Wassenaar Accords Restrict Indiscriminate Sale of Exploits

    The Wassenaar Agreements , which control the export of arms and related technologies for the US & EU, have been supplemented by an additional clause. We are talking about the fact that now software that is of the so-called type falls under control. dual-use technologies ( dual use Technologies ): 0day exploits, software spyware functions (spyware, backdoors), and basically any software that is developed by private companies, not for public use, and it can be exported to other countries.

    Now companies that are developing this type of software will have to coordinate with the state. the authorities of their country export software technologies to other countries, including, in the case of special competitions like Pwn2Own, in which 0day exploits are presented. Exploits could potentially be used as offensive weapons and their export will be controlled in the countries mentioned above.

    In a document that was adapted to reflect these changes, the following formulations are specified that define the concept of software that falls under control (cyber weapons).

    Intrusion software (offensive software) :
    “Software” specially designed or modified to avoid detection by 'monitoring tools', or to defeat 'protective countermeasures', of a computer or network capable device, and performing any of the following:
    a. The extraction of data or information, from a computer or network capable device, or the modification of system or user data; or
    b. The modification of the standard execution path of a program or process in order to allow the execution of externally provided instructions.

    IP network surveillance systems (spyware)
    5. A. 1. j. IP network communications surveillance systems or equipment, and specially designed components therefore, having all of the following:
    1. Performing all of the following on a carrier class IP network (eg, national grade IP backbone):
    a. Analysis at the application layer (eg, Layer 7 of Open Systems Interconnection (OSI) model (ISO / IEC 7498-1));
    b. Extraction of selected metadata and application content (eg, voice, video, messages, attachments); and
    c. Indexing of extracted data; and
    2. Specially the Designed for Being to the carry out all of the the following:
    a. Execution of searches on the basis of 'hard selectors'; and
    b. Mapping of the relational network of an individual or of a group of people.

    Thus, the regulator (government bodies) of the United States and the EU take control of digital technologies, which today are already weapons in cyberspace. Wassenaar Agreements are designed to limit for private companies the sales of technologies they develop to countries that are in conflict with NATO or the EU (or sanctions have been imposed on them).

    Also popular now: