Underground movements are not uncommon, but the apparent ground swell that has taken place in the cyber underground has caught the attention of traditional and cyber intelligence organizations around the world.
Call them covert, clandestine, black-market – whatever title you choose to put on these activities – the fact remains there is a growing community of underground groups and individuals with diverse missions and objectives. These groups develop and acquire sophisticated cyber weapons that are used in highly targeted attacks against their enemies.
In fact the black-market for cyber weapons has adapted to this market segment. They began offering feature-based products with custom pricing on malware components that are combined and specifically configured to meet the needs of their underground customers.
These are far from the fire and forget cyber weapons used to attack computers a few short years ago.
The current offerings include the use of zero-day cybersecurity vulnerabilities, remote feedback, control and delivery of their stolen information through servers that have been compromised in countries that are less than cooperative with the country where the primary target resides.
There are also some indicators that those wishing to attack a target can outsource the entire operation.
Individuals, criminal organizations, terrorists and rogue nation states are all customers. These products and services are surely not cheap and there is probable a fairly high demand for offerings like this.
Some choose to use these components to confuse investigators that leverage code signatures as a means to identify who might be behind the attacks. Others just don’t have the technical capabilities or infrastructure to carry out the desired attacks.
Given the professionalism of some of these organizations one has to wonder if they have gone as far as to commission a market study and have a marketing plan like most businesses do.
Kevin G. Coleman is a long-time security technology executive and former Chief Strategist at Netscape. He is Senior Fellow with the Technolytics Institute where he provides consulting services on strategic technology and security issues. He writes a weekly blog for Breaking Gov on the topic of cyber intelligence.