The Air Force is finalizing a $49.5 million plan to hire private sector coders who, by developing software, can sabotage adversary computer systems and thwart incoming hack attacks.
An official contract for the “Offensive Cyberspace Operations Defensive Cyberspace Operations Real-Time Operations and Innovation Cyber Development Custom Software Engineering Services” program is slated for publication Jan. 29, 2016.
SHELTER, the nickname for the mouthful of a project title, is a 5.5-year deal that would add to the Defense Department’s growing arsenal of cyberweapons.
Technically referred to as “exploits,” “payloads” and “implants” in a draft contract released Monday, these sophisticated, malicious programs are not exclusive to defense company computer labs. Via the Internet blackmarket hidden behind firewalls, anyone — including terrorists — can buy them from script kiddies, financially motivated hackers or other anonymous sources. (The Pentagon definition for exploit is “software or a sequence of commands that takes advantage of a vulnerability in order to cause unanticipated behavior to occur on computer software, hardware or something electronic, usually computerized.)
In a Monday analysis of the cyber capabilities of the Islamic State, Stratfor research analyst Tristan Reed points out the extremist group doesn’t need HTML skills to project power online.
“Capabilities to carry out cyberterrorism do not necessarily have to come from within the Islamic State,” he said. “A thriving underground market exists,” where “offensive skills for hire and exploits in popular software not publicly known (referred to as “zero day” exploits)” are available, and “often the buyers and sellers do not have to know each other’s identities.”