The secret life of a cyber-vulnerability

Thumbnail Image
Radunovic, Vladimir
Veljasevic, Vladimir
Journal Title
Journal ISSN
Volume Title
The comic brings a worrying, yet realistic and educative story that follows a life of a cyber vulnerability, from its inception to its deployment for an actual cyberattack. Cyber-attacks of various purposes – for warfare or crimes, terrorism or political activism – commonly deploy the same types of cyber-weapons. Typically, (information about) a system vulnerability is embeddCybered into a software code called ‘exploit’ to penetrate the digital system. Additional code, called ‘payload’, is added to cause specific action for a particular target (like putting down an industrial control system, or sniffing and exfiltrating sensitive data). Unlike in the physical space, vulnerabilities can be discovered (and exploits and payloads developed) by civilians and groups that possess particular knowledge, rather than vast (financial and human) resources, such as companies or states. Vulnerabilities discovered in various available software or hardware should be responsibly disclosed to the authors, in order to issue patches and secure the services provided. This, however, is not a common scenario. Instead, vulnerabilities are traded and developed into weapons by various parties – including governments; and ignored by many – including companies and end-users. The responsibility for global cyber(in)security is, therefore, shared.