There will be a war in zero days.
Do you want to be rich? Start hacking! The market for zero days is booming business. But what exactly is a so-called ‘zero day’? And why is it so dangerous?
It was when I watched the Tegenlicht (NPO) documentary ‘Zero Days: security leaks for sale’, that I first heard of the term. A zero day is an unknown security leak in either software or a website. Hackers are always searching for these kind of leaks. This never-ending search makes all hackers equal. It is the choice they make what to do with this leaks when they find them that separates them.
Hackers that are able to trace and exploit those leaks have a few options. White hat hackers will function as whistleblowers. They let the particular company know that there is a problem with their software or website. This mostly result in a pat on the shoulder and appreciation, but wont make the hacker rich. Black hat hackers on the other hand, sell their exploits to governments or private parties. The amount of money that transacts in this business is astonishing. In 2012 a hacker received $250.000 from the US government for finding a zero day in iOS. What if this hacker sold his exploit to organized crime? It will only be a matter of time before the white hat hackers will no longer resist the gold rush that is taking place. The scary part in this story is the fact that selling zero day exploits is completely legal.
When hackers sell their exploits to enemy governments (or organized crime as stated before), it can lead to a cyber war. This is where the Department of Defense should step in. Yesterday an article came online at news site nu.nl, that stated the ‘hack-back law’ will pass parliament no sooner than next year. This means that the dutch defense force is still not allowed by law to hack enemy states or parties, even when it is necessary. Do you think this will threaten national security?