The Malware Industrial Complex 32
holy_calamity writes "MIT Technology Review reports that efforts by U.S. government agencies and defense contractors to develop malware to attack enemies is driving a black market in zero-day vulnerabilities. Experts warn that could make the internet less secure for everyone, since malicious code is typically left behind on targeted systems and often shows up on untargeted ones, providing opportunities for reverse engineering. '"On the one hand the government is freaking out about cyber-security, and on the other the U.S. is participating in a global market in vulnerabilities and pushing up the prices," says Soghoian, who says he has spoken with people involved in the trade and that prices range from the thousands to the hundreds of thousands. Even civilian law-enforcement agencies pay for zero-days, Soghoian says, in order to sneak spy software onto suspects’ computers or mobile phones.'"
What is particularly insane... (Score:5, Insightful)
What is especially crazy about promoting a less secure environment for everyone, just so that you can hack your enemies, is that the US is among the more dependent on hackable IT systems...
Sure, neither computers nor good hackers are free; but they are cheap and broadly available enough that more or less any country that isn't starving to death in its own filth(and some that are) can trivially afford some. Even relatively petty gangs can run a profit by fielding a few. Vulnerability, though, is something that you accrue as your society becomes increasingly dependent on electronic communications and finance, SCADA-controlled industrial base, etc.
So, if you reduce security overall, you increase your own vulnerability to every last hellholistani intelligence service, nationalist script kiddie, and slimy pin-skimmer gang, in order to infiltrate the systems of people who probably depend less on computers than you do.
Genius, really.
Hypocrisy by USG? (Score:0, Insightful)
What a contrast. On one hand the US government is lobbying for more stringent gun control laws, but on the other encouraging a cottage industry of vulnerability development with their actions. I guess malware doesn't infect computers, hackers do!