WikiLeaks
Part
5 - 'Cyberwar' programs are a serious proliferation risk
Cyber
'weapons' are not possible to keep under effective control.
While
nuclear proliferation has been restrained by the enormous costs and
visible infrastructure involved in assembling enough fissile material
to produce a critical nuclear mass, cyber 'weapons', once developed,
are very hard to retain.
Cyber
'weapons' are in fact just computer programs which can be pirated
like any other. Since they are entirely comprised of information they
can be copied quickly with no marginal cost.
Securing
such 'weapons' is particularly difficult since the same people who
develop and use them have the skills to exfiltrate copies without
leaving traces — sometimes by using the very same 'weapons' against
the organizations that contain them. There are substantial price
incentives for government hackers and consultants to obtain copies
since there is a global "vulnerability market" that will
pay hundreds of thousands to millions of dollars for copies of such
'weapons'. Similarly, contractors and companies who obtain such
'weapons' sometimes use them for their own purposes, obtaining
advantage over their competitors in selling 'hacking' services.
Over the
last three years the United States intelligence sector, which
consists of government agencies such as the CIA and NSA and their
contractors, such as Booz Allan Hamilton, has been subject to
unprecedented series of data exfiltrations by its own workers.
A number of
intelligence community members not yet publicly named have been
arrested or subject to federal criminal investigations in separate
incidents.
Most
visibly, on February 8, 2017 a U.S. federal grand jury indicted
Harold T. Martin III with 20 counts of mishandling classified
information. The Department of Justice alleged that it seized some
50,000 gigabytes of information from Harold T. Martin III that he had
obtained from classified programs at NSA and CIA, including the
source code for numerous hacking tools.
Once a
single cyber 'weapon' is 'loose' it can spread around the world in
seconds, to be used by peer states, cyber mafia and teenage hackers
alike.
Source
and links:
Comments
Post a Comment