It appears you have not yet registered with our community. To register please click here...

 
Go Back [M] > Madshrimps > WebNews
Whistleblower sheds light on global zero day exploits market Whistleblower sheds light on global zero day exploits market
FAQ Members List Calendar Search Today's Posts Mark Forums Read


Whistleblower sheds light on global zero day exploits market
Reply
 
Thread Tools
Old 17th January 2013, 07:26   #1
[M] Reviewer
 
Stefan Mileschin's Avatar
 
Join Date: May 2010
Location: Romania
Posts: 148,055
Stefan Mileschin Freshly Registered
Default Whistleblower sheds light on global zero day exploits market

Security researchers and hackers around the world are in locked in a constant struggle to detect security weaknesses in a wide range of software, and a whistleblower has revealed the enormous market for selling on the information.

The result of their fattening labour are zero-day exploits, bits of custom code specifically tailored to exploit software flaws which have not been made public yet. While they may sound scary to the average user, they are also a vital resource for security researchers. However, in the wrong hands they can cause plenty of havoc, as they can be deployed as cyber weapons used by governments, or the 21st century equivalent of a crowbar in the ever growing cybercrime scene.

What most people don't know is that zero-day exploits are being traded on a routine basis. Legitimate companies are selling them to governments, law enforcement agencies or other security outfits. However, as Slate found in its excellent report, the market is unregulated and there are concerns that rogue governments could simply buy exploits they might need for their next cyber attacks.

For example, undisclosed vulnerabilities in Windows were put to good use by the developers of the Stuxnet virus, which targeted Iranian nuclear enrichment facilities. A Chinese hacker group also used zero-day exploits found in Flash and Internet Explorer to target more than 1,000 computers used by corporations and human rights groups.

The risky trade has prompted whistle-blowers to come forward and shed a bit more light on the practice. Andriel Desautels, a 36-year-old exploit broker from Boston, claims to have sold exploits for as much as $250,000. However, although the market is unregulated, Desautels has his own rules. His company will not sell exploits abroad, it only operates with US clients who he claims are rigorously vetted before any deal is sealed.

"As technology advances, the effect that zero-day exploits will have is going to become more physical and more real," he said. "The software becomes a weapon. And if you don't have controls and regulations around weapons, you're really open to introducing chaos and problems."

Desautels warns that greedy and irresponsible people could sell exploits to anybody, or that they could sell the same exploit over and over again. In one scenario, two governments could use the same exploit to target each other.

"If I take a gun and ship it overseas to some guy in the Middle East and he uses it to go after American troops - it's the same concept," Desautels said.

The dangers of the exploit trade have already been recognised in Europe. Dutch politician Marietje Schaake is calling for new laws which should curb the trade. She describes zero-day exploits as "digital weapons" and says the European Commission should take action. Schaake believes the commission should create an entirely new regulatory framework that would include the trade in zero-day exploits.

Such a move would encourage researchers and hackers to act more responsibly and fix the vulnerabilities, rather than sell them on to the black or gray markets.

http://news.techeye.net/security/whi...xploits-market
Stefan Mileschin is offline   Reply With Quote
Reply


Similar Threads
Thread Thread Starter Forum Replies Last Post
NSA Whistleblower Says All E-mails Are Monitored Stefan Mileschin WebNews 0 7th December 2012 07:46
Global Market for USB 3.0 Devices to Grow More Than 500% Through 2016 Stefan Mileschin WebNews 0 15th November 2012 09:49
ASUS X79 Motherboards Hold 70% Global Market Share Stefan Mileschin WebNews 0 10th January 2012 08:01
Intel keynote sheds light on forthcoming products jmke WebNews 0 3rd June 2009 13:57
Leaked AMD Memo Sheds Light on Phenom CPU, Motherboard Availability jmke WebNews 0 10th December 2007 13:16
Intel Sheds Light on "Penryn" Enhancements jmke WebNews 0 6th August 2007 16:01

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


All times are GMT +1. The time now is 02:07.


Powered by vBulletin® - Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO