Ensuring national security in the cyberspace comes with numerous challenges across the world. For instance, intelligence and cyber operations conducted by foreign state actors–such as intelligence agencies and cyber forces—pose serious concerns; so do the activities of private hackers. In particular, cybercrime is a significant threat when it comes to economic damage. Industry research firm, Cybersecurity Ventures, estimated that the global annual economic damage caused by cybercrime would reach $9.5 trillion in 2024 and $10.5 trillion by 2025 [Morgan, 2024]. To put that figure in perspective, $10.5 trillion amounts to approximately 9 per cent of the world’s total GDP (which the IMF projects to be $115 trillion), approaching the double-digit percentage range. [International Monetary Fund, 2024] According to various reports, a majority of such economic damage is caused by private hackers, and not as much by state actors [Miliefsky, 2025] [Namase, 2025]. In one of the most significant recent incidents, Japan experienced widespread damage in 2025 due to the hijacking of online securities accounts [NHK, 2025]. The incident may well have made many people reluctant to trade securities online.
To fight cybercriminals, international cooperation is essential. Black-hat hackers exploit the borderless nature of cyberspace, routing through multiple countries to reach their victims. Without collaboration across nations—despite differences in legal systems—it is difficult to identify or apprehend the perpetrators. When building such international cooperation in cyberspace, the concept of “privateering” and its historical precedents can offer insights.
The concept of “privateering” began to take on new significance in international cybersecurity discussions in the 2010s. This historical analogy began to appear in blog posts, books, and academic articles around this time [Ford, 2010] [Singer & Friedman, 2014, 177–80] [Egloff, 2015]. The term “privateer” originates from European and American history, spanning the late Middle Ages to the early modern period [Egloff, 2015, 3]. It refers to privately-owned vessels and individuals, who, under state or quasi-state sanction, engage in acts of piracy. Privateers were most active from the 16th to the mid-18th centuries, primarily operating between European nations and their trading partners, including the United States [Egloff, 2015, 36].
The authors of the above-mentioned works liken modern cybercriminals operating in the interest of their nations—often called patriotic hackers—to the privateers of the past [Ford, 2010] [Singer & Friedman, 2014, 177] [Egloff, 2015, 9]. Such actors have been referred to as “cyber privateers” [Ford, 2010]. Just as hackers are compared to privateers, cyberspace can be likened to the high seas of the premodern era. Both serve as arenas for international communication and trade where ambitious criminal actors thrive [Singer & Friedman, 2014, 177]. In this paper, I will collectively refer to these debates as “the cyber privateering discourse” for the sake of convenience.
For example, Christopher Ford, a professor at Missouri State University specializing in national security, describes the large-scale 2009 DDoS (Distributed Denial of Service) attacks on Estonian government agencies and private companies as a form of privateering in cyberspace [Ford, 2010]. These attacks are believed to have involved private individuals from multiple countries, primarily Russia, though no direct involvement by the Russian government has been confirmed [Evron, 2009] [Ottis, 2008]. The actions of these cybercriminals—who operate independently while aligning with national interests—resemble those of historical privateers.
Another example of such an actor is the Syrian Electronic Army. While this hacker group is notorious for attacking Western media outlets, it is not believed to operate under direct government control, despite what its name may suggest. Rather, it is believed to operate independently, with the tacit approval of the government under the former Assad regime [Smith-Spark & Heerden, 2013]. Instances of such “state-tolerated” actors abound.
Meanwhile, state-sponsored or state-supported cybercriminals are also considered cyber privateers [Singer & Friedman, 2014, 180]. The activities of these actors have often been raised as a serious concern [U.S. Department of Justice, 2021] [Perlroth, 2014]. For instance, the U.S. Department of Justice reported 58 cases from the past three years linked to the Chinese government and warned of economic aggression by Chinese nationals, including hacking [U.S. Department of Justice, 2021]. In 2024, internal documents from the Chinese private company operating the website i-SOON were leaked. These documents suggest that the company had been engaged in international espionage activities commissioned by China’s Ministry of Public Security (MPS)—which functions as both a police and public security agency—and the Ministry of State Security (MSS), the country’s foreign intelligence service [Brazil & Singer, 2024] [Robinson, 2024] [Pei, 2024]. Such cases are not limited to China. In Iran, there was a company that stole intellectual property from universities around the world and sold it for profit, one of its main customers being the Islamic Revolutionary Guard Corps (IRGC) [U.S. Department of Justice, 2018]. These cases highlight how some states implicitly support criminal hackers—either using them as proxies or turning a blind eye, seeing them as convenient tools.
The problems posed by states that exploit or tolerate cyber privateers go beyond the damage caused by the privateers themselves. Their unwillingness to crack down on cybercriminals targeting foreign countries—so-called “state-ignored” actors—also harms other nations [Healey, 2012]. The question is whether such states can be persuaded to cooperate actively in investigations. The analogy of cyber-privateers offers valuable insights into this issue. In their coauthored work, Peter W. Singer of Arizona State University and Allan Friedman of the U.S. Cybersecurity and Infrastructure Security Agency (CISA) argue that even adversarial states, such as the U.S. and China, could find common ground by jointly targeting cybercriminals, whom both recognize as a threat. If agencies from both nations were to pursue a common enemy together, such collaboration could help foster mutual trust. Even a strengthening of each nation’s cyber military capabilities would not necessarily hinder cooperation, much like the operational coordination between the U.S. Navy and the Royal Navy after the War of 1812, as will be discussed later in this article [Singer & Friedman, 2014, 177–180].
If governments strengthen their formal cyber capabilities (such as cyber forces)—akin to national navies in the past—it is likely to heighten their desire to assert control over cyberspace further. As a result, privateers may no longer be seen as “useful tools” for advancing national interests, and rather as bureaucratic rivals to national cyber forces [Singer & Friedman, 2014, 179]. This shift may prompt states to reduce their dependence on privateers. In early modern Europe, for instance, several countries developed professional navies and gradually turned away from the use of privateers. [Egloff 2015. P.7] Seen in this light, it is also plausible that states which have moved away from dependence on privateers may come to view them as adversaries and take joint action with other countries to combat cybercrime.
Past cases of privateering show that a key driver of such cooperation is a state’s awareness of the economic risks posed by privateers. The War of 1812 is a notable historical example. The U.K.’s wartime blockade, carried out during the conflict, devastated U.S. maritime trade, causing exports to plummet by 86 per cent, from $45 million in 1811 to $7 million in 1814 [Black, 2008]. Conversely, U.S. privateers also inflicted significant economic damage on the U.K., disrupting its trade routes. Over 600 U.S. privateer ships harassed British commerce, driving maritime insurance premiums to record levels and prompting British commercial lobbies to pressure their government to pursue a peace settlement [Kert 1998, 9–10]. In this period, those two navies cooperated to suppress pirates and slave ships in the Atlantic Ocean, despite the strained relationship between the two countries that continued long after the War of 1812 [Singer & Friedman, 2014, 180]. The severe economic strain on both countries caused by the war fostered a desire for safer maritime conditions, ultimately leading to naval cooperation after the war.
Similarly, concern over the economic losses caused by cybercrime may drive nations to strengthen enforcement. Of course, significant hurdles are likely to stand in the way of achieving international cybercrime enforcement that crosses traditional friend-foe boundaries. In particular, the numerous eavesdropping and hacking operations conducted by U.S. intelligence agencies against foreign companies appear to have led the Chinese government to view U.S. norm-building efforts against cyber espionage for commercial secrets as hypocritical [Egloff, 2015, p. 13] [Sanger, 2014]. Such activities were, however, not confined to the United States. In the past, the French government reportedly engaged in them actively, with Germany among the alleged victims named in leaked information [Norman, 2011] [Vijayan, 2013]. Determining the proper norms for cyber espionage will require ongoing international debate and the cultivation of trust between nations.
Furthermore, if an adversary’s public cyber capabilities—namely, cyber policing and cyber military power—increase, even if those improvements are defensive, it will likely create disadvantages for one’s national security, such as making intelligence operations against that adversary tougher. Moreover, in times of conflict, the adversary’s cyber defense capabilities could also pose significant challenges. However, when it comes to effectively cracking down on cybercriminals, it is not hard to imagine that the global enhancement of public cyber capabilities—including those of adversarial nations as well as one’s own country and allies—would be beneficial.
The 19th-century navies of Britain and the United States, which once stood off across the Atlantic, undoubtedly faced similar challenges. The very partners they relied on to combat piracy and the slave trade were also recognized as powerful adversaries in times of war. As the modern cyber arms race continues, one might wonder whether reaching a sufficient level of strength on both adversarial cyber forces could eventually bring a measure of stability to cyberspace. With hope that the stability achieved in the 19th-century Atlantic might be replicated in the digital realm, it is essential to explore ways to pave that path forward.
Black, J., 2008. A British View of the Naval War of 1812. Naval History, 8.22[4].
Brazil, M. Singer, P. W., 2024. China is turning to private firms for offensive cyber operations.
Available at: https://www.defenseone.com/threats/2024/06/china-turning-private-firms-offensive-cyber-operations/397767/.
Egloff, F., 2015. Cybersecurity and the Age of Privateering: A Historical Analogy.
Available at: https://ora.ox.ac.uk/objects/uuid:a93b3385-0a5d-4df3-ac30-88532af9ca93.
Evron, G., 2009. Authoritatively, Who Was Behind The Estonian Attacks?.
Available at: https://www.darkreading.com/cyber-risk/authoritatively-who-was-behind-the-estonian-attacks-.
Ford, C., 2010. Here Come the Cyber-Privateers.
Available at: https://www.hudson.org/technology/here-come-the-cyber-privateers.
Healey, J., 2012. Beyond Attribution: Seeking National Responsibility in Cyberspace.
Available at: https://www.atlanticcouncil.org/in-depth-research-reports/issue-brief/beyond-attribution-seeking-national-responsibility-in-cyberspace/.
Kert, F. M., The Fortunes of War: Commercial Warfare and Maritime Risk in the War of 1812,
Miliefsky, G., 2025. The True Cost of Cybercrime: Why Global Damages Could Reach $1.2 – $1.5 Trillion by End of Year 2025.
Available at: https://www.cyberdefensemagazine.com/the-true-cost-of-cybercrime-why-global-damages-could-reach-1-2-1-5-trillion-by-end-of-year-2025/.
Morgan, S., 2024. 2024 Cybersecurity Almanac: 100 Facts, Figures, Predictions And Statistics.
Available at: https://cybersecurityventures.com/cybersecurity-almanac-2024/.
Namase, R., 2025. Cyber Warfare Statistics 2025: Costs, AI Tactics, and State Attacks.
Available at: https://sqmagazine.co.uk/cyber-warfare-statistics/.
NHK, 2025. Securities account hijackings soar.
Available at: https://www3.nhk.or.jp/nhkworld/en/news/backstories/4048/.
Norman, J., 2011. WikiLeaks: France Leads Russia, China in Industrial Spying in Europe.
Available at: https://www.cbsnews.com/news/wikileaks-france-leads-russia-china-in-industrial-spying-in-europe/.
Ottis, R., 2008. Analysis of the 2007 Cyber Attacks Against Estonia from the Information Warfare Perspective.
Available at: https://ccdcoe.org/library/publications/analysis-of-the-2007-cyber-attacks-against-estonia-from-the-information-warfare-perspective/.
Pei, M., 2024. Piercing the Veil of Secrecy: The Surveillance Role of China’s MSS and MPS.
Available at: https://www.prcleader.org/post/piercing-the-veil-of-secrecy-the-surveillance-role-of-china-s-mss-and-mps.
Perlroth, N., 2014. After Arrest of Accused Hacker, Russia Accuses U.S. of Kidnapping. The New York Times, 8 7.
Robinson, D., 2024. i-SOON Data Leak.
Available at: https://blog.malcore.io/p/i-soon-data-leak.
Sanger, D. E., 2014. Fine Line Seen in U.S. Spying on Companies.
Available at: https://www.nytimes.com/2014/05/21/business/us-snooping-on-companies-cited-by-china.html.
Singer, P. W. Friedman, A., 2014. Cybersecurity and Cyberwar: what everyone needs to know. New York: Oxford University Press.
Smith-Spark, L. Heerden, D. V., 2013. What is the Syrian Electronic Army?.
Available at: https://edition.cnn.com/2013/04/24/tech/syrian-electronic-army.
U.S. Department of Justice, 2018. Nine Iranians Charged With Conducting Massive Cyber Theft Campaign on Behalf of the Islamic Revolutionary Guard Corps.
Available at: https://www.justice.gov/archives/opa/pr/nine-iranians-charged-conducting-massive-cyber-theft-campaign-behalf-islamic-revolutionary.
U.S. Department of Justice, 2021. Information About the Department of Justice’s China Initiative and a Compilation of China-Related Prosecutions Since 2018.
Available at: https://www.justice.gov/archives/nsd/information-about-department-justice-s-china-initiative-and-compilation-china-related.
Vijayan, J., 2013. Is French outrage against U.S. spying misplaced?.
Available at: https://www.computerworld.com/article/1505931/is-french-outrage-against-u-s-spying-misplaced.html.