offering to arrange a five-minute DDoS attack for as little as $5, with
an all-day attack costing around $400. Kaspersky calculated that
organising a botnet of around 1,000 computers would cost about $7
per hour. Sellers charge an average of $25 for attacks of this length,
generating a healthy profit margin.[17] The year of the WannaCry
attack, the dark net market for ransomware was estimated to be
worth millions of dollars, with some vendors making six-figure
salaries (tax-free, of course).[18]
Despite the popularity of malware with criminal groups, it’s
suspected that some of the most advanced examples originally
evolved from government projects. When WannaCry infected
susceptible computers, it did so by exploiting a so-called ‘zero-day’
loophole, which is when software has a vulnerability that isn’t publicly
known. The loophole behind WannaCry was allegedly identified by
the US National Security Agency as a way of gathering intelligence,
before somehow finding its way into other hands.[19] Tech
companies can be willing to pay a lot to close these loopholes. In
2019, Apple offered a bounty of up to $2 million for anyone who
could hack into the new iPhone operating system.[20]
During a malware outbreak, zero-day loopholes can boost
transmission by increasing the susceptibility of target machines. In
2010, the ‘Stuxnet’ worm was discovered to have infected Iran’s
Natanz nuclear facility. According to later reports, this meant it would
have been able to damage the vital centrifuges. To successfully
spread through the Iranian systems, the worm had exploited twenty
zero-day loopholes, which was almost unheard of at the time. Given
the sophistication of the attack, many in the media pointed to the US
and Israeli military as potential creators of the worm. Even so, the
initial infection may have been the result of something far simpler: it’s
been suggested that the worm got into the system via a double
agent with an infected USB stick.[21]
Computer networks are only as strong as their weakest links. A
few years before the Stuxnet attack, hackers successfully accessed
a highly fortified US government system in Afghanistan. According to
journalist Fred Kaplan, Russian intelligence had supplied infected