Cyber-arms industry

The cyber-arms industry is a term used to describe the markets and associated events surrounding the sale of software exploits, zero-days, cyberweaponry, surveillance technologies and related tools. The term may extend to both grey and black markets online and offline.

For many years, the burgeoning dark web market remained niche, available only to those in-the-know or well funded. Since at least 2005, western governments including the U.S., United Kingdom, Russia, France, and Israel have been buying exploits from defence contractors and individual hackers. This 'legitimate' market for zero day exploits exists but is not well advertised or immediately accessible.

Attempts to openly sell zero day exploits to governments and security vendors to keep them off the black market have so far been unsuccessful.

Offline
Traditional arms producers and military services companies such as BAE Systems, EADS, Leonardo, General Dynamics, Raytheon and Thales have all expanded into the cybersecurity markets. However smaller software companies such as Blue Coat and Amesys have also become involved, often drawing attention for providing surveillance and censorship technologies to the regimes of Bashar al-Assad in Syria and Muammar Gaddafi in Libya.

Suppliers of exploits to western governments include the Massachusetts firm Netragard.

The trade show ISS World that runs every few months has been referred to as the 'international cyber arms bazaar' and the 'wiretappers ball' focuses on surveillance software for lawful interception.

Online
The most popular Internet forums are generally in Russian or Ukrainian and there are reports of English-only, Chinese-only, German-only, and Vietnamese-only sites, among others. Phishing, spear-phishing, and other social engineer campaigns are typically done in English, as a majority of potential victims know that language. India's Central Bureau of Investigation describe the proliferation of underground markets as 'widespread'. Colonel John Adams, head of the Marine Corps Intelligence Activity has expressed concerns these markets could allow cyberweapony to fall into the hands of hostile governments which would otherwise lack the expertise to attack an advanced country's computer systems.

Online, there is increasing uses of encryption and privacy mechanisms such as off the record messaging and cryptocurrencies.

Since 2005 on darknet markets and black markets such as the 'Cyber Arms Bazaar' have had their prices dropping fast with the cost of cyberweapony plummeting at least 90 percent.

Botnets are increasingly rented out by cyber criminals as commodities for a variety of purposes.

Vendor responses
In recent years many software firms have had success with bug bounty programs, but in some cases such as with Vupen's Chrome exploit these will be rejected as below market value. Meanwhile, some vendors such as HP spent more than $7 million between 2005 and 2015 buying exploits for their own software. This behaviour has been criticised by head of the United States Cyber Command, General Keith Alexander as 'building the black market'

Notable markets

 * Cyber Arms Bazaar – a darknet market operating out of various Eastern European countries, trafficking crimeware and hacking tools that has run since at least the year 2000. Tom Kellermann, chief cybersecurity officer of Trend Micro estimates over 80 percent of financial sector cyberattacks could be traced back to the bazaar, with retail cyberattacks not far behind.
 * Darkode
 * TheRealDeal