Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Fed offensive fueling hacker underground, report says

John P. Mello | May 15, 2013
With the government said to be the biggest buyer of malicious tools, some fear it will weaken the nation's cyber defenses -- public and private.

The scenarios can get as complicated as a spy novel by John le Carre. An enterprising hacker could decide to do a double dip on a sale -- sell to the government, then turn around and sell to the vendor affected by the vulnerability.

An adversary could also exploit a vulnerability sale by earmarking it. Then, if the nation that bought the vulnerability used it, its origin could be easily identified.

There's an irony in the notion that the federal government may be hiding vulnerabilities from vendors, said Richard Stiennon, chief research analyst at IT-Harvest.

"When the government started US-CERT, its purpose was to disseminate knowledge of new vulnerabilities," Stiennon said in an interview. "Now the government is in a position of purchasing vulnerabilities and then not disseminating them or disclosing them to the vendors."


Previous Page  1  2 

Sign up for CIO Asia eNewsletters.