Is the government in on this crime industry? Yes, and in bigger ways than you can imagine…
This trend is enabled domestically by an institutionally corrupt US legal system and a police state which are fast working to shut and jail security consultants and white hat hackers who help to expose security flaws and government hegemony over cyber space. The reason for this is because the state wants to be able to operate in secret – as the world’s biggest and most prolific hacking machine. In other words, the US government want hackers to exist, but only hackers who are on their payroll.
Still not convinced? According to McAfee, the United States is home to the largest number of botnets or “zombie armies – a hive of computers that are used to generate spam, relay viruses and flood networks and servers with excessive requests to cause it to fail – in the world, and even control remote overseas servers used to hack other computers worldwide.
Want more? Data from Germany’s Deutsche Telekom shows that more attacks against its networks come from the US.
Obama will tell his people that the Chinese are responsible for this hack, or that one. Still think that the US is not the number one cyber threat to the planet in 2013?
Read this shocking report…
The United States government is investing tens of millions of dollars each year on offensive hacking operations in order to exploit vulnerabilities in the computers of its adversaries, Reuters reports.
According to an in-depth article published Friday by journalist Joseph Menn, the US and its Department of Defense contractors are increasingly pursuing efforts to hack the computers of foreign competitors, in turn exposing a rarely discussed aspect of the nation’s clandestine cyber operations.
In a time when the government continues to prosecute alleged domestic computer criminals — so much so that demands for technology law reform have been rampant as of late — Menn says the US is guilty of spending millions on discovering, identifying and exploiting previously unknown security flaws, often gaining unfettered access to the systems and networks of international targets.
As a result, the US has become one of the world’s top players in regards to wreaking havoc over the Internet — even as calls to investigate foreign hackers increase in Congress.
On Tuesday, a bipartisan supported proposal was introduced in Congress specifically to protect US commercial data from being compromised by foreign hackers. According to Menn, however, the American government is just as guilty of cybercrimes as the countries it warns against in introducing the “Deter Cyber Theft Act.”
“Even as the US government confronts rival powers over widespread Internet espionage, it has become the biggest buyer in a burgeoning gray market where hackers and security firms sell tools for breaking into computers,” Menn wrote.
In his report, Menn explained that a large chunk of the country’s current cyber endeavors does not rely on defensive strategy as one might imagine, but instead involves offensive operations launched with the intent of causing harm on the computers of adversaries.
Menn wrote defense contractors “spend at least tens of millions of dollars a year” on simply researching exploits that, if pursued, could put the eyes and ears of the American intelligence company essentially anywhere in the world.
And although the US has not officially gone on the record to acknowledge these shadowy operations, Menn wrote that the nation’s most well-known cyber endeavor — the Stuxnet worm that targeted Iranian nuclear plants — is just one example of the budding attempts to attack foreign entities.
“Computer researchers in the public and private sectors say the US government, acting mainly through defense contractors, has become the dominant player in fostering the shadowy but large-scale commercial market for tools known as exploits, which burrow into hidden computer vulnerabilities,” he wrote.
“In their most common use, exploits are critical but interchangeable components inside bigger programs. Those programs can steal financial account passwords, turn an iPhone into a listening device or, in the case of Stuxnet, sabotage a nuclear facility.”
Menn cited several defense contractors and government officials — many speaking on condition of anonymity — who admitted the increasingly dominant role the US government has in pursuing research on these exploits and using them to attack rival networks.
According to the report, “Reuters reviewed a product catalogue from one large contractor, which was made available on condition the vendor not be named. Scores of programs were listed. Among them was a means to turn any iPhone into a room-wide eavesdropping device. Another was a system for installing spyware on a printer or other device and moving that malware to a nearby computer via radio waves, even when the machines aren’t connected to anything.”
These contractors, he wrote, spend upwards of $100,000 on licensing single operations to governments, including the US. The result has been the development of a thriving industry, largely underground, where exploits are bought and sold before patches are developed to protect against intrusions. These “zero-day exploits”— labeled as such because developers are unaware of the flaw until it’s announced — fetch big bucks from contractors, governments and hackers.
And as the demand for these exploits increases, so do the players in the game. One example cited by Menn is Atlanta-based Endgame Inc., which recently brought in $23 million in funding courtesy of Silicon Valley venture capital firm Kleiner Perkins Caufield & Byers. But as early as 2011, Endgame and similar entities have been on the radar of hacktivists hell-bent on exposing the largely unknown doings of defense contractors.
When the loose-knit hacking collective Anonymous investigated security consultants HBGary in 2011, they uncovered only the tip of an intricate iceberg made up of former federal employees and other intelligence workers being paid boatloads to give governments exploits that could be used to their advantage. Project PM, the open-source online think tank started by former Anonymous collaborator Barrett Brown, discussed Endgame and its associates in great detail.
From a Business Week article cited by Brown:
“Project PM served as a forum through which defendant Brown and other individuals sought to discuss their joint and separate activities and engage in, encourage, or facilitate the commission of criminal conduct online,” the government alleged when it fought back attempts from the current Project PM administrator to quash that subpoena.
Brown fired back from prison: “It makes it much more obvious that this investigation and the charges against me has to do with our successful research into what may be criminal activities by firms close to the government.”
If convicted on all counts — more than one dozen including threatening a federal agent andsharing a hyperlink — Brown could be sentenced to 100 years in prison.