Over the past couple of decades, the digital world has started to become a bigger battlefield than many of us would have thought it would become.

Your Typical Thief

My friend’s Instagram account was acquired today by a scammer trying to steal money from their followers. This sort of hacker (though non-violent) can be equated to someone robbing a convenience store or pedestrian. Their primary motivation is money.

Weaponized Virus

You may be familiar with Stuxnet, which was designed to attack Iranian nuclear power plants. This virus ended up spreading to other machines around the world and was probably one of the first pieces of software to be weaponized and used in an act of war.

An “IT Army”

In a more recent development, the Ukraine government had called for an “IT Army” early on in the war to do whatever they can to disrupt Russia, mostly targeting economic and government websites. This army totals around 300,000 people from around the world. Not a single person and not a weapon this time–an army.

Botnets

These things got me thinking about some other potential attacks someone could unleash. The idea of a botnet always seemed interesting–having hundreds or even thousands of machines sitting idly, waiting for orders from a command server.

The sheer number of machines available could be defined as a weapon–just provide a target, and you could take it offline in minutes with a ping of death. Now, this is essentially what Ukraine’s army of 300,000 hackers is doing with Russia’s infrastructure, except these are all (mostly) physically controlled machines that are taking websites offline.

Now imagine if a government had a botnet consisting of the entire populations computers and smartphones. For Ukraine, this would be around 43 million devices. For the US, about 332 million. Of course, not everybody will have a smartphone or computer, but I would imagine this number would be at least one third of the population.

If a government had this sort of control over the population’s devices, it would be almost like a nuclear bomb of the internet. Everybody would know who launched the attack, and if the target had the same capabilities, retaliation of the same sort would be expected.

Of course, this would only disrupt service for a time and flood some databases. This sort of capability wouldn’t be very effective in espionage or spreading viruses to closed networks.