Instead of prosecuting elite computer hackers, the US government should recruit them to launch cyber-attacks against Islamist terrorists and other foes, according to a leading military thinker and government adviser.
The brilliance of hacking experts could be put to use on behalf of the US in the same way as German rocket scientists were enlisted after the second world war, said John Arquilla, a professor of defence analysis at the US Naval Postgraduate School in Monterey, California, in an interview with the Guardian.
He said that the US had fallen behind in the cyber race and needed to set up a "new Bletchley Park" of computer whizzes and codecrackers to detect, track and disrupt enemy networks. "If this was being done, the war on terror would be over," he said.
Arquilla, who invented the term cyberwarfare two decades ago, said a few master hackers had already been recruited but more were needed.
"Let's just say that in some places you find guys with body piercings and non-regulation haircuts. But most of these sorts of guys can't be vetted in the traditional way. We need a new institutional culture that allows us to reach out to them."
"I think it's ridiculous. They're trying to use deterrences that won't work."
Arquilla, who advised General Norman Schwarzkopf during the first gulf war and secretary of defence Donald Rumsfeld during the second, estimated there were around 100 master hackers in the world, with many, if not most, in Asia and Russia.
He had established contact with several in the US – "they are like shy woodland animals" – and even brought one to meet the CEO of a major company to alert him to his information system's vulnerabilities. The executive, scornful at first, was stunned when the hacker broke into the system with a handheld device in just a few minutes. "All hell broke loose," said Arquilla, who declined to identify the company.
The Pentagon and other security agencies must exploit that sort of ability, he said. "This is huge human capital. They are the rangers of the cyber sphere. Most of them are drawn to it for its beauty and complexity." Few had overt political agendas, but they could be turned into patriots. "Most of the hackers I have known would love to destroy al-Qaida."
The Naval Postgraduate School has close links with the special forces and gives masters and PhD courses to officers from across the services. Arquilla, a contributor to Foreign Policy, is a former director of the Pentagon's Information Operations Center for Excellence. He was also a consultant on the 1995 cyber thriller The Net, starring Sandra Bullock.
The veteran analyst said al-Qaida's loose, decentralised organisational structure had flummoxed the US a decade ago, and that under strategist Abu Musab al-Suri it would become even flatter and looser, impeding traditional counter-terror efforts. The movement, however, was vulnerable. "This global network simply can't thrive without the world wide web and internet. It can't operate without it, or if it does, at a greatly reduced level."
The professor stressed that cyber operations, like air campaigns, could not win wars on their own. Unlike some thinkers he did not fear a major "cyber-Pearl Harbor" attack on the US, saying that the risk was instead small, multiple attacks costing hundreds of billions of dollars.
Hacking, he said, was most effective when incorporated into wider military strategy. The Russians, he said, pioneered this during the August 2008 conflict with Georgia when cyber-attacks sliced through US-designed technology "like a knife through butter", disrupting Georgian forces and paving Russia's quick victory.
Moscow denied mounting cyber operations, and their provenance was never discovered. But Arquilla said "Russian-aligned interests" successfully attacked Estonia's networks during a diplomatic row in 2007. "It's all veiled, but the real leaders in the field are the Russians." China and North Korea were also highly sophisticated. "They understand the strategic uses."
Arquilla compared computer firewalls to the Maginot line – France's failed defence against Germany – and urged US state agencies and companies to use strong encryption and cloud computing to keep data on the move. "The level of insecurity is huge. The average individual is a zombie in some hacker's botnet within half an hour of going online."
He accused the Pentagon and its political masters of wasting billions on pointless aircraft carriers, tanks and planes at the expense of nimbler, leaner strategy. "Militaries often take time to adapt. Think world war one and generals using Waterloo tactics."