Massimiliano Brolli : 11 November 2025 18:53
The concept of cyber risk is increasingly becoming mainstream. Cybersecurity is a rapidly evolving field.
But to help you understand the broader context of what we now call cyberspace, between the beauty of always being connected and the threats that constantly impact it, I’d like to tell you a story, one that is as simple as possible but useful in helping you understand the importance that cybersecurity has in all of our lives today.
Are you ready? Let’s go.
In June 2009, the US and Israeli governments, as part of the “2006 Olympic Games” operation promoted by Bush, created a computer virus known to the public as “Stuxnet,” which aimed to sabotage the uranium enrichment centrifuges located at the Iranian nuclear power plant in Natanz. A few years later, in May 2012, an Iranian energy plant asked Kaspersky Lab for assistance after it had detected anomalies. After a series of analyses, researchers identified a sophisticated worm called “flame,” which managed to penetrate 43 antivirus programs undetected, installing itself on computers (targeting the Middle Eastern region) and providing client images, VoIP streams, and email content to remote servers.
The fifth domain after land, sea, air, and space, an extension of the latter, known to all as cyberspace, was declared by NATO in 2016 as the “ Operational Domain,” and therefore a reason for a possible invocation of the collective defense clause in Article 5. This article states that an “armed attack” against one or more allies is considered an attack against any NATO member, and therefore each member may, in accordance with the right to self-defense enshrined in Article 51 of the UN Charter, decide on the actions it deems necessary to “restore and maintain security,” including “the use of armed force.”
While we have all witnessed the commitment of nations to disarmament, at the time of writing this article, they are equipping themselves with cyber weapons and special forces ( in Italy the CIOC, Joint Command for Cyber Operations, was born) charged with containing or conducting targeted attacks against targets and states using cyber weapons combined with cyber guerrilla tactics.
The growing cyber and terrorist threats pose a fascinating challenge for criminal law. The subject matter is currently highly complex, evolving, and abstract. Cyberwarfare may currently fall within the scope of international law, but there is no established practice in this area.
In fact, the legislator is faced with constantly changing phenomena even if reference is often made to a work written by 19 experts in international law called the ” Tallinn Manual ” which represents the point of reference for the legal scientific community dealing with cyber security connected to States and Armed Forces, even if the history on the subject is still entirely to be written.
All indicators measured by various cyber reports agree that a significant increase in cybercrime will result from the technological evolution brought about by 5G, IoT, small cells, and Industry 4.0 (to name just a few). These technologies will lead to an exponential increase in the attack surface as well as a high level of management complexity. All of this (but allow me to separate business from reality) is an unrewarding model that often generates strong impacts and new threats. When combined with digital dependence, this creates an explosive mix to manage.
In fact, we are witnessing (looking for example at the recently published Clusit 2019 report) a significant increase in cybercrime (even if this was predictable) and a significant decline in activism, a sign that even the noblest side of cybernetic demonstrations is being driven by cybercrime, which is more profitable and “safer”.
On the other hand, these are not the days of “balaclavas and berets.” Today, the situation is much riskier, and criminals know this well. Furthermore, those who find themselves caught between the legal and the illegal, seeking easy profits, will be irremediably swept away by the phenomenon. This never happened before, as the risks involved went far beyond a PC connected to public Wi-Fi, a cascading VPN or two located in countries without cybersecurity laws, and the remote possibility of being charged for hard-to-find traces in a complex and confusing international context.
In addition to individual cybercriminals, there are various types of criminal organizations ( we have discussed their so-called “classification” in some videos on the RedHotCyber YouTube channel ) that have specialized over time in various types of cybercrime.
We’re talking about the resale of sensitive data and digital identities, drug and weapons markets, the sale of malware (such as ransomware, sophisticated cyber blackmail systems like the infamous WannaCry and NotPetya) as well as affiliate systems like MaaS, or the resale of malicious code as a service, even to those who are not experts in hacking, such as DDoS or ransomware.
In short, there is a real underground jungle in the darknet, without forgetting the old core businesses such as terrorist financing and money laundering.
These organizations are well-established and structured, consisting of affiliate members, ordinary partners, and elite partners. It’s an industry that uses and retails services of all kinds, reselling them to third parties who, in turn, use them and provide royalties to the affiliates.
Recently we are witnessing (even in the Covid era) a shift in cybercrime towards large organizations with an increase in complex, targeted and persistent attacks, including for espionage purposes; we have also seen this with vaccines.
Obviously, as in all things, remuneration leads criminal organizations to invest a portion of their profits in new and sophisticated forms of attack, also benefiting from new technologies that today we can see as “a business opportunity” but which tomorrow will inevitably (and history teaches us) allow the birth of new generations of malware, also because the imagination of the human mind and the art of hacking have no limits.
But still in the “basements” of the internet, even states have divisions ready to launch and fight cyber wars against other sovereign states.
We’ve often talked about the hacking capabilities of the National Security Agency and US Central Intelligence Agency, which have become headlines thanks to repeated scandals on the subject, but all governments today are expanding their silos of cyber weapons, ready to be used when needed, but also to acquire intellectual property from other countries to gain an advantage in development and research.
Many states, you might think, have affiliated hacker cells called National State Hackers, who are interconnected with them and do the “dirty work,” procuring funds and intellectual property, and launching attacks on other countries’ critical infrastructure, ushering the world into a new “cold war” under the banner of “backdoors” and cyberpolitics. This may seem hidden in the newspapers, but it’s often interconnected with all of this.
So there’s a lot of dirty stuff on the internet, but everyone has the rule of trying to gain a direct advantage from it with the means at their disposal, with questionable forms of ethics, but practiced by everyone, in that famous “grey area”, much more “profitable” than traditional warfare.
Cybercrime works underground, in hidden networks called Darknet, closed systems, initially created for noble purposes, to protect anonymity, but later become the place where it is possible to commit crimes of all kinds.
In short, darknets are the noblest and most negative use of privacy combined, the aberration of the “public key” concept that gave rise to darknets for military purposes, but has seen them invariably overwhelmed by illegality and crime.
Consider that Darknet ( as seen in a video published on the RedHotCyber YouTube channel) , is a term coined in the 70s to differentiate the ARPANET network from all closed networks, which today are described with the names of Deepweb and Darkweb.
Both are 400 times larger than the surface web, also generally called the clear web, that is, the entire internet world that is indexed by search engines and freely accessible.
In the darknet, new organizations and new “states” will take shape in the near future, either militarily organized to carry out crimes, terrorist acts, or create anonymous markets to sell all kinds of products, from drugs to weapons, even the sale of hitmen on demand.
The definition of State on “Wikipedia” is the following: ” The State, in law, is a sovereign political entity, consisting of a territory and a population that occupies it, and a legal system made up of institutions and laws. “ .
This, in virtual form, is not that far from what happens or could evolve on the darknet, even if the “legal system” and the “institutions and laws” could leave room for discussion.
A self-respecting state must have its own currency. We Italians know well how long we suffered the advent of the euro.
But this is part of the old real-world history; the history of the internet goes faster, so
The only thing missing to be able to purchase goods on the darknet anonymously was a “recognized” currency, the cryptocurrency.
From the genius of Satoshi Nakamoto (an identity still shrouded in a thick layer of mystery, it is probably the name of the working group that programmed the bitcoin client starting from the ideas of the Cypherpunk cryptographers, who inspired the blockchain) on January 3, 2009 at 6:15 pm generates (said to Scrooge McDuck) “Number 1”, the “Genesis Block” or rather the first transaction in the Bitcoin Blockchain citing:
The Times 03/Jan/2009 Chancellor on brink of second bailout for banks
This phrase borrowed from an article in The Times of the same January 3, 2009, referring to the bailout of the banks wanted by the British government.
Nakamoto probably wanted to leave a trace of his distrust of centralized currencies in favor of decentralized ones.
Yes, because the “decentralization” of the currency was the disruptive element and the true innovation of bitcoin, namely the absence of a central governing body that could manipulate, manage, and control the currency itself, which was entirely based on a P2P network. A single protocol, a single client, clear and shared rules, as well as numerous options for anonymous transactions, such as through Multiaccounting/Multiwallet, Mixer, Obfuscation, and more.
But after Bitcoin, while SilkRoad was born in 2011 (a famous illegal market on the Tor network, now closed, where it was possible to purchase drugs, weapons and much more by paying in Bitcoin), a new cryptocurrency, Litecoin, came along, then in 2013 came Ethereum and Ripple, in 2014 Dash and so on, also guaranteeing greater anonymity than Bitcoin itself.
Wars are fought with weapons. While it’s clear that countries are realizing the need for “armed forces” and cyber warfare “strategies,” they are engaging in an arms race by purchasing “cyberweapons” of varying types and grades. Although the legal literature defines cyberweapons as rather confusing, we technicians can assume they are new “malware” or “zero-day attacks.”
But do you know how much a zero-day can cost? There are companies that act as intermediaries, zero-day exploit brokers , and if you have an “Apple iOS remote jailbreak” and it works, Zerodium will give you €2,000,000 or a WhatsApp exploit with RCE worth €1,000,000.
The fees are truly significant, especially when they involve widely used technologies combined with zero-day Remote Code Execution (RCE), especially for smartphone-based software. These intermediaries (who also operate on the darknet, including through criminal organizations) can resell them to government agencies to expand their silos of “cyber-warfare” attacks and thus build weapons that can be deployed, if necessary, against a hypothetical enemy’s systems and infrastructure.
Obviously , this “arms race” will start a new market of – specifically introduced flaws – and patches that will not be intentionally written, contributing, in an already high-risk context, to a decrease in the security of the systems we all use or will use.
Zero-day attacks, in fact, are the most insidious, unpredictable, and unknown threats to date. They embody the philosophical/literary essay ” The Black Swan” theory (which came to attention after the events of September 11th) written by Lebanese philosopher Nassim Nicholas Taleb, which states that ” we are blind to the randomness of things” and that uncalculated, completely unknown domino effects can occur, demonstrating that the utopia of “zero risk” is not feasible, even if at an “ancestral” level we don’t want to acknowledge it… and cybercrime is the master of this.
Cyberspace will be the new arena of geopolitical competition of the 21st century.
This new frontier, unlike other domains, allows for equality, making individuals equal (or essentially equal) to large organizations, while also nullifying international diplomatic relations between states. Within this dimension, espionage activities aimed at economic dominance over other states will be conducted, and some states already claim that such activities are being conducted to pursue their own strategic objectives.
The intelligence sector will play a crucial role in such a dematerialized context, as the counterparts will be hostile and highly structured government agencies, with enormous funding, capable of conducting activities with unprecedented technological complexity.
Much work is being done, particularly in recent years, to better address this new challenge by establishing general rules on cybersecurity that are as EU-wide as possible . Numerous measures have been enacted, such as the now historic General Data Protection Regulation and the NIS Directive , and the very recent CyberSecurity ACT , which finally gives ENISA a permanent mandate and an operational role vis-à-vis member states.
While this is all commendable, the implementation and implementation of these regulations, at least within the national context, is slow and lacking. Whereas previously data simply needed to be protected, in this new “big challenge,” data must be protected to ensure people’s lives are safe . The most alarming thing is that we are designing these new systems in a way that isn’t entirely secure, and once they’re in place, it will already be too late to fix them.
Our world will be increasingly connected and dependent on new technologies, and progress will make society increasingly fragile, but the main problem with these gaps will likely remain the same: risk awareness and digital civic education.
We should start asking ourselves whether it’s necessary to bring cybersecurity into primary school, because in the near future, “wetware” will be increasingly prevalent and we cannot be caught unprepared.
Massimiliano Brolli