Slashdot Mirror
Hacking Team Breach Leaks Zero-Days, Renews Fight To Regulate Cyberweapons
Patrick O'Neill writes: In the days following a massive hack that confirmed Hacking Team's dealings with repressive regimes around the world, experts are wondering once again how to stop Western technology companies from equipping certain governments with weapons meant to attack journalists, human rights activists, and ordinary civilians. Regulation's backers say that "this is an industry that has failed to police itself," ACLU's Christopher Soghoian argued, but many including the EFF warn that overly broad legislation would harm more than help. In addition, wiredmikey points out that a number of exploits have been released in the wake of the hacking: Several exploits have been discovered, including ones for zero-day vulnerabilities, in the hundreds of gigabytes of data stolen by a hacker from the systems of surveillance software maker Hacking Team. Researchers at Trend Micro analyzed the leaked data and uncovered several exploits, including two zero-days for Adobe Flash Player. A readme document found alongside proof-of-concept (PoC) code for one of the Flash Player zero-days describes the vulnerability as "the most beautiful Flash bug for the last four years since CVE-2010-2161." In addition to the Flash Player exploits, researchers spotted an exploit for a Windows kernel vulnerability, a flaw that fortunately has already been patched. Adobe told SecurityWeek that it's aware of the reports and expects to release a patch on Wednesday.
experts are wondering once again how to stop Western technology companies from equipping certain governments with weapons meant to attack journalists, human rights activists, and ordinary civilians.
Are their any governments left that DON'T do this as a matter of practice?
SJW's don't eliminate discrimination. They just expropriate it for themselves.
First, the entire idea of cyberweapons is laughable. Exploits are only possible because of flaws in the code. That is no more a weapon than an unlocked door.
Second, you cannot regulate them as they are immaterial. It would be possible to discover a previously unknown vulnerability, and then not record the finding anywhere. Congratulations, you have a cyberweapon in your brain. Good luck regulating that.
Why should an ideological stance on the regulation of guns and computers be the same? They clearly are different tools with much different uses.
I think you are wrong about that. The ideological stance on gun ownership in the bill of rights had a lot to do with empowering people to overthrow their corrupt government. Guns no longer have that power for the most part. Computers do. When was the last time a Deer Rifle toppled a world power? When was the last time twitter did? The answer is 2011 Or maybe even 2014
Computers aren't the same thing as guns, in fact they are a lot more powerful.
There's a world of difference between an adobe flash exploit and the availability of a gun that can mow down a large number of people in a matter of seconds.
There is not. Shutting down NYSE [slashdot.org], for example, cost billions of dollars. At $10 mln per life [wikipedia.org], that's hundreds of lives right there...
Are you making a serious argument in comparing people getting shot and the NYSE shutdown? This is the hill that you're going to make your stand on?
It's a very poor example but a valid point. A much better example would be fraud [identity theft], ransomware, spam, etc. With computers you can easily steal time from people on an unimaginable scale.
Suppose someone hacks me, and I get off relatively "easy". I may spend 1 hour of my time canceling a credit card, activating the new card when it comes, and changing all the passwords of all the accounts that the credit card number is associated with. That's probably on the very low end of what a hack can cost an individual.
The hacker doesn't stop there. They repeat their act 1,000,000 times. That's a fairly successful and prolific hacker, but not unheard of, espeicially if the attack vector is a business. At just an hour apiece per victim, 1 million victims is 114 total man-years spent cleaning up. Nobody died, but an entire lifetime has been stolen.
The Target hack(s) affected "up to 110 million people". If we take that figure at face value, and each victim spent only an hour dealing with it, that's 12,557 years or roughly 148 lifetimes. Even if I count injured people, I can't find a mass shooting that comes anywhere near 148 lifetimes.
Even those who arrange and design shrubberies are under considerable economic stress at this period in history.