity market Gestore dei Servizi Energetici (GSE) suffered a breach of its systems. Similar to naval shipping in the past, utilities and other critical infrastructure operators are a prime target for privateers, especially in times of heightened international tensions. State-sponsored hackers carrying out malicious attacks on the energy sector companies around the EU (and in particular in countries that are highly dependent on Russian gas)are expected to be a top risk in the second half of the year as Russia continues its war on Ukraine and the EU countries continueto strongly oppose this attempt to redraw the security layout of Europe.

While researchers cannot confirm beyond doubt that the attacks on Italian energy companies originated from Russia, the BlackCat ransomware group (also known as AlphV) which took credit for the attack on GSE is believed to be affiliated with or even a rebrand of the DarkSide group, responsible for the Colonial Pipeline in the US.

Today, computer hackers have been compared to the privateers of bygone days, as they work for state actors such as China, Iran, and North Korea. It is likely true that some groups such as Anonymous have acted as privateers to aid Ukraine, while some pro-Russian groups are working at the behest of their state masters. The Ukrainian invasion spurred coordination between Russian APTs andcybercriminal groups wherein the privateers are accessible to enemy retribution on the high seas. It may be noted that states acknowledge privateers, whereas states maintain plausibly deniable associations with cybercriminal group surrogates such as the Russian Business Network’s activities in Estonia.

In another instance observed, a hacker group known as Bjorka has been targeting Government, Consumer Services in Indonesia, Singapore and the US acting as Privateers to help the cause of poor people, targeting the policymakers.

Source: Underground Forums

Risks Associated with Privateering

According to NSA chief Gen. Keith Alexander, in 2012 alone American businesses lost about $250 billion, a number that rises to over USD 330 billion when the costs of downtime due to crime are taken into account. According to general Alexander, the loss of intellectual property through cyber espionage constitutes the greatest transfer of wealth in history, while FBI Director James Comey hasclaimed in 2014 that There are two kinds of big companies in the United States. Some havebeen hacked by the Chinese and those who don’t know they’ve been hacked by the Chinese. Many of these attacks were conducted by privateering cybercrime groups, whichwere given free rein by the governments in Beijing, Moscow, Tehran,or Pyongyang. Ever since the time of the respective comments, the situation has hardly changed for the better. In fact, cybercrime has inflicted USD 6 trillion in damages globally in 2021and is predicted to reach damages of USD 10.5 trillion USD annually by 2025, an exponentially larger amount than the damage inflicted by natural disasters in a year.

The use of privateers poses somerisks to organizations and individuals. Privateers areoften anonymous, making it difficult to identify and prosecute them or suefor damages. Their government protection means that even in case they can be identified in acourt of law, their extradition is certainly impossible in most cases. Privateers are also difficult to monitor and regulate, meaning that malicious activities can go undetected for long periods. Privateers can also be difficult to remove once they have been hired, making it difficult to ensure that malicious activities have been completely stopped.

Privateers can also be used to target organizations and individuals for financial gain, as privateers can access sensitive data and use it to steal money or data. Privateers can also be used to launch DDoS attacks, which can disrupt operations orservices and cause significant financial losses.

Potential Solutions

Organizations should be aware of the risks associated with privateering and take steps to identify and mitigate potential threats and risks. Organizations should monitor their networks for suspicious activity and implement measures to detect and respond to malicious activities.Organizations should also train their employees on cybersecurity best practices and create policies that outline the acceptable use of the organization’s networks and systems.


The surge in cybercrime has been linked tothe proliferation of the internet and e-commerce. The rising value of digital information has made cybercrime and digital privateering more lucrative than ever before while the increases in tension in the post-Cold war international environment haveput a premium on the deniability of the often de facto warlike conduct engaged in by cyber-criminals. The everyday integral use of social media, cloud computing,and remote work ismaking it ever more interesting to engage in the trade. Cyber privateering is away for smaller players to leverage a large infrastructure and the ongoing democratization of access to hacking tools and ever-expanding value in increasingly digitized economies will likely lead to more cyber privateering. Crime in cyberspace, espionage, intellectual property theft,or cyber-enabled infrastructure attacks sharesthe ability to disrupt national security, the economy,and the functioning of private organizations. The rise of privateering among cybercriminals is a growing concern for organizations and individuals. Privateers can be used to target organizations and individuals for financial gain or to disrupt operations or services while providing the government sponsor with deniability.

Whether privateers engage in scamming, ransomware, malware injection, data exfiltration, or disruptions of operations, whether they use states financed high-value zero-day exploits or common malware sourced from the open or dark web, the lines between semi-state, state,and privateering actors areblurring. This blurring can be seen behind the development of a large part of the more sophisticated malware. Privateers are often anonymous and at the same time enjoy state protection. States backing remits their actions and makes them more difficult to detect and prosecute. Organizations and individuals can take steps to mitigate the risks associated with privateering, such as investing in cyber security solutions, training employees on cyber security best practices, and monitoring networks for suspicious activity.

This site is registered on as a development site. Switch to a production site key to remove this banner.