I remember visiting sprawling markets in the Russian city of Leningrad, (present day St Petersburg) in the late 1980s. There, I was able to buy almost anything, even functional weapon systems. Nowadays there is no need to travel to Russia or anywhere else in order to find a much bigger marketplace where you can buy whatever you want. All you need to do is log onto the internet.
It is widely known that there are several companies who are openly (and some not so openly) selling offensive and spying capabilities online.
For example Israeli NSO Group sells offensive cybercapabilities that allow governments to remotely infect smartphones with spyware without leaving a trace.
The market for such cyberweapons is clearly growing, otherwise there would not be so many people trying to grab a slice. According to research carried out by Reuters, governments are the principal buyers for these capabilities.
Deals are often made without publicity and with concealed identities, which perfectly suits those looking to purchase such capabilities, as they can be governments or non-governmental actors.
In today's interconnected world, cybercapabilities are playing a strategic role in the security strategies of nation-states. In worst-case scenarios, cyberattacks can cause massive destruction, while cyberespionage is getting so sophisticated that it almost goes beyond our understanding.
The trend is clear – cyber is becoming more important and with the right capabilities one can be a strategic actor in the digital domain.
Selling weapons to Russia
The challenge facing international communities is that if someone has the motivation and the money, they can simply buy the capabilities.
Italian company Hacking Team is known for providing intrusive technology and surveillance systems to repressive regimes, which are known for illegally monitoring activists and unpredictable behaviour.
The company has been accused of selling highly-sophisticated cybertools to the most unstable countries in the world, such as Sudan and Ethiopia. The leaked documents show that the list of governments who have been customers of Hacking Team goes much beyond African states, including states like Poland, Saudi Arabia, and South Korea.
Russia is also on the list of countries using Hacking Team's tools. In the current security situation and considering EU sanctions against Russia, it must be asked if it is legal for an EU-based company to sell these kind of cybertools to Russia.
The leaked documents detailing Hacking Team's activities will hopefully activate the discussion on cyberarms trade rules around the world.
This is a much wider issue than the debate currently happening about Hacking Team, since there are many cyberarms sellers around the world, and first we should decide what it is exactly that we want to ban. There are still widely differing opinions about what should be considered a cyberweapon and most surveillance software is used for commercial purposes.
There is also a major difference in delivering physical weapons or cyberweapons to the buyer; tanks or missile systems are easier to spot moving across borders, while cyberweapons can be transferred in an instant across the internet.
This is related to the technical complexity of monitoring stockpiles of cyberweapons since they are easy to hide and can be stored at minimal cost.
The use of cyberweapons and cybersecurity technologies for warfare, espionage and political surveillance, poses huge practical and conceptual challenges for the international community.
The Hacking Team case shows that international rules and controls should be applied more efficiently to private companies which are producing shady cybercapabilities and related technologies, as they are for conventional weapons.
Jarno Limnéll is a professor of cybersecurity at Aalto University in Finland