[ISN] Cyberwars Gray Market

From: InfoSec News <alerts_at_private>
Date: Tue, 15 Jan 2013 00:23:31 -0600 (CST)
http://www.slate.com/articles/technology/future_tense/2013/01/zero_day_exploits_should_the_hacker_gray_market_be_regulated.html

By Ryan Gallagher
Slate
Jan. 14, 2013

Behind computer screens from France to Fort Worth, Texas, elite hackers 
hunt for security vulnerabilities worth thousands of dollars on a 
secretive unregulated marketplace.

Using sophisticated techniques to detect weaknesses in widely used 
programs like Google Chrome, Java, and Flash, they spend hours crafting 
“zero-day exploits”—complex codes custom-made to target a software flaw 
that has not been publicly disclosed, so they can bypass anti-virus or 
firewall detection to help infiltrate a computer system.

Like most technologies, the exploits have a dual use. They can be used 
as part of research efforts to help strengthen computers against 
intrusion. But they can also be weaponized and deployed aggressively for 
everything from government spying and corporate espionage to flat-out 
fraud. Now, as cyberwar escalates across the globe, there are fears that 
the burgeoning trade in finding and selling exploits is spiralling out 
of control—spurring calls for new laws to rein in the murky trade.

Some legitimate companies operate in a legal gray zone within the 
zero-day market, selling exploits to governments and law enforcement 
agencies in countries across the world. Authorities can use them 
covertly in surveillance operations or as part of cybersecurity or 
espionage missions. But because sales are unregulated, there are 
concerns that some gray market companies are supplying to rogue foreign 
regimes that may use exploits as part of malicious targeted attacks 
against other countries or opponents. There is also an anarchic black 
market that exists on invite-only Web forums, where exploits are sold to 
a variety of actors—often for criminal purposes.

[...]


______________________________________________
Visit the InfoSec News Security Bookstore
Best Selling Security Books and More!
http://www.shopinfosecnews.org 
Received on Mon Jan 14 2013 - 22:23:31 PST

This archive was generated by hypermail 2.2.0 : Mon Jan 14 2013 - 22:31:25 PST