Madison Ruppert
End the Lie
May 11, 2013
According to a new report, the United States government is now in fact the single largest buyer of malware in the world thanks to the shift to “offensive” cybersecurity and is leaving us all vulnerable in the process.
Speaking of the government’s new focus on offensive cybersecurity, former White House cybersecurity advisors Howard Schmidt and Richard Clarke both told Reuters that the government is putting so much emphasis on offensive measures that it ultimately leaves people in the U.S. at risk.
“If the U.S. government knows of a vulnerability that can be exploited, under normal circumstances, its first obligation is to tell U.S. users,” Clarke said. “There is supposed to be some mechanism for deciding how they use the information, for offense or defense. But there isn’t.”
In order for the government to exploit vulnerabilities discovered in major software, they cannot disclose those vulnerabilities to the manufacturers or the public, lest the exploit be fixed.
According to the Verge, the pursuit of those vulnerabilities is quite costly, “zero-day exploits (those which are unknown to software developers at the time of discovery) have been known to sell for as much as $50,000 – $100,000 each.”
These zero-day exploits are then packaged into weaponized malware and sold to anyone from cybercriminals to repressive governments.
The entities can then use that malware for spying on their own citizens – though you can always get a nice sleek package like FinFisher which was marketed directly to the United States – or even sabotage a nuclear facility as was the case with the US/Israeli-developed Stuxnet.
“My job was to have 25 zero-days on a USB stick, ready to go,” one former executive at a defense contractor told Reuters. The defense contractor would purchase vulnerabilities from independent hackers and then turn them into exploits for the government to use as an offensive cyberweapon.