Understanding the strategic benefits of communications technologies

The contemporary landscape of conflict has evolved past the boundaries of traditional warfare, and is now primarily decided by modern technologies. Among the advances in destructive capacity and automation, communications is increasingly becoming a key area of strategic dominance. Tested and implemented in sensitive environments, these advances reveal a growing paradox between clandestine operations and public infrastructure. The public telecom infrastructure billions use to communicate is supported by aging interoperable infrastructure that is fundamentally insecure and susceptible to exploitation. Conversely, intelligence agencies, criminal syndicates and state backed cyber criminals enjoy bespoke private networks that are superior to anything available to the general public.

This divergence is not a coincidence. It is the result of different priorities. Public telecom providers value interoperability over updating outdated technologies and consumers value convenience over secure communications. Meanwhile, shadow organizations prioritize the unconstrained adoption of cutting edge open-source technologies to ensure operational resilience. Nowhere is this more apparent than inside criminal organizations that have fought against pervasive surveillance from adversaries and law enforcement. By building their own shadow infrastructure these groups have effectively de-coupled themselves from the global communications grid, forcing their adversaries to adopt increasingly invasive techniques for infiltration.

Advanced technical capabilities have become essential for modern clandestine operations. These groups do not merely use technology; they iterate with speed and often end up pioneering new technologies. The distrust of public cellular networks is deeply rooted in the collaboration between law enforcement and telecom providers. In the public sphere, calls and messages generate metadata and content that can be subpoenaed or intercepted through mass surveillance.

Equally as important, public networks are susceptible to infiltration from rival criminal organizations who can monitor one another’s communications. This leads to a constant cycle of counter intelligence that fuels innovation. It’s true that legal entities are susceptible to these types of attacks, but the incentives and motives for exploiting these entities are fundamentally different. The competitive nature of illicit organizations fuels a particular type of security forward innovation.

Criminals don’t trust the security of public telecommunications networks. You shouldn’t either.

The most significant vulnerabilities in public telecom infrastructure aren’t peripheral, they exist in the bedrock of PSTN and cellular services.

SS7 and Diameter

SS7 (Signal System No. 7) is a set of telephony protocols established in the 1970s and later standardized in the 1980s. SS7 is responsible for establishing and terminating communications primarily to 2G and 3G networks, but is still responsible for bridging communications to modern 4G and 5G networks. SS7 was developed to use “out-of-band” signalling, patching the vulnerabilities of “in-band” signalling that transmitted control signals and voice communication over the same audio frequencies. The fundamental flaw of SS7 is that it assumes everyone connecting to the network is a trusted telecommunications provider and does not include inherent authentication and encryption.

Diameter is the successor to SS7/RADIUS and acts as a AAA protocol that manages your identity on a cellular network. While SS7 orchestrated communications on 2G and 3G networks, Diameter serves as the gatekeeper for 4G and 5G LTE networks that are IP based. While Diameter supports TLS and IPsec, encryption is optional and each node needs to decrypt message data in order to read routing headers. In addition, your carrier will trust any message coming from a roaming interconnect that can be spoofed by a threat actor.

These vulnerabilities are actively exploited by most nation states for the purpose of global espionage and the tracking of high value targets. This begs the question – why don’t we replace SS7 and Diameter with modern “trustless” protocols? For a new standard to be adopted, every telecom provider on Earth would need to agree to the new protocols, tear out their existing legacy infrastructure and upgrade simultaneously without breaking interoperability. To put it simply, this isn’t possible until old technologies are phased out and old infrastructure is replaced. SS7 and Diameter will remain in place for years to come and will keep modern telecommunications vulnerable to intercept.

The Stingray Threat

Beyond the insecure network protocols underpinning the global telecom network, there are physical vulnerabilities in how data is transmitted from devices to cell towers. The GSM standards that 2G and 3G technologies rely on are inherently flawed. While a phone is required to mathematically authenticate to the network to prove a user is a paying subscriber the network itself is not required to authenticate back to the phone. This allows a threat actor to deploy a “Stingray” or IMSI catcher that masquerades as a legitimate cell tower and advertises a strong signal to your phone. Your phone will connect to the fake base station and can’t differentiate the Stingray from a legitimate cell tower. Once connected, the Stingray can extract information like your IMSI or act as a man in the middle, intercepting traffic through to the actual network while recording or modifying data.

Case Studies: Los Zetas and Mexican Cartels

Criminal Syndicates, particularly the Mexican cartels, realized early on that vulnerabilities in public telecom infrastructure can be exploited by rivals and federal law enforcement. To counter this, they have invested significant resources into building private networks that operate outside the control of the state.

These private networks started appearing when “Los Zetas” – a cartel with leadership composed of former members of the Mexican Army’s special forces – started using technologies that were previously provided by U.S. and Israeli special forces. Their military background gave them key insights into how these technologies could be used in clandestine operations. In the mid-2000s, Los Zetas began constructing a massive concealed radio network across Mexico and bordering states. This gave the Los Zetas free communication to coordinate drug shipments and monitor the locations of law enforcement or rival cartels. The construction and maintenance of these networks requires expertise that is hard to find within the ranks of a cartel, and as a result, many IT specialists were trafficked by these cartels to work on these networks full time.

The architecture of a narco-network

As the cost of radio hardware has plummeted, the cartels have built their strategy on sophisticated, software defined cellular networks. Their systems have become so state of the art that they provide a level of operational flexibility that rivals traditional mobile networks.

These networks use Software Defined Radio that allows for the creation of GSM compatible cellular networks using computers and radio peripherals. Open source software like OpenBTS was used to orchestrate these networks. Originally made to bring affordable cell service to remote areas, it was repurposed by the cartels. Peripherals like the Ettus USRP N210, a networked SDR that allowed sophisticated encryption and high speed data transfer, offered high tech at a low cost.

There were many environmental variables cartels had to consider; high frequencies couldn’t travel long distances and were easily blocked by terrain. Low frequencies travel much further and don’t require dense collections of cell towers. Cartels opted for lower frequencies to reduce the footprint of their infrastructure, making it harder for law enforcement to find their base stations. Sometimes parasite antennas were collocated with existing commercial towers and powered with solar panels, hiding them in plain sight.

Perhaps the most interesting method employed by cartels was how they encrypted traffic. Rather than employing standard encryption, they implemented a system of geographic and environmental authentication that is very hard to break. They used Diffie-Hellman as the key exchange algorithm, allowing two parties to establish a shared key over an insecure channel without transmitting a private key. Since Diffie-Hellman is susceptible to MITM attacks, they decided to add a system that incorporates environmental variables to randomize the generation of their keys. Keys were generated using precise GPS coordinates, exact time stamps and atmospheric conditions. The result of this key generation method was that an attacker must be physically present at the exact location, at the exact time, with knowledge of the specific environmental conditions to have any hope of intercepting the key exchange.

Low tech counterintellegence from law enforcement

Because these private networks are so robust, law enforcement agencies primarily choose to bypass intercepting communications using technology. Instead of trying to find a hole in the Cartel’s communications infrastructure, they opt for social engineering and agent infiltration. It’s true that many states have access to zero click spyware like Pegasus that can compromise an endpoint, rendering even the most secure communications protocols useless. However, these systems require exorbitant costs to purchase/maintain and require specific regulatory and geo-political green lights to be utilized effectively. As the criminal syndicates modernize and in some cases pioneer the use of communications technology, they push law enforcement to adopt risky and invasive methods that increase the cost of investigating illicit activity.

A divergence in technology

Public communications infrastructure is fundamentally vulnerable to surveillance and tracking by design and built on an obsolete model of assumed trust. It’s a system where a state or criminal actor can easily track your location or intercept your messages and phone calls. By contrast, technology developed and utilized in clandestine operations has surpassed what is publicly available. This may seem like a logical conclusion, since different applications of communications technology require varying degrees of confidentiality, but this divergence is emblematic of a larger trend. In a world where the average citizen is more vulnerable to surveillance than high level criminals, the distribution of power tilts towards those willing to adopt high tech solutions for communications and security. While publicly available services are convenient and don’t require much investment, there is another hidden cost; the ability to freely communicate without individual rights to privacy and security. This information asymmetry is not a mere technical detail. The ability to remain “private” has become the ultimate strategic advantage in an age of persistent conflict.

Unprecedented Demand

A massive wave of capital expenditure has hit the hardware industry as the demand for high preformance computing mounts. New data centers and investments in the necessary infrastructure required to power AI workloads have changed the macro-economic picture for the world, transforming the tech sector. The demand for high power, fast processing hardware is at its highest level in modern history. Markets are forcing companies to grapple with the breakneck pace of hardware innovation and evolving interdependencies powering an intelligence arms race. While many firms compete in the HPC business, CoreWeave and Core Scientific offer an insightful look into the volatile market for compute.

Trading one frothy industry for another, both companies pivoted from cryptocurrency PoW mining to HPC; CoreWeave by choice, while Core Scientific was forced to re-organize post bankruptcy in 2022. This wasn’t coincidental. Both transitions signal a wider shift in tech: harnessing fungible assets and cutting edge technologies to cash in on speculation. By restructuring their businesses, CoreWeave and Core Scientific have exposed the acute challenges of securing resources for high-performance hardware. While one might assume their data center experience primed them for the transition to HPC, the truth is only some of their infrastructure and knowledge is transferable to running AI workloads.

On its face, the reasoning behind the transition may seem obvious. Billions of dollars is being invested in the hardware and utilities used by neo-cloud providers to support the largest companies in the world. The influx of capital is the main reason, but the economics of cryptocurrency mining has become increasingly unfavorable for data center operators, expediting the transition. CoreWeave recognized this early, when their original fleet of GPUs used to mine Ethereum were rendered useless when the blockchain’s consensus mechanism switched from Proof of Work to Proof of Stake. This eliminated the block rewards and primary cash flow for CoreWeave, fueling the early transition to HPC. Core Scientific was forced to restructure as they primarily used their ASIC hardware to mine Bitcoin, which still uses Proof of Work as its consensus mechanism. In 2022 the cryptocurrency market entered a cyclical depression, causing the cost of mining Bitcoin to drastically exceed the block rewards paid to miners like Core Scientific. This coupled with the bankruptcy of Celsius Network – one of Core Scientific’s largest customers – contributed to Core Scientific’s bankruptcy in 2022. Post bankruptcy Core Scientific still mines Bitcoin, but their focus is shifting to HPC services. CoreWeave is now Core Scientific’s largest customer and is the larger company. More on that to follow.

Justifying the Transition

The capex required to build neo-cloud infrastructure from the ground up is on the order of 10X-15X what it would take to stand up a similarly scaled mining operation. Even with these additional expenses, there are some very compelling reasons to pivot from mining to HPC:

1. Revenue Quality
   • Crypto mining operations have two revenue sources: Proceeds from block rewards and energy arbitrage. These are very volatile revenue sources that require a lot of financial engineering and speculation.
   • Neo-clouds have one primary revenue source: Renting HPC capacity to clients, usually in strategic partnerships over a number of years.
2. Commodifiable Resources
   • Crypto miners are positioned preferably for the transition to HPC because they have the base commodities necessary to support neo-cloud infrastructure. They have the power permitting, facilities and municipal approvals required to operate a data center.
3. Excess Demand
   • The projected demand for ALL cloud services is expected to increase. This includes mid-level enterprise demand that can cushion the blow of decreased AI related demand or hardware lifecycling.
4. Productivity
   • Crypto mining provides settlement insurance, which is fancy talk for trustlessly verifying transactions for third parties on the Bitcoin network. The productive use cases for this technology are dubious. Blockchain technology has failed to capture much of the finance industry, and the Bitcoin blockchain is antiquated compared to its contemporary alternatives.
   • Cloud service providers offer a utility to customers rather than a security assurance. Neo-clouds offer a laboratory for innovation, accelerating AI research and running AI models. Hyperscalers provide stable infrastructure for running the digital economy (Never ask a blockchain developer where they host their front end).

While these factors are seemingly apparent, demand for HPC will be inelastic in the short term and elastic in the long term. Crypto mining and the neo-cloud business are speculative. What’s important to remember is the distinction: Cloud services are driving productivity growth and running the digital economy. Cryptocurrencies and blockchain tech are still searching for an addressable market (outside of illicit activity and money laundering) more than a decade after the first wave of institutional investment.

Capitalizing on Existing Resources

Neo-cloud infrastructure can be split into three layers:

Layer 1: Fungible infrastructure and commodities: Land, utility access and real estate. Layer 2: Heat management and power density: Liquid cooling equipment, cabling, generators and PDUs. Layer 3: Hardware: Rackspace, nodes, networking gear and orchestration.

Firms switching from Bitcoin mining to Neo-cloud services can capitalize on layer 1. Layer 1 contains fungible resources that can – for the most part – be transferred, re-permitted or transformed to meet HPC standards. Layer 2 and 3 require total overhauls, as the density, networking and power requirements are more demanding for HPC workloads.

Core Scientific is making the strategic pivot by adding to their existing Layer 1 resources. They’ve recognized the demand for land and power creates a bottleneck for new entrants. The approval process for building a data center has become a major blocker preventing new construction. Many constituents do not want data centers anywhere near their property. The resource constraints, decrease in property values and noise pollution put pressure on the immediate area surrounding a data center. For these reasons, the areas ripe for new data centers are finite and the demand spurred by record investment is continuously added to a growing back-log.

Restructuring

Core Scientific is not alone in this transition. Mining companies like Hut 8, Applied Digital and TeraWulf are making similar moves, looking to diversify or completely change their revenue sources. This does not reflect well on the cryptocurrency industry. The Bitcoin protocol has mechanisms to balance the difficulty of mining when mining becomes unprofitable, but the large mining operations stand the most to lose when demand dies down. Market fluctuations can bankrupt a company, Core Scientific being a prominent example. On the other hand, switching to HPC provides investment and a stable revenue source. GPUs are susceptible to Moore's Law , but gradually lifecycling hardware over a number of years is preferable to volatility in crypto markets rendering all of your Bitcoin ASICs worthless.

CoreWeave has now made two attempts to acquire Core Scientific. In the summer of 2024 Core Scientific’s board rejected the sale stating it “significantly undervalued” the company. One year later in July 2025 the acquisition was attempted again by CoreWeave. Interestingly, the sale was rejected by shareholders after being approved by Core Scientific’s board. This hiccup in corporate governance was spearheaded by Two Seas Capital; one of the largest shareholders. They managed to convince many shareholders and more importantly the two large proxy voting firms (who control voting decisions for asset managers like Vanguard, Black Rock etc.) to strike down the deal (who control voting decisions for asset managers like Vanguard, Black Rock etc.) to strike down the deal. CoreWeave still remains Core Scientific’s largest customer. . CoreWeave still remains Core Scientific’s largest customer.

This turbulent relationship that CoreWeave and Core Scientific share is emblematic of a larger trend pushing firms to reconfigure their infrastructure and allocate foundational resources like land and power effectively.

The AI Trade Off

Utilizing an AI agent requires you to strike a balance between the agent’s access and effectiveness. If you give the agent too much access, the limits to their power and potential damage from an attack or malfunction are greatly increased. Alternatively, if you constrict an agent’s permissions and movement you dampen its effectiveness, making it – in many cases – the wrong tool for the job. Among my engineering friends we have a saying that encapsulates this issue with generative AI broadly: “AI ideas go through InfoSec first.” We don’t say this out of laziness, rather, to help an enterprise understand the primary trade off you make when AI is introduced in a production environment: Security and predictability. You see, when these ideas are first pitched by an executive or director, it’s better to let InfoSec kill dreams or at least present the trade offs before any engineering work occurs. Many people – from no wrong doing of their own – buy into new tech before an organization is ready to absorb the costs of implementing new tech. Companies must be strategic about what new technologies are appropriate or risk the cost and time waste from a rogue project that becomes larger than the problem they originally set out to fix.

A new AI agent called Clawdbot (renamed Moltbot) exemplifies this trade off as well as any example I can think of. It’s marketed as “You’re own AI assistant”, with the compelling promise to manage your digital life hands free. You give the agent instructions and it will carry out lengthy tasks that require recall and critical thinking on your behalf. From a technical perspective, the capabilities and integrations offered by Clawdbot are both impressive and terrifying. Clawdbot can comb through your email to connect messages with outside contexts, push code to github and orchestrate a workflow that utilizes multiple pieces of software.

Admittedly, I was on board right away, as I have the resources and time to waste automating tasks for vanity. However, as I read through the documentation, I realized that Clawdbot would have user level access to execute commands. As someone with a homelab, this was discouraging news as I value the security of services running on my home network. I could create a separate VLAN blastwalled from the rest of my LAN and run it in a container, but that would halve the potential use cases. Whatever – that’s fine I’ll just use it to automate some email tasks and organization. Before I could start I had another thought: “What if I receive an email with a prompt injection?” The possibilities for a malicious attacker are exponential. “What if the readme from a github repository contains an html or json file with a prompt injection payload?” I’d be forfeiting any of the information needed by the agent to a threat actor targeting this type of autonomous execution. In an instant, the potential risks and the work required to lock this agent down immediately outweighed any productivity I would gain.

This is the trade off we face as we move into the AI era. The power we give these tools can have an inverse relationship with our security and can compound an attack surface when you integrate software or services. My use case was superficial, but the use cases for AI agents promoted by tech companies are much more technical and sensitive. Increasing the functionality of these agents in a production environment would require extensive safeproofing especially if sensitive information is involved. One might also think about how these new technologies will affect standards set by NIST and ISO. The challenge of establishing an auditable standard for these tools is not lost on me. As I familiarize myself with cutting edge AI tech, the concerns about infrastructure and cost become less pronounced, while the challenges that come with securing and utilizing these tools remain top of mind. The leverage AI can unlock belongs to those who can strike this balance between efficacy and security.