Abstract
Previous articles in this series have shed light on the evolution of Private Military and Security Companies (PMSC). Growing beyond the commonly held conceptions in academia and of the industry itself, PMSCs are involved in conflicts around the world. Used by both states and non-state actors, these companies are also branching out into other demographics and types of security. These include intelligence gathering and analysis as well as cyberspace, domains that are typically the preserve of states. The cyber realm has not only been populated by a number of private cybersecurity firms but also hackers-for-hire willing to strike anyone anywhere. Additionally, this article will briefly explore the emerging opportunities for PMCSs in Latin America and China. The purpose of the final article in this series is to underline ways in which PMSCs have expanded beyond their traditional remit into new markets, new capabilities and policy areas.
Keywords: Weapons, Military, Security, PMSC, Conflicts, Cybersecurity, Intelligence
By Nickolas Bruetsch
This final instalment of the Market for Force series will explore some of the non-traditional types of Private Military and Security Companies and the services they provide. The backbone of any use of force is intelligence as it informs where and how to use what resources [1]. While intelligence gathering and analysis is performed by humans, it is significantly supported by digital and technical means. As warfare expands into the digital domain, there is a market for defensive and offensive capabilities in cyberspace. The online world is not the only emerging market however as gaps in personnel, logistics and material are being filled by PMSCs around the globe.
Intelligence
Spying and intelligence gathering often conjure images of mythic figures like James Bond or George Smiley, seeking to find critical bits of information in the dark days of the Cold War. In reality, Intelligence is far more mundane. It is, however, fundamental in security and decision making. While state-backed intelligence agencies continue to play an important role in international politics, the past 40 years have seen a rise in for-hire intelligence firms [2]. Initially staffed by former public sector intelligence professionals, for-hire spy agencies have drastically grown in the post 9/11 security landscape [3]. These firms act in a similar fashion to conventional PMSCs and National Security and Intelligence commentator Tim Sharrock estimated that in 2013 approximately 70% of the yearly US intelligence budget went to private intelligence contractors, which equated to $56 billion [4]. This outsourcing of capability to what could be called mercenary spies raises questions of oversight and accountability. Sharrock presciently asks whether it is better for a government to spy on its citizens, or contractors with security clearances [5]? Damien Van Puyvelde highlights that, on the whole, public discourse about issues of oversight of private intelligence firms has led to more accountability and clearer management of spy-for-hire contracts in question.
Private Intelligence firms are not a uniquely American phenomenon. A host of private research firms have also sprung up in London. Parallel to employees of traditional PMSCs, many employed in corporate intelligence started their careers in the government, military or police. Instead of holding government contracts, many of these firms thrive on providing information to private customers. Private intelligence firms seek to fill the information and knowledge gaps of their clients [6]. Most of the work is a far cry from the hair-raising tales of James Bond or Ethan Hunt. Indeed, the bulk of it involves sifting through rubbish bins, trawling the internet, and creating lifestyle profiles of persons or organisations [7]. These firms do not exist solely in the United States and Great Britain, however many of the best-known ones such as Cambridge Analytica, Stratfor and Booz Allen Hamilton are based in the UK or US. In an increasingly digitised world, it is clear that this type of work will be highly sought after by both private cybersecurity companies and hackers for hire.
Cyber Space
Cybersecurity, like intelligence, has quickly become the domain of both public and private industry. An example of this was the Russian state-sponsored “Internet Research Agency” that made headlines in the 2016 US Presidential election when its methods and techniques were exposed [8]. In cyberspace, there are cybersecurity firms that offer defensive capabilities (e.g. Rapid7 and Crowdstrike), hackers-for-hire that specialise in offensive cyber activities, and offensive cyber companies (e.g. Phronesis).
In 2016, an Emirati human rights activist received a number of strange text messages about torture in state prisons. Further investigation revealed that the hyperlinks contained in the text messages would have hacked the phone and been used to spy on his communications and movements [9]. Shockingly the vulnerability in iPhones and the software to exploit it were discovered and created by a small Israeli private company. The government of the UAE used this and other companies’ products to spy on dissidents. This is not an isolated incident, as over 150 other individuals have been targeted using the same or similar software from the same firm.
In addition to private cybersecurity firms, hacker-for-hire groups are akin to offensive cyber mercenaries. While there are undoubtedly many such groups, the following two highlight some of the capabilities available in the murky realm of cyberspace. The first of these is DarkBasin, a cyberespionage firm that was purportedly based in India and was suspected to have worked on behalf of ExxonMobil and Wirecard. DarkBasin used Open-Source methods and phishing (a type of fake email that compromises a computer or a network) to target high profile court cases, companies, journalists and advocacy groups [10]. While its success rate is unclear, DarkBasin was able to misuse the credentials and personal details of a number of its targets and gain access to emails and other sensitive information[11]. The second has been dubbed Decepticons, a Russia-based group that specialises in stealing business secrets and financial information [12]. The group has since been renamed DeathStalker by Kaspersky and targets law firms, business and financial tech companies in Europe and the Middle East. Neither organisation has relied upon the technically complex and expensive “Zero-Day” exploits (a technical vulnerability that no one is aware of until it is utilised). It is unclear who commissioned Dark Basin and Decepticons but considering their targets, one might speculate at corporate and state sponsorship respectively. Cyberspace is an ever-growing market, and with this growth so too grows the potential increase in hacker-for-hire groups [13]. The European cybersecurity market is expected to grow by 10% by 2025. In the UK alone, the number of cybersecurity firms grew by 21% between 2020 and 2021 [14] [15].
These cases highlight two important shifts in paradigms of the use of force in the cyber domain. First, the entry barrier for cyber weapons is very low, and there is a multitude of private firms offering a range of services [16]. This allows comparatively weaker or less wealthy states to act on an equal playing field with more powerful states like the United States, Russia and China. Second, cyber actions are by nature nebulous. Anyone with very little means or expertise can be a cyber actor, and so pose a significant threat to states and organisations.
Emerging markets
Cyberspace is not the only domain that has created new opportunities for PMSCs and other for-hire service providers. Several PMSCs recruit in Latin America, notably in Colombia and Peru. Colombian recruits are valued for their experience combatting The Revolutionary Armed Forces of Colombia (FARC) and have been employed by the UAE to fight in the ongoing conflict in Yemen [17]. In Peru, the Peruvian army signed a contract with the American PMSC Triple Canopy. Under the terms of the contract, the Peruvian Army trained and provided recruits to the PMSC [18]. These guns-for-hire were then sent to Iraq and only paid $1000 a month [19]. Despite the controversial nature of mercenaries, this episode of exploitation opens new questions about PMSCs and their employees.
Another emerging market is best showcased half a world away in China, where private arms companies are furnishing the People’s Liberation Army with high-tech equipment in one of their most inhospitable theatres. High up in the Himalayan mountains, the Chinese soldiers are using state-of-the-art uniforms, drones, and anti-drone guns [20]. All of the systems being supplied are specially designed for the harsh conditions of Tibet and will provide a distinct advantage to Chinese forces operating in the region [21]. Companies that specialise in manufacturing this sort of equipment could very well expand, as it is cheaper for both states and PMSCs to invest in specialist equipment instead of producing it en masse or buying second-hand respectively.
Be it intelligence and information gathering, hacking and providing cybersecurity, or exploring and exploiting new markets and new opportunities, the future of warfare will continue to involve both public and private actors. The non-traditional aspects of PMSCs reviewed here will only continue to evolve and develop alongside technology and profit margins.
As mentioned at the beginning of this series [22], the purpose of these articles is not to define or solve the re-emergence of PMSCs on the international stage. Instead, it aims to shine a light on some of the facets of the modern mercenary company: what they do, where they operate and what impact they have. PMSCs and the privatisation of warfare will doubtless continue to provide room for research, journalism, and policy debates.
Sources:
[1] Michael Warner, “The divine skein: Sun Tzu on Intelligence,” Intelligence and National Security, 21, 4. (2006). https://doi.org/10.1080/02684520600885624
[2] Tim Sharrock, Spies for Hire: the secret world of intelligence outsourcing (New York: Simon & Shuster, 2008), 67.
[3] Damien Van Puyvelde, Outsourcing US Intelligence (Edinburgh: Edinburgh University Press, 2019), 76.
[4] Tim Sharrock, “Put the Spies Back Under One Roof,” New York Times, June 17, 2013, https://www.nytimes.com/2013/06/18/opinion/put-the-spies-back-under-one-roof.html.
[5] Ibid.
[6] Luis Ramirez, “London’s Spy Industry thrives in Private Sector,” Voice of America, February 10, 2017, https://www.voanews.com/europe/londons-spy-industry-thrives-private-sector.
[7] Ibid.
[8] Andrew Dawson and Martin Innes, “How Russia’s Internet Research Agency Built its Disinformation Campaign,” The Political Quarterly, 90, no. 2 (Summer 2019) 1-2. https://www.voanews.com/europe/londons-spy-industry-thrives-private-sector.
[9] Bill Marczak and John Scott-Railton, “The Million Dollar Dissident,” Citizen Lab, August 24, 2016. https://citizenlab.ca/2016/08/million-dollar-dissident-iphone-zero-day-nso-group-uae/.
[10] John Scott-Railton, Adam Hulcoop, Bahr Abdul Razzak, Bill Marczak, Siena Anstis, and Ron Deibert, “Dark Basin,” Citizen Lab, June 9, 2020. https://citizenlab.ca/2020/06/dark-basin-uncovering-a-massive-hack-for-hire-operation/.
[11] Ibid.
[12] Catalin Cimpanu, “Kaspersky: New hacker-for-hire mercenary group is targeting European law firms,” Zero Day Net, July 29, 2020. https://www.zdnet.com/article/kaspersky-new-hacker-for-hire-mercenary-group-is-targeting-european-law-firms/.
[13] Tulane University. 2021. “Four Reasons the Cybersecurity Field is Rapidly Growing.” https://sopa.tulane.edu/blog/four-reasons-cybersecurity-field-rapidly-growing.
[14] Mordor Intelligence. 2021. “Europe Cyber Security Market - Growth, Trends, COVID-19 Impact, and Forecasts (2021 - 2026).” https://www.mordorintelligence.com/industry-reports/europe-cyber-security-market.
[15] Sam Donaldson, David Croizer, Jayesh Navin Shah and Jamie Douglas, “UK cyber Security Sectoral Analysis 2021,” HM Government, Department for Digital, Culture, Media & Sport, 2021. https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/962413/UK_Cyber_Security_Sectoral_Analysis__2021_.pdf.
[16] Dorothy Denning, “Barriers to Entry: Are they Lower for Cyber warfare?,” IO Journal, April 2009. https://calhoun.nps.edu/handle/10945/37162.
[17] Jeremy Bender, “The United Arab Emirates has deployed a team of Colombian mercenaries to fight in Yemen,” Business Insider, December 1, 2015. https://www.businessinsider.com/uae-deployed-colombian-mercenaries-to-yemen-2015-12?r=US&IR=T.
[18] Emilio Paz, “For a fistful of Dollars,” Progreso Semanal, July 15, 2011. https://web.archive.org/web/20110715120724/http://www.progresoweekly.com/index.php?progreso=Emilio_Paz&otherweek=1134021600.
[19] Ibid.
[20] Liu Xuanzun, “Private arms firms equip PLA with intelligent equipment for better border defense,” Global Times, November 2, 2020. https://www.globaltimes.cn/content/1205362.shtml.
[21] Ibid.
[22] Matthew Sutherland, “Market for Force: The Emerging Role of Private Military and Security Companies,” The Security Distillery, March 17, 2021. https://thesecuritydistillery.org/all-articles/market-for-force-the-emerging-role-of-private-military-and-security.