Cyber guerilla, unlike guerilla warfare, is not a prelude to ultimately becoming a conventional actor, to attain enough momentum within the population to be able to field an army. As such, it is narrower in scope than guerilla warfare, which is about overthrowing and replacing the State. Whereas cyber guerilla tactics alone can contribute to revolution, they cannot achieve physical revolution on their own. Cyber guerilla tactics can influence the masses and serve as a primer for these types of change, but the change itself requires some form of physical action. Apart from the ultimate goal of guerilla warfare––becoming a State actor––the goals are very similar to those of cyber guerilla.

Cyber guerilla is also about attaining momentum. Like Che Guevara’s traditional guerilla band, the hacker group waging cyber guerilla starts off with a base of like-minded individuals aimed at making themselves heard. Just like gaining momentum for fielding an army and overthrowing larger actors in a conventional guerilla, the hacker group requires momentum to be effective and reach its goals. Lacking support or attention of the media and the masses will prove to be the end of any attempt of a hacker group to maximize their potential. Such an unpopular hacker group may be able to affect the State and other actors via cyber guerilla tactics, but as these actions are standalone and lack support they will be “just another hacker collective.” To make themselves truly heard they require the masses and (social) media to amplify their effect.

The viability of a cyber guerilla is derived from the hacker group’s potential, which consists of the ability to gain popular support and the ability of group members to conduct operations. These members, the cyber guerillas, are the ones at the virtual frontlines, the ones conducting the operations. Understanding their motivations will further understanding of the hacker group. There are many different motivations for joining or creating such a group; some are very similar to the motivations of a conventional guerilla fighter: as a form of protest against an oppressing actor and to protect others from this oppression. Oppression in this day and age may still entail physical oppression, but far more likely is intellectual, creative, social, and informational oppression. Cyber guerilla fighters dedicate themselves to influencing actors engaging in such oppressive activities. Guerillas do so on their own terms, on the terrain where these oppressive actors feel safe but can be hurt most, at times when these actors are least aware, and at the places they least expect. Cyber guerillas are only capable of doing so when they have intricate knowledge of the domain: the Internet and associated information systems. They need to know ways of circumventing safeguards; accessing and infiltrating networks and machines; exfiltrating information; how to manipulate the users and their supervisors; and how to sell the operations to the masses. These knowledgeable members form the nucleus of a hacker group; they can attract and educate new members and start to establish their strategy.

Strategy itself is not about how to use means and methods to achieve a specific goal (those are tactics). Whereas for many hacker collectives the action is the goal itself, those waging cyber guerilla see actions or operations as sequential steps to achieving an end-state: as means to an end. That being said, the hacker group should take time to formulate the ultimate goal or end-state and plan the strategy leading up to that goal. As the hacker group is most likely to be the smaller actor with fewer resources at their disposal, it is vital that an end-state and strategy is formulated. The group will not be able to bring down or influence the opposing actor instantly; there are sequential steps in achieving the end-state: the plan for reaching the end-state is the strategy.

A clear end-state is required before being able to formulate strategy; there should be no doubt why the hacker group exists and what it tries to achieve. The ultimate goal should be formulated in such a way that it is––to some extent––specific, attainable, and realistic while at the same time sufficiently generic. For instance, “influencing opposing actor A” is too generic; a better goal would be “make actor A stop infringing on personal freedoms”. Influence is too generic and does not offer starting points for establishing strategy, whereas making an actor stop doing something is still generic but outlines the specific issue area the group wants to affect. The end-state is the why and what of the hacker group (why they exist and what they are trying to do); strategy is the how: how the hacker group can reach the end-state.

Strategy is about long-term planning, about the analysis of (partial) objectives, taking into account the situation at the time, and the ultimate goal. The situation at the time can only be understood by knowing oneself, the opposing actor, and the context. Assessing the hacker group in terms of strengths and weaknesses is a first step in understanding oneself. Issues that could be taken into account are training, education, logistics, readiness, and willingness of individual members and the group as a whole. After analyzing the hacker group, one can turn to the opposing actor: What are his strengths and weaknesses? Understanding the opposing actor involves analyzing his goals, strategy for achieving these goals, and resources at his disposal (eg, leadership capacity, popular support, financial means, informational means, etc.). As the action taken by the hacker group and the opposing actor does not take place in splendid isolation, it is paramount to understand the societal context of these activities.

The context at the time affects the effectivity of actions and reactions––people perceive an action from their personal context (eg, biases, prejudices, and feelings) and the societal context. A hacker group should be aware of these contexts as these can have a great impact on the effectivity of an operation. For instance, when trying to influence a bank’s dishonest decision makers for whatever reason, one might consider conducting a (distributed) denial of service attack against the network infrastructure, rendering online banking inoperable. Such an action may be perceived as criminal or malicious as the hacker group targets the common man wishing to use his banking service. Although this operation might be technically successful, it can be disastrous as far as effectivity is concerned; the hacker group may lose support and alienate the people. A hacker group that is aware of the context would decide differently, for instance by targeting the dishonest decision makers themselves, via a spear phishing campaign, and exploiting the information gained to slander the decision makers. Such an action may be hailed as benevolent and the hacker group may be seen as a champion of the common man against forms of injustice.

When a hacker group understands itself, its opponents, and the context, it can start to formulate strategy. Different end-states require different strategies, and as groups, opponents, and context are diverse there is no general rule for creating a strategy. As a consequence, a strategy can comprise virtually anything that enables the hacker group to achieve the desired end-state. Depending on how ambitious the end-state is, the strategy may have many objectives, partial objectives, and milestones in it.

The first fundamental characteristic of cyber guerilla tactics is asymmetry. Cyber guerilla in most cases is about rivaling a conventional opponent with more resources––in other words the resource balance is asymmetric. The hacker group and the opponent have unequal access to resources; the opponent has easier access and more resources. This opponent cannot be defeated or manipulated if met on a level playing field as there would be one inevitable outcome for the hacker group: defeat. Hence, cyber guerillas resort to asymmetric means and methods. These are aimed at offsetting the imbalance in resources between the guerillas and the intended target. Asymmetric means and methods are aimed at and make use of the weak spots of the intended target, where the access to resources does not matter. By using this type of means and methods the imbalance in resources can be countered.

The second principle of cyber guerilla tactics is flexibility. Flexibility revolves around being able to constantly adapt to the situation at hand, before, during, and after conducting operations. Hacker groups should adapt quickly, strike swiftly, and move out rapidly, reducing the potential of being caught. Cyber guerillas should never try to face the opponent head-to-head, that is, unless the other actor has been attrited to such an extent that success is certain. Cyber guerillas should do everything to prevent being pinned in a certain physical or nonphysical location; they should be able to adapt flexibly and evade any attempt of the opponent to meet head-on. When cyber guerillas are pinned down, the bigger actor can focus his resources and manpower on that specific area. This will unavoidably result in an ineffective operation and have severe repercussions for the guerillas engaged in the operations. Therefore, cyber guerillas should operate in flexible, amorphous, mobile formations.

Stealth is the third principle of cyber guerilla tactics. Stealth is essential for hacker groups from inception of the hacker group to the conduct of operations and long after that. At the start of cyber guerilla, hacker groups need time to come up with a end-goal, strategy for achieving this goal, and organize all other aspects of the hacker group. In this planning stage cyber guerillas are very vulnerable––they have yet to conduct operations but they are communicating about their intentions to take part in these activities. Hence, they should take great care to avoid their communication being overheard or intercepted by others.

Stealth remains of utmost importance during the stages in which the hacker group conducts operations. The only exception is ope...