Information Security News
mailing list archives
Cyberwar’s Gray Market
From: InfoSec News <alerts () infosecnews org>
Date: Tue, 15 Jan 2013 00:23:31 -0600 (CST)
By Ryan Gallagher
Jan. 14, 2013
Behind computer screens from France to Fort Worth, Texas, elite hackers
hunt for security vulnerabilities worth thousands of dollars on a
secretive unregulated marketplace.
Using sophisticated techniques to detect weaknesses in widely used
programs like Google Chrome, Java, and Flash, they spend hours crafting
“zero-day exploits”—complex codes custom-made to target a software flaw
that has not been publicly disclosed, so they can bypass anti-virus or
firewall detection to help infiltrate a computer system.
Like most technologies, the exploits have a dual use. They can be used
as part of research efforts to help strengthen computers against
intrusion. But they can also be weaponized and deployed aggressively for
everything from government spying and corporate espionage to flat-out
fraud. Now, as cyberwar escalates across the globe, there are fears that
the burgeoning trade in finding and selling exploits is spiralling out
of control—spurring calls for new laws to rein in the murky trade.
Some legitimate companies operate in a legal gray zone within the
zero-day market, selling exploits to governments and law enforcement
agencies in countries across the world. Authorities can use them
covertly in surveillance operations or as part of cybersecurity or
espionage missions. But because sales are unregulated, there are
concerns that some gray market companies are supplying to rogue foreign
regimes that may use exploits as part of malicious targeted attacks
against other countries or opponents. There is also an anarchic black
market that exists on invite-only Web forums, where exploits are sold to
a variety of actors—often for criminal purposes.
Visit the InfoSec News Security Bookstore
Best Selling Security Books and More!
- Cyberwar’s Gray Market InfoSec News (Jan 15)