The recent thread on HN about the U.S. Navy advertising for zero days, along with stories about Kremlin-funded trolls and government-adjacent hacking groups, has me thinking more and more about the role of non-state actors in the world of international cybercrime and espionage.<p>Although it's all semantic, it seems like in the scramble for technical talent, governments aren't just contracting with third-party companies anymore, they're actually beginning to approach individuals, or (as in the Navy's case) openly solicit for offensive software or exploits from whoever's capable of providing them.<p>It also seems like there's a growing willingness in countries like Russia that openly defy international law to informally sanction state-sponsored cybercrime ("We don't care who you target, as long as they're foreign"). Then there's the shell game of plausible deniability that countries like China get from using non-state outfits that they can then distance themselves from.<p>I guess that's the "privateer" part that interests me so much and distinguishes these phenomena from just basic HR. Countries seem to be openly embracing the possibility for talented amateurs to unilaterally prey upon the enemies of the state.<p>What do you think HN? For citizens of the world, do you see evidence of your country supporting this model of cybersecurity / operations? Is this a growing dynamic, or just the result of a critical infosec talent shortage?
I don't see that anything has changed for states in the cybersecurity space. Third-party companies are equivalent to individuals. Governments have always had proxy companies for cybersecurity as well.