Although the United States government accuses other nations of cyber espionage it intelligence and military agencies are actually among the world’s biggest buyers of hacking tools, according to a recent special report from newswire agency Reuters.
The preemptive strategy worries some people in the technology industry because the tools being bought by the U.S. relies on vulnerabilities of existing software programs.
“The more the government spends on offensive techniques, the greater its interest in making sure that security holes in widely used software remain unrepaired,” Reuters said.
The U.S. government’s strategy of buying up exploits makes sense, according to some national security officials and security executives, because it prevents these exploits from falling into the hands of organized criminals and repressive regimes.
The interest of the U.S. Department of Defense and U.S. intelligence agencies such as the National Security Agency, in information about security holes of computer systems is encouraging the growth of a market in exploits, according to security researchers and former government officials.
“If the U.S. government knows of a vulnerability that can be exploited, under normal circumstances, its first obligation is to tell U.S. users,” according to Richard Clarke, a former White House cybersecurity adviser. “There is supposed to be some mechanism for deciding how they use the information for offensive or defense. But there isn’t.”
Instead, the situation has resulted in many talented hackers who previously alerted companies like Microsoft Corp to security flaws in their software now turning to selling information on exploits sometimes to defense contractors.
“Defense contractors and agencies spend at least tens of millions of dollars a year on just exploits, which are the one essential ingredient in a broader cyber-weapons industry generating hundreds of millions annually,” the report said.