January14, 2007:
There is now a bidding war for Cyber War weapons, or at least the
ammo. The "ammunition" in any Internet based warfare is information about
current vulnerabilities in Internet software. These bugs are quickly patched,
so the time between their discovery, and disappearance, is short (days, weeks,
sometimes months.) The criminals who have access to this vulnerability
information, have their hackers use it to get illegal software on PCs (to then
control the computer, for use in spamming, storing stolen files, or making
attacks on websites or, in wartime, enemy resources).
Police
and Internet security companies have discovered secret web sites where Internet
based criminal gangs sell, or even auction off, vulnerabilities. The security
firms have responded by offering to pay up to $8,000 per vulnerability. But the
criminals pay up to $50,000. The security companies can compete with lower
payments because they are using a larger audience of net-savvy people who do
not have access to the criminal underground on the Internet, and probably don't
want to take bounties from crooks. Based on vulnerabilities used recently, it
appears that Chinese Cyber War operatives have been buying ammo from the
criminal organizations.