Cyber Mercenaries explores the secretive relationships between states and hackers. As cyberspace has emerged as the new frontier for geopolitics, states have become entrepreneurial in their sponsorship, deployment, and exploitation of hackers as proxies to project power. Such modern-day mercenaries and privateers can impose significant harm undermining global security, stability, and human rights.

These state-hacker relationships therefore raise important questions about the control, authority, and use of offensive cyber capabilities. While different countries pursue different models for their proxy relationships, they face the common challenge of balancing the benefits of these relationships with their costs and the potential risks of escalation. This book examines case studies in the United States, Iran, Syria, Russia, and China for the purpose of establishing a framework to better understand and manage the impact and risks of cyber proxies on global politics.

Table of Contents

Part I: Of Brokers and Proxies

  1. Cyber Proxies: An Introduction
  2. Proxies: An Instrument of Power Since Ancient Times
  3. Cyber Power: Geopolitics and Human Rights

Part II: Cyber Proxies Up Close

  1. Cyber Proxies on a Tight Leash: The United States
  2. Cyber Proxies on a Loose Leash: Iran and Syria
  3. Cyber Proxies on the Loose: The Former Soviet Union
  4. Change Over Time: China’s Evolving Relationships

Part III: Implications

  1. The Theory: State Responsibility and Cyber Proxies
  2. The Practice: Shaping Cyber Proxy Relationships
  3. Conclusion: Cyber Proxies, the Future, and Suggestions for Further Research

About the Author

Tim Maurer is the co-director of the Cyber Policy Initiative and a fellow at the Carnegie Endowment for International Peace. Since 2010, his work has been focusing on cybersecurity, human rights in the digital age, and Internet governance, currently with a specific focus on cybersecurity and financial stability.

“The cyber revolution is accelerating the diffusion of power in global politics. Non-state actors are increasingly important, but they form a complex set of alliances and arrangements with governments. Some are proxies for government on a tight leash; some virtually roam free. Tim Maurer continues his pioneering work on cyber politics with this important exploration of cyber mercenaries.”
—Joseph S. Nye, University Distinguished Service Professor at the Harvard Kennedy School of Government and author of The Future of Power

“Anyone who wants a thorough understanding of cyber operations, including proxies, must read this book. Maurer is an investigative scientist and provides the first blow-by-blow account of real cyber operations that use proxies. He uncovers new information about existing proxy relationships between nations, what feeds the proxy relationship, and how countries differ in how proxies are used in a depth never seen before. If you’re going to read one book on offensive cyber, read this one.”
—David Brumley, Director of CyLab at Carnegie Mellon University, and Winner of DARPA’s Cyber Grand Challenge

Cyber Mercenaries is a very timely book focusing on cyber proxies - subjects often hidden behind the wall of government secrecy while playing an increasingly important and visible in cyber operations. States have a long history of using conventional proxies, cyber proxies are ‘the newest kids on the block’. Based on academic research and case studies, Tim Maurer addresses the capabilities of cyber proxies, the different types of cyber proxies and their relationships with states in the manner that is both very insightful and catching for policy makers, practitioners of international relations, academia, experts and citizens alike.”
—Marina Kaljurand, Chair of the Global Commission on the Stability of Cyberspace and served as the Foreign Minister of Estonia from 2015-2016

“Authoritarian regimes, like China, Russia, and Iran like to hide their tracks in the digital wilderness by outsourcing cyber espionage operations to the criminal underworld. Others prefer to keep a tight leash, but still employ hundreds of contractors to aid their strategic ambitions. Tim Maurer’s Cyber Mercenaries offers the first systematic scholarly treatment of how and why governments use proxies to do their bidding in cyberspace. Weaving together high-level theories and historical analogies with highly detailed case studies, Maurer’s book helps illuminate how governments maneuver for influence in cyberspace today. A must read for scholars and students alike.”
—Ron Deibert, Director of the Citizen Lab at the Munk School of Global Affairs, University of Toronto

More Reviews

“Tim Maurer’s Cyber Mercenaries is a comprehensive and cogent description of how nation-states engage proxy actors to carry out cyber-based espionage, information operations, and even acts of destruction. Combining deep research with compelling analysis, Maurer demonstrates that this increasing blend of public and private cyber aggression challenges our concepts of sovereignty, international law, and even warfare. Indispensable for government and private sector policy makers.”
—Michael Chertoff, former U.S. Secretary of Homeland Security and Executive Chairman of the Chertoff Group

“A must-read for anybody interested in how states use hackers and for what ends. Rigorously researched, Maurer offers the first comprehensive study of proxy relationships in the cyberspace domain.”
—Eric Rosenbach, Co-Director of the Belfer Center at the Harvard Kennedy School, former Pentagon Chief of Staff and Assistant Secretary of Defense

“As the technology and use of cyber means has evolved, there has been a persistent lag in understanding by political leaders and citizens of those means. Cyber Mercenaries is an important contribution to closing that gap. Building on conceptual frameworks from international relations scholarship and Just War theory, and illustrating with several contemporary case studies, Maurer shows how existing international law and political agreements likely offer an incomplete basis for maintaining stable expectations and relations among states as cyber interactions increase in the years to come.”
—Daniel Baer, former U.S. Ambassador to the OSCE and Deputy Assistant Secretary for the Bureau of Democracy, Human Rights, and Labor

“Countries such as Iran and Syria have become increasingly adept at exploiting the ambiguity of cyberspace to their benefit. They frequently engage in coercive cyber operations against domestic and regional political adversaries and embrace proxies to evade accountability. Cyber Mercenaries provides an authoritative framework for understanding how Iran and Syria pursue their strategic interests in cyberspace. Maurer is especially skillful at bridging a scholarly perspective with accessible examples and language, and in doing so makes a significant contribution to breaking down barriers and improving the public discourse.”
—Collin Anderson, lead author of Iran’s Cyber Threat: Espionage, Sabotage, and Revenge

Cyber Mercenaries is comprehensive and sophisticated guide to growing threat of hostile actions in cyber space for which a nation cannot or will not take responsibility. Tim Maurer explains in clear language the policy implications for attribution, deterrence, military stability, and the potential of emerging international norms.”
—Robert Axelrod, the Walgreen Professor for the Study of Human Understanding at the University of Michigan and MacArthur Prize Recipient

“In Cyber Mercenaries, Tim Maurer sheds light on the complex, covert relationships that have been forged between governments and their proxies in cyberspace, where national security norms and strategies have been upended. Maurer describes new systemic security vulnerabilities faced by connected societies, as state and non-state actors of all stripes capitalize on the instantaneous extraterritorial reach made possible through cyber technologies. This book provides an important framework for thinking about norms on cyber proxies, consistent with universal human rights and international law. This is an important contribution to the global conversation about governance in the digital ecosystem.”
—Eileen Donahoe, Executive Director of Stanford University’s Global Digital Policy Incubator and former U.S. Ambassador to the UN Human Rights Council

“The use by states of proxies - mercenaries and privateers - is nothing new. But in the information age the use of such proxies has become both more pervasive and more concerning in view of the potential for ill-judged or ill-disciplined behaviour to be attributed to states with potentially escalatory consequences. Tim Maurer has produced a ground-breaking and rigorous study of this phenomenon drawing on a wide range of case studies.”
—Nigel Inkster, Senior Adviser at the International Institute for Strategic Studies and former senior official of the British Secret Intelligence Service

“A timely book on the subject which is of extreme importance to everybody.”
—Andrei Soldatov and Irina Borogan, authors of The Red Web: The Struggle Between Russia's Digital Dictators and the New Online Revolutionaries

“Tim Maurer has broken important new ground explaining how states project force in cyberspace through proxies, from government contractors to activists to mercenary hackers. He argues persuasively that states' dependence on proxy forces will increase, and that we will see new kinds of collaboration and even competition between state and non-state actors. His book is an important and urgent call to policymakers to start thinking about how to avoid new conflicts that will inevitably arise from these state-proxy relationships.”
—Shane Harris, author of @War: The Rise of the Military-Internet Complex