U.S. Government Is The Biggest Buyer Of Malware

U.S. Government Is The Biggest Buyer Of MalwareCyber security infrastructure has become an essential part of the defence system of all nations. Nations have formed dedicated and specialised units to tae care of cyber espionage, cyber terrorism and cyber warfare issues. The cyber security infrastructure of India is also required to be established. It must have both offensive and defensive cyber security capabilities.

Recently, researchers have found a global cyber espionage network named SafeNet. Although it is very difficult to ascertain authorship attribution for sophisticated cyber attacks yet the blame game is played around the world. Of all, U.S. is most vocal in pointing out at cyber attacks originating out of China, India, etc.

In a recent revealing, it has been declared that the U.S. government has become the biggest buyer of zero-day security vulnerabilities and the tools that exploit them. Since this issue is classified in nature, not much information is available in this regard.

Malware like Stuxnet and Duqu have already shown how critical infrastructures and SCADA systems are vulnerable to cyber attacks. It has been alleged that Stuxnet was developed through a joint effort of the US and Israeli government agencies.

According to Charlie Miller, a well-known security researcher who used to work for the National Security Agency, “the only people paying are on the offensive side”.

And while former counter-terrorism czar Richard Clarke and former Cyber-Security Coordinator of the Obama Administration Howard Schmidt point out that the U.S. government should tell U.S. users about vulnerabilities they know about and that could lead to serious compromises, the reality is that they don’t.

According to Reuters’ Joseph Menn, who had the opportunity to take a peak at a product catalogue by a large government contractor, there are tools that turn iPhone into eavesdropping devices, allow the transmission of malware via radio waves from one device to another, data-grabbing tools and so on. Most of them had versions for Windows, Apple and Linux machines, and again most of them depend on the exploitation of zero-days.