Cyber-arms industry

Last updated

The cyber-arms industry are the markets and associated events [1] surrounding the sale of software exploits, zero-days, cyberweaponry, surveillance technologies, [2] and related tools [3] for perpetrating cyberattacks. The term may extend to both grey and black markets online and offline. [4]

Contents

For many years, the burgeoning dark web market remained niche, available only to those in-the-know or well-funded. Since at least 2005, governments including the United States, United Kingdom, Russia, [5] France, and Israel have been buying exploits from defence contractors and individual hackers. [6] This 'legitimate' market for zero-day exploits exists [4] but is not well advertised or immediately accessible.

Attempts to openly sell zero-day exploits to governments and security vendors to keep them off the black market have so far been unsuccessful. [7]

Companies

Traditional arms producers and military services companies such as BAE Systems, EADS, Leonardo, General Dynamics, Raytheon, and Thales have all expanded into the cybersecurity markets. However, smaller software companies such as Blue Coat and Amesys have also become involved, often drawing attention for providing surveillance and censorship technologies to the regimes of Bashar al-Assad in Syria and Muammar Gaddafi in Libya. [8]

Suppliers of exploits to western governments include the Massachusetts firm Netragard. [9]

The trade show ISS World that runs every few months has been referred to as the 'international cyber arms bazaar' and the 'wiretappers ball' [10] focuses on surveillance software for lawful interception.

Some other cyberarms companies include Endgame, Inc., Gamma Group, NSO Group, and Ability. Circles, a former surveillance business, merged with NSO Group in 2014. [11]

On 26 July 2017 Google researchers announced the discovery of new spyware they named "Lipizzan". According to Google, "Lipizzan's code contains references to a cyber arms company, Equus Technologies.". [12] [13]

On the Internet

The most popular Internet forums are generally in Russian or Ukrainian and there are reports of English-only, Chinese-only, German-only, and Vietnamese-only sites, among others. Phishing, spear-phishing, and other social engineer campaigns are typically done in English, as a majority of potential victims know that language. [4] India's Central Bureau of Investigation describe the proliferation of underground markets as 'widespread'. [9] Colonel John Adams, head of the Marine Corps Intelligence Activity has expressed concerns these markets could allow cyberweaponry to fall into the hands of hostile governments which would otherwise lack the expertise to attack an advanced country's computer systems.[ dubious discuss ]

Online, there is increasing uses of encryption and privacy mechanisms such as off the record messaging and cryptocurrencies. [4]

Since 2005 on darknet markets and black markets such as the 'Cyber Arms Bazaar' have had their prices dropping fast with the cost of cyberweaponry plummeting at least 90 percent. [14]

Botnets are increasingly rented out by cyber criminals as commodities for a variety of purposes. [15]

RDP shops offer cheap access to hacked computers. [16]

Recent research has indicated that countries will also begin to use artificial intelligence as a tool for national cyberdefense. AI is a new factor in the cyber arms industry, as it can be used for defense purposes. Therefore, academics urge that nations should establish regulations for the use of AI, similar to how there are regulations for other military industries. [17]

Vendor responses

In recent years, many software firms have had success with bug bounty programs, but in some cases such as with Vupen's Chrome exploit these will be rejected as below market value. Meanwhile, some vendors such as HP spent more than $7 million between 2005 and 2015 buying exploits for its own software. This behaviour has been criticised by head of the United States Cyber Command, General Keith Alexander. This criticism then is known as "building the black market". [9]

Notable markets

See also

Related Research Articles

<span class="mw-page-title-main">Computer security</span> Protection of computer systems from information disclosure, theft or damage

Computer security is the protection of computer software, systems and networks from threats that may result in unauthorized information disclosure, theft of hardware, software, or data, as well as from the disruption or misdirection of the services they provide.

<span class="mw-page-title-main">Cybercrime</span> Type of crime based in computer networks

Cybercrime encompasses a wide range of criminal activities that are carried out using digital devices and/or networks. These crimes involve the use of technology to commit fraud, identity theft, data breaches, computer viruses, scams, and expanded upon in other malicious acts. Cybercriminals exploit vulnerabilities in computer systems and networks to gain unauthorized access, steal sensitive information, disrupt services, and cause financial or reputational harm to individuals, organizations, and governments.

<span class="mw-page-title-main">Citizen Lab</span> Digital research center at the University of Toronto

The Citizen Lab is an interdisciplinary laboratory based at the Munk School of Global Affairs at the University of Toronto, Canada. It was founded by Ronald Deibert in 2001. The laboratory studies information controls that impact the openness and security of the Internet and that pose threats to human rights. The organization uses a "mixed methods" approach which combines computer-generated interrogation, data mining, and analysis with intensive field research, qualitative social science, and legal and policy analysis methods. The organization has played a major role in providing technical support to journalists investigating the use of NSO Group's Pegasus spyware on journalists, politicians and human rights advocates.

Cyberterrorism is the use of the Internet to conduct violent acts that result in, or threaten, the loss of life or significant bodily harm, in order to achieve political or ideological gains through threat or intimidation. Emerging alongside the development of information technology, cyberterrorism involves acts of deliberate, large-scale disruption of computer networks, especially of personal computers attached to the Internet by means of tools such as computer viruses, computer worms, phishing, malicious software, hardware methods, and programming scripts can all be forms of internet terrorism. Some authors opt for a very narrow definition of cyberterrorism, relating to deployment by known terrorist organizations of disruption attacks against information systems for the primary purpose of creating alarm, panic, or physical disruption. Other authors prefer a broader definition, which includes cybercrime. Participating in a cyberattack affects the terror threat perception, even if it isn't done with a violent approach. By some definitions, it might be difficult to distinguish which instances of online activities are cyberterrorism or cybercrime.

Crimeware is a class of malware designed specifically to automate cybercrime.

The Russian Business Network is a multi-faceted cybercrime organization, specializing in and in some cases monopolizing personal identity theft for resale. It is the originator of the PHP-based malware kit MPack and an alleged operator of the now defunct Storm botnet.

Trellix is a privately held cybersecurity company that was founded in 2022. It has been involved in the detection and prevention of major cybersecurity attacks. It provides hardware, software, and services to investigate cybersecurity attacks, protect against malicious software, and analyze IT security risks.

There is no commonly agreed single definition of “cybercrime”. It refers to illegal internet-mediated activities that often take place in global electronic networks. Cybercrime is "international" or "transnational" – there are ‘no cyber-borders between countries'. International cybercrimes often challenge the effectiveness of domestic and international law, and law enforcement. Because existing laws in many countries are not tailored to deal with cybercrime, criminals increasingly conduct crimes on the Internet in order to take advantages of the less severe punishments or difficulties of being traced.

Cyberweapons are commonly defined as malware agents employed for military, paramilitary, or intelligence objectives as part of a cyberattack. This includes computer viruses, trojans, spyware, and worms that can introduce malicious code into existing software, causing a computer to perform actions or processes unintended by its operator.

A cyberattack occurs when there is an unauthorized action against computer infrastructure that compromises the confidentiality, integrity, or availability of its content.

The dark web is the World Wide Web content that exists on darknets: overlay networks that use the Internet but require specific software, configurations, or authorization to access. Through the dark web, private computer networks can communicate and conduct business anonymously without divulging identifying information, such as a user's location. The dark web forms a small part of the deep web, the part of the web not indexed by web search engines, although sometimes the term deep web is mistakenly used to refer specifically to the dark web.

<span class="mw-page-title-main">Microsoft Digital Crimes Unit</span> Internet security organization

The Microsoft Digital Crimes Unit (DCU) is a Microsoft sponsored team of international legal and internet security experts employing the latest tools and technologies to stop or interfere with cybercrime and cyber threats. The Microsoft Digital Crimes Unit was assembled in 2008. In 2013, a Cybercrime center for the DCU was opened in Redmond, Washington. There are about 100 members of the DCU stationed just in Redmond, Washington at the original Cybercrime Center. Members of the DCU include lawyers, data scientists, investigators, forensic analysts, and engineers. The DCU has international offices located in major cities such as: Beijing, Berlin, Bogota, Delhi, Dublin, Hong Kong, Sydney, and Washington, D.C. The DCU's main focuses are child protection, copyright infringement and malware crimes. The DCU must work closely with law enforcement to ensure the perpetrators are punished to the full extent of the law. The DCU has taken down many major botnets such as the Citadel, Rustock, and Zeus. Around the world malware has cost users about $113 billion and the DCU's jobs is to shut them down in accordance with the law.

TheRealDeal was a darknet website and a part of the cyber-arms industry reported to be selling code and zero-day software exploits.

<span class="mw-page-title-main">NSO Group</span> Israeli cyber-espionage and malware firm

NSO Group Technologies is an Israeli cyber-intelligence firm primarily known for its proprietary spyware Pegasus, which is capable of remote zero-click surveillance of smartphones. It employed almost 500 people as of 2017.

Pegasus is a spyware developed by the Israeli cyber-arms company NSO Group that is designed to be covertly and remotely installed on mobile phones running iOS and Android. While NSO Group markets Pegasus as a product for fighting crime and terrorism, governments around the world have routinely used the spyware to surveil journalists, lawyers, political dissidents, and human rights activists. The sale of Pegasus licenses to foreign governments must be approved by the Israeli Ministry of Defense.

Marcus Hutchins, also known online as MalwareTech, is a British computer security researcher known for stopping the WannaCry ransomware attack. He is employed by cybersecurity firm Kryptos Logic. Hutchins is from Ilfracombe in Devon.

Hack Forums is an Internet forum dedicated to discussions related to hacker culture and computer security. The website ranks as the number one website in the "Hacking" category in terms of web-traffic by the analysis company Alexa Internet. The website has been widely reported as facilitating online criminal activity, such as the case of Zachary Shames, who was arrested for selling keylogging software on Hack Forums in 2013 which was used to steal personal information.

This is a list of cybersecurity information technology. Cybersecurity is security as it is applied to information technology. This includes all technology that stores, manipulates, or moves data, such as computers, data networks, and all devices connected to or included in networks, such as routers and switches. All information technology devices and facilities need to be secured against intrusion, unauthorized use, and vandalism. Additionally, the users of information technology should be protected from theft of assets, extortion, identity theft, loss of privacy and confidentiality of personal information, malicious mischief, damage to equipment, business process compromise, and the general activity of cybercriminals. The public should be protected against acts of cyberterrorism, such as the compromise or loss of the electric power grid.

<span class="mw-page-title-main">Sandworm (hacker group)</span> Russian hacker group

Sandworm is an advanced persistent threat operated by Military Unit 74455, a cyberwarfare unit of the GRU, Russia's military intelligence service. Other names for the group, given by cybersecurity researchers, include APT44, Telebots, Voodoo Bear, IRIDIUM, Seashell Blizzard, and Iron Viking.

Candiru is a Tel Aviv-based technology company offering surveillance and cyberespionage technology to governmental clients.

References

  1. Hepher, Tim (15 June 2010). "Defense firms face cyber spying at arms bazaar" . Retrieved 30 May 2015.
  2. Appelbaum, Jacob (17 January 2015). "The Digital Arms Race: NSA Preps America for Future Battle" . Retrieved 31 May 2015.
  3. Joseph Gross, Michael (July 2013). "Silent War" . Retrieved 15 May 2015.
  4. 1 2 3 4 "Markets for Cybercrime Tools and Stolen Data - Hackers' Bazaar" (PDF). rand.org/. Retrieved 30 May 2015.
  5. Corera, Gordon (29 April 2015). "Rapid escalation of the cyber-arms race" . Retrieved 30 May 2015.
  6. Joseph Gross, Michael (July 2013). "Silent War" . Retrieved 30 May 2015.
  7. Anderson, Nate (9 July 2009). "WabiSabiLabi wants to be the eBay of 0-day exploits" . Retrieved 30 May 2015.
  8. Boulanin, Vincent (13 May 2014). "Arms production goes cyber: a challenge for arms control" . Retrieved 30 May 2015.
  9. 1 2 3 "The digital arms trade". 30 March 2013. Retrieved 30 May 2015.
  10. Silver, Vernon (31 May 2015). "Spies Fail to Escape Spyware in $5 Billion Bazaar for Cyber Arms" . Retrieved 30 May 2015.
  11. Brewster, Thomas. "A Multimillionaire Surveillance Dealer Steps Out Of The Shadows . . . And His $9 Million WhatsApp Hacking Van". Forbes.
  12. Megan Ruthven; Ken Bodzak; Neel Mehta. "From Chrysaor to Lipizzan: Blocking a new targeted spyware family". Android Developers Blog.
  13. Joseph Cox; Lorenzo Franceschi-Bicchierai (27 July 2017). "Google Revealed an Israeli Spyware Company That Has Quietly Sold Its Wares for Years". Vice. VICE MEDIA LLC.
  14. 1 2 3 Bennett, Cory (15 March 2015). "Feds search for ways to impede 'cyber bazaar'" . Retrieved 15 May 2015.
  15. Danchev, Dancho (11 October 2013). "Novice cyberciminals offer commercial access to five mini botnets" . Retrieved 28 June 2015.
  16. SCUK (25 October 2017). "Russian underground shop selling RDP servers for £11 or less" . Retrieved 27 August 2018.
  17. Taddeo, Mariarosaria; Floridi, Luciano (April 2018). "Regulate artificial intelligence to avert cyber arms race". Nature. 556 (7701): 296–298. Bibcode:2018Natur.556..296T. doi: 10.1038/d41586-018-04602-6 . ISSN   0028-0836. PMID   29662138.
  18. Cyber Security Dojo (13 May 2015). "Romania defending Ukraine's cyberspace". Archived from the original on 17 May 2015. Retrieved 14 May 2015.
  19. "Cyber scheme could get you to give up bank details by phone". 3 April 2015. Archived from the original on 18 May 2015. Retrieved 15 May 2015.