APIs are how cyber warfare is waged. APIs are how business, government, institutions, and individuals are being targeted, infiltrated, and indoctrinated as part of the millions of cyber war skirmishes occurring around the globe in 2017. These are some of my stories from the last seven years on the front lines of this war, documenting how these cyber militias are planning, mapping out, communicating, and executing their attacks in this new form of warfare.
I was sent to the front line of the API description wars in July 2010. Battles were heating up and there was a need for someone to be covering the front lines, documenting how this new type of warfare was being waged. Much like computer origins in World War II, where encryption and compute capacity were central to planning, communicating, executing attacks, APIs are how the submarines of the Internet age that are attacking shipping convoys, and how the looting of gold, art, and other riches are being dispatched–a distributed Enigma for a new type of warfare that was born out of the technology of the last world war, but retooled for a new century of warfare.
In the early days, API attacks were carried out using WSDL, an XML format for describing each networked attacks as a set of targeting endpoints that receive messages which contained attack orders that are either document-oriented or procedure-oriented information, executed from high up the common and control chain, by IT leadership. This new type of war was orchestrated by a small group of greybeards, who dwelled in the basements of large institutions.
Around the turn of the century, a new breed of milia units began borrowing from these existing top-down approaches to digital warfare but began leveraging cheaper Internet and web infrastructure to document, share, and distribute their unique brand of attacks on the global supply chains of not just the enemy, but anyone that got in their way–a new, ruthless way of waging a digital economic war. It would be several more years before this type of warfare would take root and begin evolving, but the seeds for disruption had been planted, giving birth to something that would soon be affecting every other aspect of business, government, institutions, and even in our personal worlds.
Early cyber invasions seemed almost fun and entering, but looking back the attack on the social fabric of our lives, it was anything but amusing. Who ever imagined that warfare could be conducted via social media memes, photos, videos, and the games we play each day. APIs were being used to define and map out more than just the social fabric of our personal and professional lives, they were being used to psychologically profile us, and ultimately plan out how we could be conscripted in this new type of cyber warfare.
By this point, one of the leading militias called Amaze who had been pushing this new type of warfare had heavily invested the digital factories and warehouses where they manufactured the essential components needed to wage this new type of warfare at scale–things like compute, storage, and DNS. Then in 2006, they opened up these new cyber war manufacturing center to be used be used by the public–now any militia could grow their operations, deploying what seemed like unlimited capacity when it came to planning, communicating, and executing attacks on any business, institutional, government, or civilian target.
This became a perfect storm for how we plan, communicate and execute an invasion or disruption, but to achieve their objectives the militias still needed people to swell their human ranks. In a distributed war you need humans to execute your ideological warfare, or simply to defend existing companies and institutions against the attack of others. At this point, a computer device manufacturing company called “Pear” came along from the consumer sector and released the perfect device for indoctrinating, and conscripting the average civilian in this new type of warfare. Then, rather than shipping individuals off to the front lines, militia units who were flush with their new found resources would bring the frontline to them, lighting up millions of new frontlines within businesses, government agencies, communities, and homes around the globe–a new kind of front line that never stayed in a single place, and would follow us wherever we went in our physical world(s).
Within each front line battle, armies had been creating their own way of defining, describing, and modeling their activity as each assault unfolded, learning from each wave and developing their own form of scaling things as they needed. Early supply chain attacks had their own way. The imaging and video fronts used their own protocols, and messaging formats to describe, share, and then execute attacks. Some providers were successful simply because of a number of resources they had invested in their regional militias, making success more about who your investors were, over any of the technical details of how you waged cyber warfare.
As this was going on, a single milia unit (Strutter) in a small linguistics company created a new way for describing the way attacks had been occurring–they has used in their own attack on language and how we communicate. When planning for a social attack a common approach had emerged–you used images, video, wall posts, a share, or a tweet. The description had been well defined on the social front–hammered out in the early intense years of warfare. However, we now needed a way to describe and define the frontline across ALL social, messaging, and other invasions. Imaging, video, mapping, messaging, profiling–we needed a way to document how the attacks were being carried out, and the finer details the attack request and response infrastructure in play, otherwise cyber warfare would not scale and expand as desired by those who were waging it.
As the Strutter unit was formalizing their approach to mapping out and sharing a cyber invasion using API technology, another group, the Masherine division took notice and released their own solution modeled after Strutter’s work. The Masherine division possessed considerably more resources than the smaller Strutter unit and would be able to get the attention of other militias much faster than Strutter ever could–a solution they called Masherine Up / Down, or the Masherine U/D Protocol. Both Strutter and Masherine U/D Protocol would emerge as the leading approaches to documenting an attack after they had happened, allowing for better planning, communication, and execution of future attacks, and training of militia members.
As this was all happening, another unit emerged to further shift how we conduct cyber warfare, allowing us to not just document how an attack or series of attack occurred and just understanding the frontline after it had created and shifted. This new unit, dubbed the Killer Bee (kBee) Unit, release their approach to not just mapping API attacks after they happened, but allowing us to also to plan attacks, and even model and mock attacks and shifting front lines before they ever actually occurred. The kBee Unit added their Hive API Blueprint to the mix of a growing number of approaches to quantifying how cyber warfare is waged at a global scale.
As front lines in supply, healthcare, training, transportation, and social front lines adopted one of the leading formats: Strutter, U/D Protocol, or now Hive API Blueprint, other significant shift in the landscape was occurring. Cyber warfare was shifting to be more about business, the acquisition of militias to grow your army, as well as about politics and ideology of how propaganda is being spread, as well how we quantify, communicate, and discuss cyber attacks–the API description wars, a war behind the cyber war(s) was now in full bloom.
In the early days of the war, there was one place you went to find a listing of frontline attacks and any details about how the fighting was occurring. It was a scrappy wartime news outfit run by a handful of patriots, called ProgrammedWeb. I worked for ProgrammedWeb in the early days, when I was first trying to make a name for myself, but after the news agency was sold, and then resold again to the emerging Hard Mule Division, I became pretty focused on crafting, publishing, and syndicating my stories, and evolving my own independent view of how cyber warfare was actually be conducted on the front lines.
Even after stopping my dispatches t ProgrammedWeb, I still worked on strategy for the Hard Mule Division, and one of my immediate tasks involved bringing together all of the existing API description providers to discuss the unification of all the approaches, which actually resulted in a fourth format called BatteringRAML. Now there were four groups battling it out for dominance when it came to describing, defining, and mapping out the cyber warfare front lines. Somewhere along the way, I was to blame, for helping bring everyone together, allowing them to have their best practices and goodwill extracted and applied to BatteringRAML, something that resulted in me losing access to the kBee Unit and Strutter camps for a while.
Shortly after the Hard Mule Division purchased ProgrammedWeb, and convened their interoperability gathering amongst API description providers, they asked me what it would take to ensure that all my stories, communications, and frontline research flowed exclusively through their “channels”. I had no interest in this happening, but I tossed out a low six figure number, to which they simply laughed. We never spoke again after this, but it did show me the true colors of the Hard Mule Unit, as well as some of the other emerging militias, units, and divisions who have begun to take a lead in the global cyber warfare landscape. This emboldened me. I was determined to stay independent in my reporting, even if it meant I was in a more precarious financial situation–something that resulted in heavy drinking during these times on the front line.
During this same period I was contacted by the Electronic Frontline Foundation (EFF), one of the leading organizations fighting for frontline transparency. It was about another significant shift in the cyber landscape brought on by a leading military industrial complex vendor Prognosticator, who was suing another rising division called Oggle over stealing their approach to naming and ordering of the industrial manufacturing process of cyber warfare equipment. It wasn’t the same as quantifying, communicating, and executing cyber warfare itself, but it was a disturbing legal shift in how cyber war equipment can be manufactured, something that I knew would eventually spread to the front line, shifting how battles can scale and syndicate.
While all of this was going on, Strutter’s Linguistics unit had run out of resources. While their approach to defining, planning, and communicating API invasions had become the favorite approach of frontline militias, it hadn’t been a money making venture, and they had focused on the details of how you define an invasion, and maybe not so much the execute of their own sustainability. Strutter was on the chopping block, and the Thinking Bear Division swooped to save them, acquiring the unit, as well as any intellectual property it possessed. I was asked to cover the acquisition, crafting a dispatch as this leading API description provider shifted hands. The Thinking Bear Division required that my dispatch be approved, and sent it back with changes, then again with more changes–eventually, I said I couldn’t help them get their message out to the thousands of militias on the frontline who read my stories.
Strutter was now in use across thousands of frontline battles, a change in ownership might upset the balance of power amongst the four leading API description providers, but more importantly, the units who were doing the fighting. Further destabilizing things, instead of continuing the interoperability, scalability, and growth the front lines have enjoyed over the last couple of years. While Strutter is just a privatized mercenary units now, we were able to get the Strutter specification itself into an independent military governing body called the Operative API Initiative, or OAI.
Over the last year, every major unit or division has joined the OAI to participate in the discussion around how cyber warfare is defined and waged. Groups like MacroHard, International Bullshit Machine (IBM), Oggle, and kBee Unit have all joined the initiative. Hell, I’ve even joined the initiative just so I have access to the “behind the scene conversations”. Last month the giant military contractor Prognosticator acquired the kBee Unit, buying a seat at the OAI table. In 2017, a significant number of leading militias, units, and divisions have joined the OAI, setting the stage for how the future of how cyber warfare will be waged.
Newspaper headlines around the globe have declared recently that the API description wars are over. Pointing out that ALL the major API description providers are now part of the same military governing council. Take my word for it, the wars aren’t over. They’ve just moved behind slightly closed doors, being shaped by those who have the resources to participate. They have moved from the front lines of the cyber war, and into the courtroom, again only available to those who have the resources to litigate and defend their approach to waging cyber war, and simply defending their approach to defending themselves from cyber attack–it sucks to be sued for copyright infringement for the way you defended your company from a cyber invasion, maybe even from the company who is suing you. In the future, it will be much rarer for small militias to be able to make a difference. In the new landscape, you will have to part of a larger division to get anything done at scale.
While the API description War landscape has shifted, the trillions of cyber skirmishes being waged around the globe are only picking up momentum, individually and collectively. The attacks on democracy, via social front lines, and supply chains at the retail and wholesale levels are under threat, as well as the financing networks from banking, to markets, and venture capital is increasingly being targeted. Education, healthcare, transportation, and every other vital aspect of our communities are also under attack from each wave of militias being deployed. While many of these militias genuinely believe they are fighting for good, the damage they are doing to every layer of our society and democracy will be irreversible.
In 2017, we are seeing the front lines of the cyber war expand. It wasn’t enough that every citizen has been indoctrinated via the mobile device in our pocket, being sucked into larger battles being waged on the social, mapping, messaging, and other fronts. We are being told to install physical security cameras, speakers, microphones and other devices in our homes, automobiles, and workplace, stoking our physical as well as cyber insecurities. Once installed, these devices get converted into front lines in attacks on free speech, financial markets, elections, and much more, after they are hacked and p0wn3d. The average citizen is completely unaware of the battlefront their lives have become in the last couple years, something I’m not sure many of them will ever fully wake up to.
One of the contributing factors that is sustaining cyber warfare, and making APIs and their descriptions so valuable, is their ability to generate revenue from the bits of data exchanged along every front-line skirmishes. These digital bits generated from each attack are sold behind the scenes. Divisions, units, militias, and their investors are lining up to purchase these digital bits from each other, fueling the growth and intensity of cyber invasions–making cyber warfare a very profitable thing in 2017.
With all this investment, entirely new fronts have been able to emerge. The blockchain front is expanding beyond just attacks on the financial system, and have started to spread to insurance, healthcare, education, and other sectors the creative militias feel deserve targeting. The artificial intelligence (AI) and machine learning (ML) fronts have expanded at breakneck speeds, resulting in a form of cyber warfare very few will ever see coming. Even many of the AI and ML practitioners and providers don’t understand what they are wielding. Many individuals, business, institutions, and government agencies will show up in the morning to find their homes, businesses and organizations gutted, bombed out, and looted after allowing AI and ML into their lives.
I have spent seven years working to quantify the thousands, then millions of micro invasions occurring on a daily basis across this new way of waging cyber warfare. APIs are central to every major and minor invasion in the last 17 years, and API descriptions aren’t just how you plan, communicate, and execute these invasions, they are how you document and understand what has happened, and the atrocities that have occurred–which is one reason why API descriptions have become so valuable. Sure, you want to own how you plan, communicate, execute, and ultimately scale each invasion in a cyber war, but if you control the way we talk about these incursions, quantify and prevent them–you win. It’s a beautiful business model.
After seven years on the front line, I am confident that I will spend my rest of my life here. We have opened Pandora’s Box. There is no putting this beast back in its cage. It is all out there. All we can do is work to quantify, understand, and defend ourselves, working to make sure the machine is more transparent and observable, and telling stories about what is real and what is not in this new world of perpetual cyber warfare.
