Thursday, April 09, 2009

Does China have "Exploit Factories" to Discover Vulnerabilities?

The identification and exploitation of vulnerabilities in software is a never ending job for cyber criminals. Strategy Page looks at the possibility of what I would call "exploit factories" in China:
"China, for example, obtains these ZDEs [Zero Day Exploits] the same way they have become the place where software manufacturers go to get their software (especially game software) tested cheaply, and thoroughly. In China, you can fill up a large hall hundreds of bright, but otherwise unemployed, Chinese guys, equip them with PCs, and instructions on what to do to test software. Offer bonuses for those who find flaws, and off you go. Finding ZDEs is basically the same drill, except it takes a week or so of on-the-job training to familiarize your searchers with the testing and searching tools (some of them available at hacking sites) used to dig around in software for flaws."

The article goes on to discuss the potential link to the military and use in cyber warfare:
"The extent and effectiveness of this Internet based crime has military implications, because the same tools used by criminal hackers, are employed by Cyber War specialists."

The Secret Menace

No comments: