Photo: David Baker via Flickr
He’s unassuming, even a little dweebish, but nonetheless Adriel Desautels represents a new breed of Internet mercenary that wields terrifying power across the world.Desautels is a hacker, and he trades in Zero Day exploits. Zero Days are bits of code that can penetrate, manipulate and/or incapacitate normal functions on a computer, and, most importantly, they have not yet been seen by the internet community.
Their lack of history makes them incredibly difficult to defend against, and so they’re incredibly lucrative—both to state and non-state actors.
A post by Ryan Gallagher on Slate today outlines how companies or individuals peddling Zero Days in black and grey markets make a killing at the cost of societal stability.
From the post:
“As technology advances, the effect that zero-day exploits will have is going to become more physical and more real,” [Desautels] says. “The software becomes a weapon. And if you don’t have controls and regulations around weapons, you’re really open to introducing chaos and problems.”
Desautels’ company, Netragard, Inc., could be considered one of the good guys: They’ve pledged to only sell their exploits within the U.S., to the government and properly-vetted private entities.
Others though, are not so well-meaning—the primary motivator in most unregulated markets is money. As Gallagher notes, one post by the hacker group Anonymous outlined how the company Endgame sold 25 exploits for $2.5 million—a package Bloomberg called “cyber warfare in a box.”
Of other concern is that the market has little to no oversight, allowing groups to decide exactly whom they direct their wares to:
Desautels says he knows of “greedy and irresponsible” people who “will sell to anybody,” to the extent that some exploits might be sold by the same hacker or broker to two separate governments not on friendly terms.
In a time when American defence secretaries await the first “cyber pearl harbor,” the idea that organisations can sell exploits to shady individuals with nefarious agendas makes the idea all the more realizable.
Also, it puts into the spotlight the burgeoning cyber arms race taking place across the globe, really since the U.S. announced with pride that it was responsible for Stuxnet, thus inviting itself to become victim to attacks (and promptly realising its defenses were insufficient).
What often goes without mentioning, though, especially when infrastructure is so often the target, is what the moral implications are for the “manufacturers” of these weapons of war: An exploit that takes out water treatment plants or exposes the names of covert operatives could be the digital equivalent of a cluster bomb.
Equally the moral equivalent.
NOW WATCH: Briefing videos
Business Insider Emails & Alerts
Site highlights each day to your inbox.