August 3, 2011: The U.S. Department of Defense has long advocated going on the offensive against criminal gangs and foreign governments that seek (and often succeed) to penetrate U.S. government and military Internet security, and steal information, or sabotage operations. Without much fanfare, the Department of Defense has made preparations to do just that.
Since the military cannot afford to pay enough to recruit qualified software and Internet engineers for this sort of work, it has turned to commercial firms. There are already some out there, firms that are technically network security companies, but will also carry out offensive missions (often of questionable legality, but that has always been an aspect of the corporate security business.)
Some of these firms have quietly withdrawn from the Internet security business, gone dark, and apparently turned their efforts to the more lucrative task of creating Cyber War weapons for the Pentagon. It may have been one of these firms that created, or helped create, the Stuxnet worm.
An Internet worm is a computer program that constantly tries to copy itself to other computers. Stuxnet was a worm designed, very skillfully, as a weapons grade cyber weapon. The first "real one" as Internet security experts came to call it. While released in late 2009, Stuxnet was not discovered until last year, and engineers are still dissecting it, and continue to be amazed at what a powerful Cyber War weapon it is. Stuxnet is the first live example of a first class Cyber War weapon, which means more are on the way (or sitting on someone's hard drive waiting to be deployed.)
The success of Stuxnet, and similar worms believed to be out there, may be responsible for more Internet security companies moving over to the Cyber War weapons business. The most dangerous Cyber War weapons are those that, like Stuxnet, take advantage of largely unknown Internet vulnerabilities. These allow the attacker access to many business, government and military computers. This sort of thing is called, "using high value exploits" (flaws in code that are not yet widely known). Finding these exploits is expensive, and requires even more skill to use. For a long time, a major source of exploits was hackers for hire. These are skilled hackers, who know they are working on the wrong side of the law, and know how to do the job, take the money, and run. This situation has developed because organized crime has discovered the Internet, and the relatively easy money to be made via Internet extortion and theft.
But now commercial firms are hiring hackers and paying them good money to find and "weaponize" these exploits. It is believed that those nations that have Cyber War organizations, maintain arsenals of exploits. But exploits have a short shelf-life. Nearly all exploits eventually come to the attention of the publisher that created the exploitable software, and gets fixed.
However, not every user applies the "patches", so there will always be some computers out there that are still vulnerable. But that makes "zero day exploits" (discovered and used for the first time) very valuable. That's because you can use these exploits on any computer with the flawed software on it. While your average zero day exploit costs up to $100,000, or more, to discover, it is not useful for very long. Thus it is expensive to maintain an exploits arsenal, as you must keep finding new exploits to replace those which are patched into ineffectiveness.
Most of the Internet combat so far has been done under peacetime conditions. In wartime, it's possible (especially for the United States) to cut off enemy countries from the Internet. Thus potential American foes want to maintain an official peacetime status, so the United States cannot use its ability to cut nations off (or nearly off) from the Internet, and remove easy access to American (and Western) targets. Thus the need to make attacks discreetly, so as to make it more difficult for an enemy to target stronger attacks against you, or threaten nuclear or conventional war.