Information Warfare: Cyberweapon Auctions

Archives

July 23, 2006: Cyber War just got a little easier, if you are willing to pay for information. Hey, who isn't? With criminal organizations turning spam, and Internet based fraud, into big business, some geeks have gone mercenary and are now auctioning off flaws they have found in software that run on the Internet .
If you know about newly discovered software flaws, you can take advantage of these largely unknown Internet vulnerabilities, which allow you access to many business, government and military computers. This sort of thing is called, "using high value exploits" (flaws in code that are not yet widely known). This is expensive, and requires more skill to use. But, more and more, there are hackers for hire. Skilled hackers, who know they are working on the wrong side of the law, and know how to do the job, take the money, and run. This situation has developed because organized crime has discovered the Internet, and the relatively easy money to be made via Internet extortion and theft. Governments that have established a Cyber War capability do the same things the crooks do, but with the intention of crippling Internet capabilities of enemy nations.
Last year, eBay found people trying to auction off newly discovered flaws in programs like Internet Explorer, Windows and other Microsoft applications that the majority of computer owners use. While the auctions were pitched as a public service (with computer security firms and software publishers doing the bidding and buying), eBay knew that criminals would be bidding as well, and these auctions were banned. So the action went underground, but not too far underground. There are a growing number of auctions, with thousands of dollars being paid for each exploit.
These exploits have a short shelf life, as the software publishers eventually know about the problems and fix their code. Actually, that still leaves millions of PCs, which do not update their software frequently, vulnerable. Government PCs are often not patched in a timely fashion. So some vulnerabilities remain dangerous for months.
No one will admit it, but Cyber War organizations are probably out their bidding for these vulnerabilities. For in Cyber War, these exploits are basically what is used as ammunition. And it's ammunition with a short shelf life, so supplies must be constantly replaced.

 

X

ad

Help Keep Us From Drying Up

We need your help! Our subscription base has slowly been dwindling.

Each month we count on your contributions. You can support us in the following ways:

  1. Make sure you spread the word about us. Two ways to do that are to like us on Facebook and follow us on Twitter.
  2. Subscribe to our daily newsletter. We’ll send the news to your email box, and you don’t have to come to the site unless you want to read columns or see photos.
  3. You can contribute to the health of StrategyPage.
Subscribe   Contribute   Close