Zero-day black market bolstered by 'malware industrial complex'

Stefan Mileschin · 15th February 2013, 07:30

The US government's plans to develop new computer weapons is driving a black market in zero-day bugs which could make life more dangerous for the rest of us.

According to MIT's Technology Review, the methods by which governments, contractors, and researchers are developing cyber-weapons is putting internet users at risk.

For a while now hackers have become aware that the number of bugs being unveiled has dropped dramatically. The reason is that zero-day bugs can be cashed in to defence contractors, security agencies and governments who can use them in cyber weapons.

After Stuxnet, the United States and governments around the world have been paying more and more for the exploits needed to make such weapons work.

According to Christopher Soghoian, a principal technologist at the American Civil Liberties Union, on one hand, the US the government is freaking out about cyber-security, and on the other it is participating in a global market in vulnerabilities and pushing up the prices.

Even civilian law-enforcement agencies pay for zero-days, Soghoian says, in order to sneak spy software onto suspects' computers or mobile phones.

Currently the top dollar is being paid for zero day hacks into mobile phone operating systems which are rarely updated, meaing flaws can be exploited for a long time.

At the moment, whoever discovers a zero-day vulnerability receives a monthly payment as long as a flaw remains undiscovered.

A Bangkok, Thailand-based security researcher who goes by the name "the Grugq" has spoken to the press about negotiating deals worth hundreds of thousands of dollars with government buyers from the United States and Europe.

The French security company VUPEN demonstrated a zero-day flaw that compromised Google's Chrome browser, but turned down Google's offer of a $60,000 reward if they would share how it worked. The guess is that they had sold it to a government.

So far, no US government agency has gone on the record as saying that it buys zero-days. But they have begun to publicly acknowledge that they intend to launch as well as defend against cyberattacks. The only way to do that is buying zero days.

http://news.techeye.net/security/zer...strial-complex

15th February 2013, 07:30	#1
Stefan Mileschin [M] Reviewer Join Date: May 2010 Location: Romania Posts: 148,500	Zero-day black market bolstered by 'malware industrial complex' The US government's plans to develop new computer weapons is driving a black market in zero-day bugs which could make life more dangerous for the rest of us. According to MIT's Technology Review, the methods by which governments, contractors, and researchers are developing cyber-weapons is putting internet users at risk. For a while now hackers have become aware that the number of bugs being unveiled has dropped dramatically. The reason is that zero-day bugs can be cashed in to defence contractors, security agencies and governments who can use them in cyber weapons. After Stuxnet, the United States and governments around the world have been paying more and more for the exploits needed to make such weapons work. According to Christopher Soghoian, a principal technologist at the American Civil Liberties Union, on one hand, the US the government is freaking out about cyber-security, and on the other it is participating in a global market in vulnerabilities and pushing up the prices. Even civilian law-enforcement agencies pay for zero-days, Soghoian says, in order to sneak spy software onto suspects' computers or mobile phones. Currently the top dollar is being paid for zero day hacks into mobile phone operating systems which are rarely updated, meaing flaws can be exploited for a long time. At the moment, whoever discovers a zero-day vulnerability receives a monthly payment as long as a flaw remains undiscovered. A Bangkok, Thailand-based security researcher who goes by the name "the Grugq" has spoken to the press about negotiating deals worth hundreds of thousands of dollars with government buyers from the United States and Europe. The French security company VUPEN demonstrated a zero-day flaw that compromised Google's Chrome browser, but turned down Google's offer of a $60,000 reward if they would share how it worked. The guess is that they had sold it to a government. So far, no US government agency has gone on the record as saying that it buys zero-days. But they have begun to publicly acknowledge that they intend to launch as well as defend against cyberattacks. The only way to do that is buying zero days. http://news.techeye.net/security/zer...strial-complex

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Windows RT jailbreak automates a complex hack	Stefan Mileschin	WebNews	0	14th January 2013 09:09
Aleutia Relia Industrial PC Review	Stefan Mileschin	WebNews	0	5th December 2012 09:15
STMicroelectronics First to Simplify Complex Routing With New DisplayPort 1.2 Device	Stefan Mileschin	WebNews	0	1st November 2012 08:05
New Wireless, Rechargeable Keyboard is Back in Black for Industrial Applications	Stefan Mileschin	WebNews	0	18th October 2012 08:14
Samsung's SHV-E170K has dual-core Snapdragon, LTE and an inferiority complex	Stefan Mileschin	WebNews	0	14th May 2012 07:51
ASRock Releases its First Industrial PC Motherboards	Stefan Mileschin	WebNews	0	17th February 2012 08:02
Asus Maximus III Formula: the Most "Complex" LGA1156 Mainboard	jmke	WebNews	0	3rd January 2010 12:35
PC market hits wall in 4Q, IT market to tank in 2009	jmke	WebNews	0	15th January 2009 16:45
Graphics Adapter Market Skyrockets in Q3, ATI Starts to Fight Back Market Share	jmke	WebNews	0	28th October 2008 16:20
Market of Graphics Adapters Flat as Intel Grabs Highest Market Share in Years	jmke	WebNews	0	8th August 2008 17:44