By Robert Folsom | February 15, 2013
Part one of this report on cyberweapons described how agencies of the U.S. government
- Are among the biggest buyers of the zero-day vulnerabilities, the software flaws elite hackers exploit to penetrate computer networks (‘zero days’ to make repairs), and
- Do not disclose these vulnerabilities to the U.S. firms that wrote the code and own the software product.
This ‘failure to disclose’ is not an oversight; it is a government policy decision. A former U.S. Air Force “cyber specialist” explains that he and his colleagues had a standing order: “If you find something, you don’t tell the vendor.” (NPR)
To tell companies about a security hole means that they would close it — and if you do not have a flaw you cannot build a weapon.
The past two years have seen numerous bills before Congress that give (or tried to give) the Federal government the power to shut down Internet businesses with no grant of due process, cripple whistleblower websites, and close online networks that ensure anonymity. Clearly the U.S. government has increased its control over the Internet.
But to date, there “is no regulation of the vulnerability market in the U.S.” and “no mandatory reporting of vulnerability sales.” How much does the government spend? What terms govern the sale? Does Congress exercise oversight?
These questions are unanswered, even as the government underwrites an activity previously associated with action movies and/or criminal enterprises.
For nearly three years the Socionomics Institute has followed the world-wide growth in polarization; this two-part report on an underreported story sheds further light on that volatile trend.
The zero-day vulnerability market is where governments compete to own the means to cripple entire business enterprises (or as happened in Iran via Stuxnet, to disrupt a nuclear weapons program).
In the domestic politics of the U.S. today, the zero-day market strengthens the authoritarian hand of the government. As word spreads about the government’s role in this nefarious market, victimized companies are sure to line up on the anti-authoritarian side.
The November 2010 issue of The Socionomist described
…political elites clamping down on the use of communications and computer networks…. Bear market mood brings prompt attacks against information and ideas. Methods of enforcement in the past have included book burnings and torture. Responses to those enforcements included the formation of underground secret societies, secret libraries and various manners of individual retaliation.