State actors are paying impressive amounts of money to develop offensive capabilities
Over the past years, governments and state-operated intelligence agencies have started to rely more and more on undisclosed zero-day exploits to achieve various goals. However, experts warn that such practices will make the Internet less safe for everyone.Many security experts responsibly disclose the vulnerabilities they find. They do it for fame, money or for ethical reasons. However, over the last period, many researchers have decided to sell their findings to governments instead.
MIT’s Technology Review highlights that the use of zero-day exploits by governments, the US government in particular, will reshape international relations and it will seriously affect the safety of the internet.
Not to mention the fact that growing portions of the US national defense budget will likely be directed for such purposes. This isn’t surprising considering that zero-day exploits are reportedly sold for hundreds of thousands of dollars in some cases.
The use of the notorious Stuxnet malware against Iranian nuclear facilities is only one example, but several other similar threats have been uncovered since.
Christopher Soghoian, a principal technologist at the American Civil Liberties Union, told Technology Review that governments from around the world are paying serious amounts of money for exploits that can help them develop Stuxnet-like weapons.
“On the one hand the government is freaking out about cyber-security, and on the other the U.S. is participating in a global market in vulnerabilities and pushing up the prices,” Soghoian explained.
The expert says that civilian law enforcement agencies are also utilizing zero-days to spy on the computers of mobile phones of suspects.
While most governments have denied taking part in such trades, some officials have hinted that their cyber security defense strategy involves the use of malware.
For instance, last year, the Director of the US National Security Agency, General Keith Alexander, said that the country could do much more than just block cyberattacks.
In addition, the US Air Force openly requested proposals for developing systems that could “destroy” adversaries.