Cyberwars mercenaries are now operating in the open. Some even provide a pricelist. The criminal hacker underground has been around for over two decades, offering their services for illegal acts. Towards the end of the Cold War, West German hackers were caught, and convicted, for their work in the service of the Soviet Union. Recently, on one Russian site (forum.carderplanet.cc), hackers offered to launch a DDOS (Distributed Denial of Service) attack to shut down a web site for from $60 (for six hours) to $2,000 (for a week.) More covert operators offer to penetrate government and business sites to obtain secret information, but for much higher fees. However, you have to be careful with this, as some nations have cyberwar organizations that run sting operations to try and catch and, if not prosecute, then at least identify, such operators. The underground has a system of middlemen (call them brokers) who will verify that a client is not a cop, and that the hacker can indeed perform the service contracted for. Costs at this level can easily go to six figures, or more, depending on the difficulty of the penetration.
Some government and commercial networks are virtually impenetrable via the Internet, because they are not physically connected to the Internet. Even those networks can be breached, but that involves more than just fancy programming. Many networks that are on the Internet are very difficult to get into. So the fee for such a penetration would be quite high (over a million dollars would not be unreasonable), and the time required for such a job could be measured in weeks, or months. Moreover, such breaches would most likely be one time affairs, as the security for high value sites is constantly upgraded.
This is truly a war in the shadows, with secrecy being an important weapon. The players can only stay in business if they keep their identities, and their current bag of tricks, secret. At the highest level of Internet security, government cyberwar organizations try and at least identify the major operators. Getting a foreign government to arrest these guys is often difficult, or impossible (if the operator is a government employee or has obtained the protection of the government of the country he lives in.) By at least knowing who the operators are, and trying to track what they are working on, you can better prepare yourself against penetration attempts or other net mischief by these aces.
The main players in this game know that if they pull off a penetration that kicks up too much of a fuss (like messing with secret American war on terror files), they could find their defenses under serious attack. But there are many hackers out there with more skill, and confidence, than common sense. The potential is there for someone who is doing well hacking into banks, to take a well paid job from, say, al Qaeda, and get caught at it. That may show up in an adventure novels many times before it happens for real. But the potential is there. And for a small investment, you can hire a cyber hit man for a small job, just to prove to yourself that such things actually exist. Then again, you might just get scammed.