While all this was happening—that is, as governments were turning more and more to cyberwarfare—another parallel trend was developing: the democratization of hacking among ordinary citizens. “The Jester might be the highbrow guy—what everyone pictures as ‘the hacker’—at the very top of the pyramid,” says Raj Samani, chief technical officer for security firm McAfee. “But that broad bottom of the pyramid is getting bigger because everyone can do it.” In a forthcoming paper on the proliferation of pay-to-hack tools, Samani points out that committing online crimes—like purloining email passwords or attacking websites—doesn’t require technical expertise. Just a credit card will suffice. A distributed DoS attack against a website, he says, can be purchased online from freelance hackers for as little as $2 an hour.
Given the ubiquity of hacking, it’s little surprise that private individuals and groups have become players in the cyberwarfare arena. Sometimes, as with the Jester and Anonymous, the motive might be ideological. In other instances it may be profit. In October 2012, for instance, the Russian security firm Kaspersky Labs uncovered a massive cyber-espionage operation it dubbed “Red October.” The well-designed malware had been in the wild, infecting its quarry, since 2007. But Red October was unique in that it targeted the computers and mobile devices of diplomats, government agencies, and state-run scientific research institutions, allowing its creator to abscond with sensitive—often classified—information. The identity of the perpetrator remains unknown, but in January Kaspersky said it had “no evidence linking this with a nation-state sponsored attack,” and suggested that it could have been the work of freelance hackers-cum-spies interested in selling the material to governments.