Although there has been a lot of fortifying of the of U.S. networks to better protect against data security threats, Reuters reported that the country has become the leading player in the market for offensive cyber weaponry. This has caused a great deal of concern in the technology and intelligence communities that the U.S. is encouraging instead of discouraging hacking and not disclosing the vulnerabilities, which may be across many networks, that will be exploited by these purchased hacks. The news organization reported that U.S. intelligence and military agencies are not buying these tools to stave off attackers, instead they are using them to inject chaos and confusion into foreign networks by leaving behind tools that can disrupt data transmissions or damage systems.
"The core problem: Spy tools and cyber weapons rely on vulnerabilities in existing software programs, and these hacks would be much less useful to the government if the flaws were exposed through public warnings," Reuters said. "So the more the government spends on offensive techniques, the greater its interest in making sure that security holes in widely used software remain unrepaired."
Charlie Miller, former National Security Agency specialist and current security researcher at Twitter, said the only people paying cyber weaponry are on the offensive side, as this lures talented researchers away to work on defense. Tax dollars instead could even be going to hackers who create more sophisticated weaponry to supply criminal groups.
Former White House cybersecurity advisors Howard Schmidt and Richard Clarke agreed with Miller, with Clarke telling ZDNet that if the U.S. discovers a vulnerability, their first duty is to tell the people of the U.S. about it. Schmidt said it is naive to believe that when a flaw is discovered that they will be the only ones to know about the data security vulnerability.
"Whether it's another government, a researcher, or someone else who sells exploits, you may have it by yourself for a few hours or for a few days, but you sure are not going to have it alone for long," he said.
This news comes just months after a report from The New York Times which found President Barack Obama can order a legal review of the use of America's cyberweapon arsenal. The U.S., if government officials deem it necessary, can launch cyberattacks against threatening nations if the country feels it needs to defend itself. There has been no word yet, however, on confirmed use cases or potential future targets.
Security News from SimplySecurity.com by Trend Micro.