Cyber-security : The digital arms trade

/21574478-market-software-helps-hackers-

  • Cyber-security: The digital arms trade | The Economist
    http://www.economist.com/news/business/21574478-market-software-helps-hackers-penetrate-computer-systems-digital

    The market for software that helps hackers penetrate computer systems.

    IT IS a type of software sometimes described as “absolute power” or “God”. Small wonder its sales are growing. Packets of computer code, known as “exploits”, allow hackers to infiltrate or even control computers running software in which a design flaw, called a “vulnerability”, has been discovered. Criminal and, to a lesser extent, terror groups purchase exploits on more than two dozen illicit online forums or through at least a dozen clandestine brokers, says Venkatramana Subrahmanian, a University of Maryland expert in these black markets. He likens the transactions to “selling a gun to a criminal”.

    (...)

    Exploits themselves are generally legal . Several legitimate businesses sell them. (...). The firm buys a lot from three dozen independent hackers who, like clients, are carefully screened to make sure they are not selling code to anyone else, and especially not to a criminal group or unfriendly government.

    (...)

    Laws to ban the trade in exploits are being mooted. Marietje Schaake, a Dutch member of the European Parliament, is spearheading an effort to pass export-control laws for exploits. It is gathering support, she says, because they can be used as “digital weapons” by despotic regimes. For example, they could be used to monitor traffic on a dissident’s smartphone. However, for a handful of reasons, new laws are unlikely to be effective.

    (...)

    #Profit

    • This Pentagon Project Makes Cyberwar as Easy as Angry Birds
      http://www.wired.com/dangerroom/2013/05/pentagon-cyberwar-angry-birds/all

      Perhaps. But I wonder aloud whether developing a cyberattack infrastructure enhances security — or undermines it. Whether he’s building a market for network mayhem. The U.S. government, according to several published reports, is already the biggest buyer of malware that takes advantage of previously unknown computer vulnerabilities. That’s driving up the price of these “zero days,” and making their discovery an even more lucrative enterprise. Couldn’t the same thing happen with Plan X?