Cyberspace favours the attacker. The cyberguerrilla is able to mask their electronic identity in a cyberspace that changes constantly. New systems mean new vulnerabilities. Firewalls & intrusion prevention systems will thwart only so many attacks. Defenders must be right all the time; the attacker, only once. Negligence with portable drives, outdated virus protection, compromised passwords, wireless code insertion, physical breach, social engineering, & dozens of other exploits are commonplace & regularly open the door to an attack. Socalled realworld barriers have no counterparts in cyberspace. Neither electronic nor air-gapped barriers offer sanctuary. As long as a device contains a processor & some memory, it can be accessed, affected & controlled. Thus, it is important to understand that the defender’s main strategy often lies in their response after an attack has already occurred; or “active defence” (offensive action) in anticipation of attacks that have not yet occurred. Despite appearances, as in the “realworld” no cyberattack is immune to countermeasures, given adequate resources. (It must be assumed that such countermeasures won’t be restricted by jurisdiction: in any kind of guerrilla action no tactical value can be placed upon the supposed asymmetry of “legal process,” unless as a last resort.) Thus, as in “realworld” guerrilla warfare, every cyberattack must be prepared within a larger strategy of CONTINUOUS EVASION.



What can be done once can usually be done again. By stealth & “elegance” of design & execution, cyberguerrilla actions can accumulate in such a way that their true character will remain unrecognised & uncommunicated, & may thus be perpetuated in a broad configuration. While every impression should be given that attacks are isolated & opportunistic incidents, ideally they should be coordinated in such a way as to be amplified in larger logistical & control systems: electrical grids, financial systems, air & rail transport, shipping, distribution centres, water & sewage systems, even GPS. The motivation for cyberguerrilla actions cannot be “spectacular.” Excepting material verification (blackouts, downed networks, etc.), it must be assumed that state & corporate defenders will veil even the fact of attack in secrecy, unless it is advantageous or unavoidable for them to do otherwise. “Outing” the enemy’s vulnerabilities is nevertheless of dubious tactical value & of short-lived effect: indeed, the actual frequency of such occurrences has had no other consequence than to routinise both the systems of defence & the public’s (i.e. market’s) response. The pursuit of spectacular actions has, in general, the consequence of negating an integrated strategy & diminishing the likelihood of success in executing actions of a more substantial, further-reaching nature. Spectacularism has been the most frequent downfall of guerrilla operations. For this reason, but not only for this reason, NO CYBERGUERRILLA ACTION SHOULD EVER BE PUBLICLY “CLAIMED.”



It is an often-repeated truism that cyberattacks are self-defeating, since they call into being the very means of overcoming them. Yet institutional & organisational inertia often mitigates against the effectiveness of such means. And just as with purely technical responses, the inter-governmental & corporate intelligence-sharing that frequently proceeds in a knee-jerk fashion following such attacks often PRODUCES NEW VULNERABILITIES. For this reason, the most effective responses to cyberguerrilla actions are often restricted to classic indications techniques rather than to Big Brother panopticism. While the tendency of the Corporate-State Apparatus is nevertheless to aggregate its responses into a “dynamic defence,” this can have the effect of amplifying the institutional inertia it is designed to overcome into broader systemic perturbations of which it is unaware. It remains an important tactical consideration of the cyberguerrilla, then, to determine how a limited action might be used to cause a system to more profoundly COMPROMISE ITSELF.



The consensus view is that the “threat of & opportunity for real damage from cyberspace is increasing,” yet this is only a measure of the ambitions of the Corporate-State Apparatus to fully integrate all aspects of everyday life into its control structures. This “threat,” therefore, represents the degree of in-built crisis on which the increasing degrees of that control are justified. “Cyberspace is a domain & a global commons whose reach is being constantly expanded by wired, wireless, & sneaker-netted connectors. Everything from home thermostats to the critical infrastructure that is vital to daily life (water, power, manufacturing) is within its reach. It is ‘shared by all’ & dominated by none” (RAND). But there is nothing at all neutral about the terrain of cyberspace. Nor are these “threats” in any way the existential risk a supposedly benevolent Corporate-State Apparatus pretends them to be, but rather a low-level attrition in what is otherwise an active battlespace. The task of the cyberguerrilla is to determine what is NOT being represented in this threat-assessment – which, far from describing a forced move, is in fact a calculation-in-advance in the larger struggle for CYBERSPACE DOMINATION. Thus the cyberguerrilla is not only tasked with exploiting the vulnerabilities of the cybernetic supply chain, but of the GENERAL SITUATION arising from the expanded hegemonic struggle that drives it. By such means does the true nature of the Corporate-State Apparatus come more clearly into view as the very architecture of that struggle itself.



Invisibility is the prime consideration. Techniques of coordination & communication are key to the success of any cyberguerrilla action, & must be given equal consideration as to the action itself. Rapid communications evolutions favour small, agile groups able to quickly leverage technological advancements against the Corporate-State Apparatus’ advantage in material, financial & technological resources. Increasingly this advantage is restored through the analysis of newly conventionalised modes of communication, designated broadly as social media. “The growth of social media as an effective data source for understanding the information environment has made it more important than ever for the U.S. military to develop a robust capacity for social media analytics in support of information operations” (RAND). It must be appreciated that all public communication concerning cyberguerrilla actions – wherever there is a transmissible record or log of any kind – ultimately occurs in the domain of social media, thus providing intelligence about time-frames, demographics, organisational structure, areas of activity, network reach & psychological profile. “Geotagged posts can supplement social media analysis, helping identify the geographic spread of ideas or areas of particularly strong or weak support for a cause, group, or idea. Network analysis provides additional potential benefits in planning efforts to promote or counter the spread of specific ideas or information. Analysing the data generated by social media posts against metadata & the demographics of users associated with the accounts can help identify influencers in a social network. Image classification algorithms can aggregate & describe the kinds of images shared on social media, which, when analysed alongside other data with geoinferencing & mapping software, can visualise changes in local populations preferences & attitudes” (RAND). Yet these means can also be used in the planning & execution of cyberguerrilla actions against elements of the Corporate-State Apparatus.



The semantics of cyberguerrilla action must remain indecipherable. Both the true nature of the action & its intent must remain opaque before, during & after. Wherever possible, all visible patterns of activity should be randomly distributed or concealed within a general background noise. Increasingly, social media data is representative of entire populations (cognitive, informational, physical) – with the consequence that conspicuous absence from media platforms can be as indicative as conspicuous presence. Where social media presence is employed e.g. for disinformation, it must therefore be conscientiously desynchronised from all cyberguerrilla activity while simultaneously presenting a false picture. In their most basic form, maps of individual user-relationships & interactions on social media platforms can be used to identify members of a cyberguerrilla cell. Researchers have been able to detect nuances in the dynamics of interpersonal networks by analysing the information posted by users on these platforms. Similar means, however, can be used to target security operations themselves by discovering human & infrastructural vulnerabilities via the unsecured circulation of sensitive online data & metadata (e.g. geotags automatically embedded in photos taken with mobile devices are visible in social media uploads, etc.). In this way the enemy’s “active defence” may be turned to advantage by combining counter-analysis & the construction of persuasive decoys. The use of such decoys need not be restricted to the task of evasion in the planning, execution or aftermath of cyberguerrilla actions, but can also be means of attack in & of themselves.



It is necessary to understand the security culture & logic of the enemy. Above all, it is necessary to understand how mitigation strategies & defence systems are segmented, & where automated & manual systems meet or overlap in the “cyber kill chain” (early warning, inbound-protect, activity detection, outbound-protect, etc.). It is also necessary to understand the history & logic of cyberwarfare itself. Nothing must be left to assumption. This means pursuing a close analysis of the prevailing financial, heuristic & effects-based models of cybersecurity in relation to critical infrastructure (RAND, Lockheed Martin, Goldman Sachs, GCHQ, NSA, the Australian Signals Directorate…) as well as identifying those technical limitations to be exploited. Such analysis is the task of every cyberguerrilla. Ultimately, this should be undertaken with a view to planning cyberguerrilla actions that, wherever possible, can be automated & made fully autonomous, on the model e.g. of a Generative Antagonistic Network. The CYBERGUERRILLA CONCEPT aims to expand the asymmetrical domain of cyberguerrilla action by decoupling its operations from identifiable “realworld” actors – employing weapons capable of analysis & organisation, & of exercising initiative in offence, & which ideally leave no trace.







































Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s