Background: Brief History of North Korea

Following World War II, the international order was divided over the ideological governance styles and practices of democratic capitalism and communism. Particularly, the U.S. a capitalist state wanted to promote democracy and capitalism globally, whereas the Soviet Union sought a communist world order. Although the U.S. and USSR were in a strategic competition for global dominance, they never once formally engaged in a hot or live war with one another. However, throughout the Cold War, the U.S. and the USSR fought combatively via proxy conflicts. Among the very first of these proxy engagements was the Korean War. After WWII, the Korean Peninsula, which was once a unified nation, had been divided into a communist northern state known as the Democratic People’s Republic of Korea (DPRK), and a democratic, capitalist, southern state, the Republic of Korea (ROK). During the war, China sent two million soldiers along with the Soviet Union’s logistical support to aid the DPRK, whereas the ROK was primarily reinforced by the U.S. In June of 1950, due in part to the influence of the PRC and the USSR, the DPRK crossed the border and invaded its southern neighbor, intending to establish a unified communist Korean nation. The Korean War, which lasted three years, saw horrific casualties and fatalities on all sides. Ultimately, upon the signing of the Korean Armistice Agreement, the war concluded, and a demilitarized zone was established between the North and South along the 38th Parallel. After the war, North Korea followed a far different trajectory than the Republic of Korea. Whereas the South experienced significant economic growth, the North was beginning to shield itself from the outside world, creating a “hermit kingdom” according to professor Mitchell Lerner of The Ohio State University, among many other experts.

 North Koreas Acquisition of Nuclear Weapons:

Beginning in the 1950s, Kim Il-Sung repeatedly emphasized the imperativeness of a ballistic and nuclear weapons program for the DPRK, as it would prevent North Korea from lagging too far behind the South. However, since 1950, the DPRK has been significantly impacted by severe U.S. and international sanctions for human rights abuses and failures to comply with international laws. Furthermore, the U.S. in addition to many Western countries has recently levied strict sanctions against the DPRK for cyber-crime offenses. Under the harsh leadership of North Korea’s first ruler, Kim Il-Sung, the DPRK actively sought methods of securing funding for a ballistic and nuclear missile program. Specifically, the DPRK frequently employs various illicit methods to circumvent the tight sanctions placed by the international community. Ultimately, the DPRK, according to many experts, wants nothing more than to ensure its continued existence and that of the Kim dynasty. Fast forward to 1984, and under Kim Il-Sung, North Korea test-fired its very first missile. Undoubtedly the employment of nuclear and conventional weapons was championed by not only Kim Il-Sung but his son Kim Jung-Il and grandson, Kim Jung-Un (KJU). However, of the three DPRK leaders, none have taken a greater interest in advancing the DPRK’s missile program than its current leader, KJU. Specifically, KJU has placed a great deal of emphasis on science, technology, engineering, and math as well as emerging technologies to advance the DPRK’s national agenda. The U.S. and the international community writ-large have condemned the DPRK’s military, scientific, and technological advancements and have issued strong sanctions against the North Korean government. 

North Korea’s Illicit Financing of its Missiles Program:

While the PRC, in violation of international sanctions, provides North Korea aid through cargo shipments, along with other measures, these means don’t outright provide the DPRK with enough capital to fully fund its desired missile program. Therefore, the DPRK utilizes several illicit activities to finance and grow its missile program. Particularly, the DPRK engages in the manufacturing and distribution of illegal narcotics manufacturing and the sale of counterfeit goods, trafficking arms globally, and producing and selling counterfeit currency. Yet, among the DPRK’s most recent lucrative financing activities for its missile program, has been its global hacking and malware campaign. Last year it was reported that the DPRK had stolen nearly $400 million worth of digitized assets from seven different attacks on various cryptocurrency platforms.  This is a significant development and should raise serious concern among states globally. According to some North Korean and national security experts, the DPRK likely goes after cryptocurrency as it is far less regulated than other forms of hard-copy currency, and thus it is easier to manipulate and bypass foreign sanctions. A recent United Nations investigation also determined that North Korea has stolen and continues to steal cryptocurrency to further finance its missile program. Yet, this all goes without stating the obvious, the DPRK is strictly prohibited by the UN from testing ballistic and nuclear missiles, let alone developing them. To be clear, it is not as if, the international community is “out to get the DPRK”, and therefore is prohibiting their acquiring of ballistic and nuclear missiles. Thus, it is inconsequential if the DPRK finances its missile program through legal or illicit means, simply financing it, to begin with, is in violation of sanctions. The DPRK both through its rhetoric and actions has proven its desire and capability to use asymmetric weapons systems against the U.S., RoK, and U.S. interests globally. Although the western media frequently discusses the DPRK missile threat and covers each test closely, there is a legitimate reason for concern. 

The employment of sophisticated offensive cyber measures by the DPRK is hardly a new tactic. Most notably, upon the release of the Sony Pictures film “The Interview”, DPRK launched an intrusive cyber operation against the Sony Corporation, leaking highly sensitive personally identifiable information. As I mentioned previously, the DPRK is extremely isolated from the rest of the world, and its citizens do not have access to the internet. Thus, this begs the question of how the DPRK can launch successful cyber-operations against the rest of the world? According to some experts, while the DPRK has limited internet access in its capital of Pyongyang, the PRC is complicit in allowing DPRK cyber military operators to come across the border and utilize China to launch attacks on its various targets. As with assisting the DPRK in evading sanctions, the PRC is highly culpable in its assistance efforts with the DPRK in cyberspace. However, the PRC has its reservations, as it greatly fears that an unstable DPRK could flood millions of North Korean refugees into China, which China lacks the resources or infrastructure to support. Beyond hacking operations, the DPRK has long employed ransomware attacks to assist in funding its missile program. Specifically, the WannaCry attack in which the DPRK targeted computers and servers running Windows operating systems, ultimately demanding ransom payments in Bitcoin. For the DPRK its global cyber ransomware operations are highly lucrative. According to the U.S. Department of Justice (DoJ) between 2015-and, 2019 DPRK ransomware hackers attempted to steal roughly $1.2 million from banks in Vietnam, Bangladesh, Taiwan, Mexico, Malta, and Africa. Moreover, according to the WIRED, DPRK secured $80 million by “tricking” a network into re-routing funds. Additionally, the FBI recently reported that North Korea stole more than $600 million in cryptocurrency, from a single hacking operation. This is a critical development as it demonstrates that the DPRK is continuing to use hack and steal operations to generate significant revenue.

Recommendations

While the international community has levied strict sanctions against North Korea, the DPRK has consistently demonstrated its formidability in cyberspace as one of the preeminent state cyber threats that the U.S. faces. However, given the nature of where cyber operations occur, there is a strong likelihood that the U.S. has been effectively thwarting the DPRK in cyberspace, though the public will never know. Thus, it is difficult to evaluate how the U.S. is doing countering North Korea’s cyber threats and illicit financing campaigns. For example, when a bomb is dropped on a target, reporters can verify that. However, due to cyber operations taking place, mostly, outside of public view, little if any substantial reporting exists to confirm such activity. Yet, after the Sony hack, it has been reported that DPRK’s internet was cut, seemingly by the U.S. and its partners. Therefore, I would suggest that the DoJ, “name and shame”, the DPRK attackers, publicly indicting them on charges. Particularly, the process of openly outing hackers is critical as many enjoy life in the shadows and will stop once they have been caught red-handed and put in the public eye. Furthermore, I recommend that the Five Eye intelligence allies actively degrade and disrupt the operating networks and information systems affiliated with the DPRK attacks. Although such an aggressive maneuver may complicate relations with the PRC, the West must take greater action against the DPRK. Furthermore, Lastly, I would advise that the U.S. financial crimes enforcement network utilize targeted sanctions to freeze the DPRK’s financial assets and that of Worker’s Party members and high-ranking North Korean military officials. While the threat from the DPRK will not dissipate any time soon, the U.S. government, international partners, along with the private sector must continue to publicly discuss DPRK’s illicit financing, while actively thwarting such activities.

In the world of international relations theory, anarchy plays a large role in the way states interact with one another. Theorists have spent decades theorizing the best way to prevent security dilemmas, encourage cooperation, and promote intercultural understanding on the world stage. Similar to the international stage, cyberspace has its own defining problem that influences its actors: the attribution problem. There are three main elements contributing to the attribution problem that, if left unaddressed by the international community, will result in the deterioration of the cybersecurity environment. These include the increasing number of actors within cyberspace, the introduction and usage of cyber proxies, and the reluctance of major cyber powers to address the attribution problem. As long as the attribution problem remains unsolved and cyberspace remains ungoverned, the cybersecurity environment grows ever closer to unmitigated anarchy.

The attribution problem is well-known, as it has plagued the cybersecurity community for years. Cyber operations are fundamentally low-risk due to their covert nature; it’s difficult to accurately locate the source of a cyber attack in time to stop the attack and identify the perpetrator. This means that actors are more willing to use cyber attacks against other actors for their own personal gain because the chances of their actions being accurately attributed to them are low. Although attributing cyberattacks is possible, it is very labor and resource-intensive. Thus, only major cyber powers have the capability to identify the source of cyberattacks. Furthermore, these major cyber powers will only out the perpetrator of an attack if it lies within their interests. This inability--or unwillingness--to create accountability in cyberspace is the core element of the attribution problem. 

Every actor within cyberspace uses the attribution problem, whether intentionally or not. This becomes problematic as more and more actors access cyberspace and begin using cyber operations to gain power and influence. For actors, the low-cost, low-risk nature of cyber operations makes them an attractive alternative to investing in traditional defense systems. As more actors without strong conventional militaries develop cyber capabilities, their power and presence within cyberspace grow. This power allows them to conduct cyber operations and, using the attribution problem, avoid consequences for any actions that are considered to lie outside of international norms. As more cyber operations remain anonymous, more actors grasp for power and the cybersecurity environment deteriorates.

Experts also posit that the increasing number of actors gaining power within cyberspace will decrease the imbalance of power in cyberspace. This hierarchy was established after World War II and was reinforced by the United Nations Security Council to govern the international community and ensure accountability. The hierarchical placement of actors within cyberspace isn’t based upon the hierarchy of the international world order; it’s based on the capabilities of different actors. This allows the hierarchy to flatten as more actors achieve the same level of capability as others, evening the playing field and granting actors without traditional means to project power to gain influence on the world stage. With the hierarchy flattened, cyberspace becomes harder to govern as actors use the attribution problem to conduct operations without consequence. This effect can be seen as actors with a small--or nonexistent--traditional defense system become major powers within cyberspace, such as Estonia and the Ukrainian hacktivist network, the Cyber Alliance.

The only way to reinforce the hierarchy is for the major cyber powers to create norms that would hold actors accountable within cyberspace. The traditional leaders of the international community, China, Russia, and the United States, are also considered the greatest cyber powers. They could, rather easily, create norms that would hold actors accountable for their actions within cyberspace and mitigate the effects of anarchy and the attribution problem. They are, however, highly unlikely to do so. Major cyber powers are not only the most influential states in the world but are also the states most likely to benefit from anarchy and the attribution problem within cyberspace. If cyber powers advocated for constraining norms within cyberspace, they’d be restricting their own capabilities, which is naturally against their interests. This dilemma is similar to the one faced by the international community during the creation of the liberal world order after World War II; however, the usage of cyber proxies has introduced a new aspect to this familiar problem.

The unwillingness of cyber powers to pursue attribution is best observed through the existence and usage of cyber proxies. Cyber proxies are individuals or groups of people who are contracted by cyber powers to conduct technical operations, such as data-mining and network infiltration, within cyberspace. Using cyber proxies to conduct operations is not only cost-effective, but it also complicates attribution. If a cyber power wants to conduct a cyber operation that they feel could have great consequences should a competitor choose to pursue attribution, they can outsource the operations to cyber proxies and redirect blame and attention. Russia has done this in multiple cases, including the 2014 annexation of Crimea and the 2016 DNC hacks, by claiming that all of the information warfare operations were simply conducted by “patriotic hackers” who had no connections to the Russian government. Although the U.S. Intelligence Community strongly suspects that Russia's intelligence agency contracted these hackers to conduct their cyber operations, it is far too difficult to find the connection between the government and the hackers to create a case against them. By using the attribution problem to their advantage, cyber power can conduct operations with few consequences and cyber proxies gain access to power and influence within cyberspace.

As non-state actors, cyber proxies are not subject to the same limitations as states. They can pursue their interests without justification and, more importantly, have no agency in the eyes of the international courts. Agency, or legal standing in the international justice system, is primarily afforded to states according to their relation to the United Nations. UN member states have agency, as do the organizations housed by and affiliated with the UN. Even if the international community were able to overcome the attribution problem and accuse a cyber proxy of conducting illicit cyber operations, actors without legal standing cannot be held to the same standards as states who do have legal standing and cannot be tried in an international court. International organizations such as the United Nations could attempt to create international laws that would govern cyberspace, but they wouldn’t be effective as they wouldn’t be applicable to non-state actors. Instead, the international community should focus on creating norms that would mitigate the effects of the attribution problem and promote accountability within cyberspace.

So far, governance of cyberspace has been a largely “bottom-up” endeavor, with individual actors within cyberspace using their power and influence to set guidelines of what actions are and are not acceptable. These guidelines, however, are different for every actor and only followed by the actors who set the rules themselves. Actors with less advanced cyber capabilities don’t have the same limitations as major cyber powers. However, major cyber powers have the ability to employ cyber proxies to overcome these limitations. Additionally, cyber proxies can avoid consequences altogether, as private actors can’t be held to the same standards as states and international organizations. Each different type of actor within cyberspace uses the attribution problem to further their own personal interests, to the detriment of the cybersecurity environment. Without a comprehensive and all-encompassing set of norms that forces all actors to be confined to the same rules, anarchy and the attribution problem will continue to define cyberspace.

After the 2016 U.S. presidential elections, every American became more aware of the importance of cybersecurity. More notably, they became aware that foreign actors were interfering in American politics. The country became more divided with every mention of Russia, and the effects of the Russian hack can still be felt in the polarized political environment to this day. What most Americans didn’t know was that a few months later, British cybersecurity authorities voiced their concerns that Russian bots and fake social media accounts had influenced the outcome of the Brexit referendum. After some examination, the link between the two situations became clear: both were information warfare operations conducted by Russian hacktivists.

“Hacktivist,” a term first used in 1989 by the hacker “Omega," defines an individual who conducts cyberattacks against private computer networks to further a political goal. They are generally unaffiliated with government entities and often use their skills to defy the actions of the state. Hackers first emerged in the late 1980s  to seek profit from their operations. Modern hackers are decidedly different, having arisen not from the desire for money, but the desire for change. They are activists that can have immense impacts upon a state or community. Hacktivists are credited with assisting the 2010 Arab Spring movement by attacking Tunisian government websites, and were an essential component to revealing the billions of dollars tied up in the “Panama Papers.” International coverage of these successful hacktivist operations has resulted in a noticeable rise in hacktivist activity all over the world. 

In addition to these cyber vigilantes, some hacktivist groups tend to operate in support of their state’s foreign policies. Some countries, such as Iran, North Korea, and China, have outsourced their cyber operations with limited success. Russia has also hired private actors to conduct cyber warfare against their cyber adversaries; unlike the groups in the other states mentioned, Russian hacktivists have been incredibly successful in their cyber operations, and are considered to be among the best hackers in the world. Where most hacktivist groups operate independently or receive some corollary funding from a discreet government agent, many Russian hacktivist groups are highly suspected to be associated with the security and information arm of the Russian government, the Federal Security Service (FSB).

According to Connell and Vogler in their paper “Russia’s Approach to Cyber Warfare”, Russia has specifically adjusted their cyber strategy so that independent hacktivist groups may play an incredibly large role in Russian information warfare. They are cost-effective (sometimes hackers will conduct operations free of charge, as long as the motivation or political goal aligns well with their interests), require little to no oversight (they operate independently and only require a target and desired effect), and have an incredibly high success rate. They can spread propaganda or disinformation, conduct a Distributed Denial of Service (DDoS) attack on a target website, create Trojans and malware, steal financial information, and store illegal or stolen information discreetly (learn more about these attacks here).

On numerous occasions, the Russian government has claimed that they played no part in cyber-attacks against other countries. The attribution problem, which has arisen from the tendency for cyber operations to be quick, discreet, and difficult to track, has prevented the international intelligence community from accurately finding the culprit of cyber attacks for many years. Hiring hacktivist groups to conduct operations for the FSB allows the Kremlin to order these attacks without repercussions on the international stage. When accused of actions of cyber warfare, they often assert that “patriotic hackers” were responsible. Although the international security community highly suspects the FSB has been contracting these hacktivists to conduct operations on their behalf, definitive proof of a connection is incredibly difficult to find. Communication with hacktivist groups is conducted through various platforms on the dark web, and payment can be completed through e-payment platforms such as Bitcoin. Thus, this tactic has proven to be incredibly effective. Hacktivists played a major role in the Russian attacks against Georgia, Ukraine, and the United States. The very first operation in which cyber attacks were a complementary component to a larger kinetic conflict would not have been so successful if Russia had not hired hacktivists.

The Georgian Conflict

The Russo-Ossetian war is well-known in the security community as the first conflict in which cyber operations were used to complement a larger kinetic conflict. The conflict began after years of negotiations regarding the sovereignty of the territories of South Ossetia and Abkhazia, both claimed by Georgia, broke down. This resulted in the armament of separatist groups, who received funding and weapons from Russia, and Russian military movement into both regions. Throughout the conflict, armed combat was accompanied by DDoS attacks against websites vital to the communications network of the Georgian government and military. Since the international security community was unable to discern the exact origin of the DDoS attacks, the Russian government denied responsibility for the actions and instead blamed the attacks on Russian hacktivists. Additionally, the hacktivists were employed to conduct an intensive disinformation campaign within the region; fake websites and social media accounts spread propaganda and misinformation regarding the nature of Georgia’s role in the conflict. As a result, the international community--and, more importantly, the citizens of the region--had no reliable account of what was happening until the conflict had already ended. A lack of definitive proof that the Russian government was involved in these cyber attacks and a general misunderstanding of the nature of the conflict allowed Russia to avoid punishment. Having witnessed the strain that Russian cyber attacks can have upon a government in a time of crisis, many Eastern European states began improving their cybersecurity strategies. Unfortunately, Ukraine realized in 2014 just how difficult it is to withstand attacks from Russian hacktivists when the government is in political turmoil.

The Crimean Crisis

After the Russo-Ossetian war, Ukraine began building up their cybersecurity in anticipation of a Russian attack. This attack eventually came during the 2014 Crimean crisis. Seizing the opportunity created by the Euromaidan protests, Russia employed an advanced disinformation and propaganda campaign. This campaign was accompanied by low-level espionage and disruption missions that targeted Ukrainian government officials through spear-phishing and malware. The propaganda was spread via bots and hackers on social media, much like the disinformation spread during the Russo-Ossetian war. A DDoS attack was also conducted against Ukrainian government websites, which resulted in the websites crashing for several hours before Ukrainian security officials were able to reject the bots from the servers. These operations ultimately undermined the 2014 Ukrainian elections as illegitimate and the Ukrainian military was blamed for numerous false-flag operations against various pro-Russia separatist groups. An investigation into the source of the hacks revealed that the attacks originated with Russian IP addresses; however, the Russian government once more claimed that Russian hacktivists unaffiliated with the government had been responsible for the information operations. Nevertheless, the international community refused to believe these claims, declared the Russian-sponsored referendum to be illegitimate, and denounced the Russian occupation of Crimea in a United Nations General Assembly resolution. Some actors, such as the United States and the European Union, recognized the threat that the Russian information warfare posed to their security, and placed sanctions on Russia. This further dissolved the already fragile tensions between Russia and the United States, and these tensions reached their lowest point since the end of the Cold War when Russian hacktivists hacked the 2016 U.S. Presidential Elections.

The Hacking of the United States Presidential Election

During the 2016 U.S. presidential election, several U.S. political entities, most notably the Democratic National Coalition (DNC), reported that they had been hacked. Soon after private information about Hillary Clinton’s presidential campaign was published on websites such as WikiLeaks and DCLeaks.com. Targeted ads and articles also began appearing on various social media platforms during the election, with many of them focusing on divisive political and social issues. The hacks and the ads were both easily traced back to Russian hacking groups with known affiliations to the Kremlin. The U.S. intelligence community determined, with high confidence, that Vladimir Putin had ordered the hacks and the divisive disinformation campaign. The discovery and attribution of the hacks resulted in immediate outrage from the U.S. population and ultimately caused further polarization along party lines.

The software and tactics used to conduct espionage on U.S. political entities were both rather simple, though thorough. The hacktivists employed by the Kremlin belonged to the group that the U.S. intelligence community refers to as “the Dukes.” The Dukes are well-known by the U.S. intelligence community; they have spent countless hours trying to remove the hacker group from public and private email servers all over the country. The hacktivists sent targeted emails containing malware to members of the DNC and other organizations. This practice is known as spear-phishing and often results in the target unknowingly installing viruses or malware to their computers. Once the malware has been installed to the computer, it can search for files, see the computer’s history, and access the internet. The hackers secured files through malware that was downloaded to the computers at the DNC, then revised and released the files in a way that would intentionally discredit the members of the Democratic National Coalition. This practice was perfected by Russia through employing it against their population; any entity that opposed the Kremlin or its policies were infiltrated, prostrated, and publicly shamed by “hacktivists.” The US political atmosphere remains tense years after the hacks were discovered, causing people to worry about how truly devastating hacktivist involvement in international politics can be.

Moving Forward: International Response and Action

The investigation and confirmation by the U.S. intelligence community of interference by the Kremlin and their hired hacktivists severely polarized the U.S. population. The government’s reaction, a ban on several Russian companies and individuals from conducting business in the United States, has been considered by many to be a “slap on the wrist.” Lack of a vehement response or clear policy direction highlights just how extensive the problem is on an international scale. Without the ability to punish hacktivist groups or the entities that employ them, the frequency and severity of cyber attacks will continue to grow globally.

The number of hacktivist groups worldwide has already increased since 2014, according to Dan Lohrmann. As a form of response to the “civilian” hacker groups used by the Kremlin to further their political goals, hacktivist groups in countries such as Ukraine and the U.S. have been created. Some, such as the Ukranian group led by a hacker known as “RUH8” (or “Roo-hate,” expressing the group’s disposition towards the Russian government), were formed with the sole purpose of counteracting Russian influence in their country’s politics after the Crimean Crisis. Others, like the Western hacktivist group “Anonymous” claim that their activities are protesting injustice and corruption where they see it occurring. 

Though the cause supported by a hacktivist group may be noble, the strength and skill with which Russian hacktivist complete cyber operations has caused governments all over the world to take action against Russia and hackers in general. The international community has striven to address the growing concern that cybercrime and hacktivism pose through diplomacy and economic sanctions; however, creating resolute legislation or treaties has proven to be extremely difficult. NATO has reported that the sanctions placed upon Russia in response to the Crimean Crisis have been largely successful and have “inflicted damage on the Russian economy,” but Russian hacktivist activity and cybercrime continue to grow. As a new form of technological warfare, cyber warfare has no international norms that may govern the actions of actors. A lack of clear definitions, acceptable actions, and understood repercussions allow actors to continue using cyber warfare without punishment.

Experts have begun to fear that Russian hacktivism will extend beyond the borders of Russian foreign policy and cybercrime to become its own black market business. The U.S. security firm Taia Global has assessed that the 2014 hack of Sony Pictures by North Korea may have been conducted by paid Russian hacktivists. Documents leaked from the studio were traced to a Russian hacktivist with suspected ties to the FSB. This presents a harrowing possibility: states may, given the opportunity, hire Russian hacktivists to conduct cyber espionage missions on their behalf. Any situation in which states hire foreign nationals to conduct illegal activity in cyberspace would further complicate the attribution problem and make it much more difficult to stifle cybercrime across the globe.

If the international community truly wishes to combat cyber criminals and hacktivists on a global scale, then international laws, norms, and treaties must be set in place to govern the actions of cyber states. Although many experts such as Brian Mazanec assess that norms would be incredibly beneficial for all states suffering from hacktivist and cyber attacks, they also realize that the creation of these norms is highly unlikely under normal circumstances. Many of the worlds largest powers have no interest in creating constraining norms for cyber warfare, as the absence of these norms allows them to attack one another freely; however, the rise of state-sponsored hacktivism has brought the lawless free-for-all within cyberspace to a new turning point. Before hacktivists were deeply involved in international relations, the political and social climates of states were largely unaffected by its cybersecurity policies. After the 2016 election and the polarization of the United States population, a state’s cybersecurity policies became a priority for ordinary citizens in different countries all over the globe. The control over cyberspace that states once had is now threatened by hacktivism, and it is time to consider creating laws and norms that would constrain cyber activity for all actors. Although they may prevent the world’s largest cyber powers from using cyberspace to attack one another, it could also disrupt the startling trend of political polarity in democratic states by punishing the actors using bots and hacktivists to further their political goals. 

Hacktivism has arisen from the continued proliferation of cyber weapons internationally. Although the 2008 Russo-Ossetian War, the 2014 Crimean Crisis, and the interference in the 2016 U.S. elections were all examples of successful Russian hacktivist operations, they certainly are not the only ones. Great Britain continues to grapple with the effects that Russian hacktivists had upon their political climate, and leaders all over the globe worry that their next elections will be undermined by Russian influence. With no laws, norms, or treaties governing cyberspace, the world waits impatiently for another Russian hacktivist to strike. Only two questions remain: Who will be the next target, and when will Russia strike next?