Cyber Weaponry pp 125-141 | Cite as

Development and Proliferation of Offensive Weapons in Cyber-Security

  • Trey Herr
Part of the Advanced Sciences and Technologies for Security Applications book series (ASTSA)


The proliferation of cyber weapons can put powerful offensive capabilities into the hands of states. This chapter explores just what a cyber weapon is and how the process of proliferation works. Highlighting the importance of information in building these offensive capabilities, the chapter argues that what should be considered a weapon is just a small part of what is proliferated in cybersecurity. While states have dominated the debate regarding cybersecurity threats, non-state and criminal actors play key roles in facilitating proliferation through the malware markets. When states and policymakers begin to examine how to disrupt the proliferation of new offensive techniques and methods, they should start with improving software security and resilience.


Cybersecurity Cyber weapons proliferation Offensive cyber weapons Policy options Non-state actors Criminal groups 


  1. Ablon L, Libicki MC, Golay AA (2014) Markets for cybercrime tools and stolen data: Hackers’ bazaar, Rand Corporation. Available at: Accessed 29 November 2015
  2. Allen Bradley (2016) Logix5000 controllers generals instructions reference manual. Available at:
  3. Anderson C (2015) Considerations on Wassenaar arrangement control list additions for surveillance technologies, Access. Available at: Accessed 7 July 2015
  4. Bacchus M, Coronado A, Gutierrez MA (2014) The insights into car hacking. Available at: Accessed 20 Feb 2017
  5. Böhme R (2005) Vulnerability markets. In: Proceedings of 22C3, vol 27, p 30Google Scholar
  6. Bonfante G, Marion J-Y, Sabatier F, Thierry A (2013) Analysis and diversion of Duqu’s driver. In: Colon Osorio FC (ed) Proceedings of the 2013 8th international conference on malicious and unwanted software, presented at the international conference on malicious and unwanted software, IEEE, Fajardo, Puerto RIco, USA, pp 109–115Google Scholar
  7. Currier C, Marquis-Boire M (2015) A detailed look at hacking team’s emails about its repressive clients. The Intercept, 7 July. Available at: Accessed 5 Jan 2016
  8. Ellsmore N (2013) Penetration testing market analysis: where is all the revenue? Delling Advisory, 5 April. Available at: Accessed 9 Jan 2016
  9. “Exploit – Stack Overflows – Defeating Canaries, ASLR, DEP, NX” (2013) Security stack exchange. Available at: Accessed 20 Feb 2017
  10. Falliere N, Murchu LO, Chien E (2011) W32. Stuxnet Dossier, Symantec. Available at: Accessed 21 Oct 2013
  11. Frei S (2013) The known unknowns, NSS Labs. Available at:
  12. Glisson WB, Andel T, McDonald T, Jacobs M, Campbell M, Mayr J (2015) Compromising a medical mannequin, arXiv Preprint arXiv:1509.00065. Available at: Accessed 20 Feb 2017
  13. Harrison R, Herr T (eds) (2016) Cyber insecurity: navigating the perils of the next information age. Rowman & Littlefield, Lanham. Available at: Accessed 6 Jan 2017
  14. Herley C, Florêncio D (2010) Nobody sells gold for the price of silver: dishonesty, uncertainty and the underground economy. In: Moore T, Pym D, Ioannidis C (eds) Economics of information security and privacy. Springer, Boston, pp 33–53CrossRefGoogle Scholar
  15. Herr T (2014) PrEP: a framework for malware & cyber weapons. J Inf Warf 13(1):87–106Google Scholar
  16. Herr T (2016) Malware counter-proliferation and the Wassenaar arrangement. In: 2016 8th international conference on cyber conflict: cyber power. Presented at the CyCon, IEEE, Tallinn, Estonia. pp 175–190Google Scholar
  17. Herr T (2017a) Countering the proliferation of malware – targeting the vulnerability lifecycle. Belfer Center, Harvard Kennedy School, Cambridge, MAGoogle Scholar
  18. Herr T, Armbrust E (2015) Milware: identification and implications of state authored malicious software. NSPW ’15 proceedings of the 2015 new security paradigms workshop, ACM, Twente, Netherlands, pp 29–43Google Scholar
  19. InfoSec Institute (2017) Best DOS attacks and free DOS attacking tools, InfoSec InstituteGoogle Scholar
  20. Krebs B (2015) The Darkode cybercrime forum, up close. Krebs on Security, 15 July. Available at: Accessed 9 Jan 2016
  21. Langner R (2011) Stuxnet: dissecting a cyberwarfare weapon. Secur Priv IEEE 9(3):49–51CrossRefGoogle Scholar
  22. Langner R (2013) Langner – to kill a Centrifuge.pdf, The Langner Group, p 36Google Scholar
  23. Levchenko K, Pitsillidis A, Chachra N, Enright B, Félegyházi M, Grier C, Halvorson T et al (2011) Click trajectories: end-to-end analysis of the spam value chain. Security and Privacy (SP), 2011 I.E. symposium on, IEEE, pp 431–446Google Scholar
  24. Mackenzie H (2012) Shamoon malware and SCADA security – what are the impacts? | Tofino industrial security solution. Tofino Security, 25 October. Available at: Accessed 20 Feb 2017
  25. Miller C (2007) The legitimate vulnerability market: inside the secretive world of 0-day exploit sales. In sixth workshop on the economics of information security, Citeseer. Available at: Accessed 5 Jan 2016
  26. Mimoso M (2015) Evasion techniques keep angler EK’s cryptowall business thriving. Threatpost, 2 July. Available at: Accessed 5 Jan 2016
  27. One A (1996) Smashing the stack for fun and profit. Phrack Magazine, November, vol 49, no 14. Available at:
  28. Ozment A (2004) Bug auctions: vulnerability markets reconsidered. Third workshop on the economics of information security, pp 19–26Google Scholar
  29. Prunckun H (2012) Counterintelligence theory and practice. Rowman & Littlefield Publishers, LanhamGoogle Scholar
  30. Radcliffe J (2011) Hacking medical devices for fun and insulin: breaking the human SCADA system. Black Hat conference presentation slides, vol 2011. Available at: Accessed 20 Feb 2017
  31. Radianti J (2010) Eliciting information on the vulnerability black market from interviews. Presented at the fourth international conference on emerging security information, systems and technologies, IEEE, pp 93–96Google Scholar
  32. Radianti J, Gonzalez JJ (2007) A preliminary model of the vulnerability black market. The 25th international system dynamics conference, Boston, USA. Available at: Accessed 30 Nov 2015
  33. Radianti J, Rich E, Gonzalez J (2007) Using a mixed data collection strategy to uncover vulnerability black markets. Second pre-ICIS workshop on information security and privacy, vol 42, Citeseer. Available at: Accessed 30 Nov 2015
  34. Ragan S (2015) Hacking team vendor calls breach a ‘blessing in disguise’. CSO Online, 9 July. Available at: Accessed 9 Jan 2016
  35. Raiu C (2013) Destructive malware – five wipers in the spotlight. SecureList, 18 December. Available at: Accessed 20 Feb 2017
  36. Rashid F (2015) Inside the aftermath of the Saudi Aramco Breach. Dark Reading, 8 August. Available at: Accessed 20 Feb 2017
  37. Schneier B (2017a) Who are the shadow brokers? The Atlantic, 23 May. Available at:
  38. Schneier B (2017b) Why the NSA makes us more vulnerable to cyberattacks. Foreign Affairs, 20 May. Available at: Accessed 29 June 2017
  39. Shamir U (2014) The case of Gyges, the invisible malware government-grade now in the hands of cybercriminals, Sentinel Labs. Available at:
  40. Siemens (2005) GRAPH 5 – graphically programming sequence controllers under SS-DOS operating system. Available at:
  41. Siemens. Introduction to control programming – building technologies. Siemens US. Available at: Accessed 20 Feb 2017
  42. Team Cymru (2011) A criminal perspective on exploit packs. Available at:
  43. Thomas K, Huang D, Wang D, Bursztein E, Grier C, Holt TJ, Kruegel C et al (2015) Framing dependencies introduced by underground commoditization. Presented at the workshop on the economics of information security. Available at: Accessed 29 Nov 2015
  44. Tsyrklevich V (2015) Hacking team: a zero-day market case study, 22 July. Available at:
  45. Varner R, Collier W (1978) A matter of risk. Random House, New YorkGoogle Scholar
  46. Wassenaar Arrangement (2015) The Wassenaar arrangement on export controls for conventional arms and dual-use goods and technologies, 12 March. Available at: Accessed 19 Sept 2015
  47. Wolf J (2013) CVE-2011-3402 – Windows Kernel TrueType Font Engine Vulnerability (MS11–087). Presented at the CanSecWest, 8 March. Available at:

Copyright information

© Springer International Publishing AG, part of Springer Nature 2018

Authors and Affiliations

  1. 1.Harvard Kennedy SchoolWashington, DCUSA

Personalised recommendations