The hackers softwares market
Packets of computer code, known as “exploits”, allow blackhats to infiltrate or even control computers running software in which a design flaw, called a “vulnerability”, has been discovered. Criminal and, to a lesser extent, terror groups purchase exploits on several online forums or clandestine brokers.
Underground markets are now widespread. Exploits empower criminals to steal data and money. They literally provide cyber-firepower to hostile governments that would otherwise lack the expertise to attack an advanced country’s computer systems. Exploits themselves are generally legal. Several legitimate businesses sell them. Netragard last year sold more than 50 exploits to businesses and government agencies in America, the price bracket vary from $20,000 to more than $250,000. The company buys a lot from several independent hackers who, like clients, are carefully screened to make sure they are not selling code to anyone else, and especially not to a criminal group or unfriendly government.
Exploits are a form of knowledge, expressed in computer code. Attempting to stop people from generating and spreading knowledge is futile. Legal systems would not even agree on which code is good and which is bad. Many legal experts say code should be protected by free-speech laws—it is, after all, language expressed as strings of zeros and ones. Nonetheless, laws to ban the trade in exploits are being modified. European Parliament, is spearheading an effort to pass export-control laws for exploits. But keep in mind that tracking down exploits is hard. Blackhats and other forms of hackers keep them secret so that the intended victim doesn’t identify and fix the vulnerability, thereby rendering the exploit worthless.
In 2013, nearly all well-financed intelligence agencies buy exploits. Computer experts who years ago would reveal software vulnerabilities for some prestige have realised that they were treating “diamonds as pebbles”, now the price for those exploits is completely insane compared to what it was before.
A few weeks ago, the head of the Pentagon’s Cyber Command, General Keith Alexander, warned the Senate Armed Services Committee that state-sponsored groups are stepping up efforts to steal and destroy data using “cybertools” purchased in illicit online markets. As an American military-intelligence official points out, governments that buy exploits are “building the black market”.. For this reason, governments appear increasingly keen to develop exploits in-house, like the China.
Developing exploits in-house reduces the risk that a double-dealing vendor will resell code meant to be exclusive. Even so, the trade isn’t likely to fade away. Exploit trading will continue as long as people pay big money at the expense of a victim who has been hacked.