User:Junglekarmapizza/cyberweapons

The page I will be contributing to is Cyberweapons. The part currently labeled as Controls will become part of the history section. I have included more characteristics of cyberweapons, specifically that they cause physical damage and the particular dangers they present. I have also included a brief history of some of the more important cyberweapons/attacks. Finally, I discussed potential regulations of cyberweapons, of which there are currently none.

= Current Version of the Article = Cyberweapon is commonly defined as a malware agent employed for military, paramilitary, or intelligence objectives as part of a cyberattack. This includes computer viruses, trojans, spyware, and worms that can introduce corrupted code into existing software, causing a computer to perform actions or processes unintended by its operator.

Characteristics
Cyberweapon is usually sponsored or employed by a state or non-state actor, meets an objective that would otherwise require espionage or the use of force, and is employed against specific targets. A cyberweapon performs an action that would normally require a soldier or spy, and which would be considered either illegal or an act of war if performed directly by a human agent of the sponsor during peacetime. Legal issues include violating the privacy of the target and the sovereignty of its host nation. Example of such actions are surveillance, data theft and electronic or physical destruction. While a cyberweapon almost certainly results in either direct or indirect financial damages to the target group, direct financial gains for the sponsor are not a primary objective of this class of agent.

Unlike malware used by script kiddies to organize botnets, where the ownership, physical location, and normal role of the machines attacked is largely irrelevant, cyberweapons show high selectivity in either or both of their employment and their operation. Before the attack, cyberweapons usually identify the target using different methods. Likewise, malware employed by fraudsters for the theft of personal or financial information demonstrates lower selectivity and wider distribution.

While the term cyber weapon is frequently used by the press, some articles avoid it, instead using terms such as "internet weapon", "hack", or "virus". Mainstream researchers debate the requirements of the term while still referring to the employment of the agent as a "weapon", and the software development community in particular uses the term more rarely.

Examples
The following malware agents generally meet the criteria above, have been formally referred to in this manner by industry security experts, or have been described this way in government or military statements:


 * Duqu
 * Flame (malware)
 * Great Cannon
 * Mirai (malware)
 * Stuxnet
 * Wiper (malware)

Control
In 2017 data breaches showed that supposedly secure hacking tools used by government agencies can be obtained − and sometimes exposed − by third parties. Furthermore, it was reported that after losing control of such tools the government appears to leave "exploits open to be re-used by scammers, criminals, or anyone else − for any purpose". Claudio Guarnieri, a technologist from Amnesty International states: "what we learn from the disclosures and leaks of the last months is that unknown vulnerabilities are maintained secret even after they've been clearly lost, and that is plain irresponsible and unacceptable".

Also in that year WikiLeaks released the Vault 7 documents series that contain details of CIA exploits and tools with Julian Assange stating that they are working to "disarm" them before publication. Disarmament of cyber weapons may come in the form of contacting respective software vendors with information of vulnerabilities in their products as well as potential help with or autonomous development (for open source software) of patches.

Characteristics
Cyberweapon is usually sponsored or employed by a state or non-state actor, meets an objective that would otherwise require espionage or the use of force, and is employed against specific targets. A cyberweapon performs an action that would normally require a soldier or spy, and which would be considered either illegal or an act of war if performed directly by a human agent of the sponsor during peacetime. Legal issues include violating the privacy of the target and the sovereignty of its host nation. Example of such actions are surveillance, data theft and electronic or physical destruction. While a cyberweapon almost certainly results in either direct or indirect financial damages to the target group, direct financial gains for the sponsor are not a primary objective of this class of agent. '''Often, though not always, cyberweapons are associated with causing physical or functional harm to the system which it attacks, despite being software. However, there is no consensus on what officially constitutes a cyberweapon .'''

Unlike malware used by script kiddies to organize botnets, where the ownership, physical location, and normal role of the machines attacked is largely irrelevant, cyberweapons show high selectivity in either or both of their employment and their operation. Before the attack, cyberweapons usually identify the target using different methods. Likewise, malware employed by fraudsters for the theft of personal or financial information demonstrates lower selectivity and wider distribution.

'''Cyberweapons are dangerous for multiple reasons. They are typically difficult to track or defend against due to their lack of physical components. This allows them to hide in systems undetected until their attack is unleashed. Many of these attacks exploit "zero days:" vulnerabilities in software that get their name from the idea that when a company finds one of these vulnerabilities, they have zero days to fix it since due to their vulnerability. They are also significantly cheaper to produce than cyber defenses to protect against them. Oftentimes, cyberweapons from one force are obtained by an opposing force and are then repurposed to be used against the original force .'''

While the term cyber weapon is frequently used by the press, some articles avoid it, instead using terms such as "internet weapon", "hack", or "virus". Mainstream researchers debate the requirements of the term while still referring to the employment of the agent as a "weapon", and the software development community in particular uses the term more rarely.

History
'''Stuxnet was among the first and most influential cyberweapons. In 2010, it was launched by the United States and Israel to attack Iranian nuclear facilities. Prior to Stuxnet's attack, cyberwarfare was not considered as an eminent threat; with Stuxnet's introduction, it became a reality. Stuxnet was also the first time a nation used a cyberweapon to attack another nation. In retaliation following the Stuxnet attacks by the United States and Israel, Iran used cyberweapons to target top American financial institutions, including the New York Stock Exchange .'''

'''Stuxnet was subsequently followed by Duqu in 2011 and Flame in 2012. Flame was, at the time, considered to be "the most complex malware ever found." It used vulnerabilities in Microsoft Windows to spread. It was deployed against groups primarily in the Middle East and specifically targeted Iranian oil terminals .'''

In 2017 data breaches showed that supposedly secure hacking tools used by government agencies can be obtained − and sometimes exposed − by third parties. Furthermore, it was reported that after losing control of such tools the government appears to leave "exploits open to be re-used by scammers, criminals, or anyone else − for any purpose". Claudio Guarnieri, a technologist from Amnesty International states: "what we learn from the disclosures and leaks of the last months is that unknown vulnerabilities are maintained secret even after they've been clearly lost, and that is plain irresponsible and unacceptable".

Also in that year WikiLeaks released the Vault 7 documents series that contain details of CIA exploits and tools with Julian Assange stating that they are working to "disarm" them before publication. Disarmament of cyber weapons may come in the form of contacting respective software vendors with information of vulnerabilities in their products as well as potential help with or autonomous development (for open source software) of patches.

'''The exploitation of hacking tools by third parties has particularly affected the United States National Security Agency (NSA). In 2016, information about NSA hacking tools were captured by a Chinese hacking group, ATP3, that allowed them to reverse engineer their own version of the tool. It was subsequently used against European and Asian nations, though the United States was not targeted. Later that year, an anonymous group called the "Shadow Brokers" leaked NSA tools online. These two groups are not known to be affiliated, and ATP3 had access to the tools at least a year before the Shadow Brokers leak. The Shadow Brokers leaks were accompanied by blog posts, using misspelled English, with some of the posts being critical of the Trump administration. The leaked tools were developed by the Equation Group, a cyberwarfare that works with the NSA .'''

'''Among the tools leaked by the Shadow Brokers was EternalBlue, which the NSA had used to exploit bugs in Microsoft Windows. This prompted Microsoft to issue updates to guard against the tool. When the Shadow Brokers publicly released EternalBlue, it was quickly used by North Korean and Russian hackers, who formed it into the ransomware WannaCry and NotPetya, respectively .'''

NotPetya, which was initially launched in Ukraine but subsequently spread around the world, encrypted hard drives and forced users to pay a ransom fee for their data, despite never actually giving the data back .

In September of 2018, the United States Department of Defense officially confirmed that the United States uses cyberweapons to advance national interests .

Potential Regulations
'''While there has been no full regulation of cyberweapons, possible systems of regulation have been proposed. One system would have cyberweapons, when not being used by a state, subject to criminal law of the country and, when being used by a state, subject to international laws on warfare. Most proposed systems rely on international law and enforcement to stop the inappropriate use of cyberweaponry. Consider the novelty of the weapons, there has also been discussion about how previously existing laws, not designed with cyberweapons in mind, apply to them .'''

Edit by Claudia Ng
Cyberweapon is commonly defined as a malware agent employed for military, paramilitary, or intelligence objectives as part of a cyberattack. This includes computer viruses, trojans, spyware, and worms that can introduce corrupted code into existing software, causing a computer to perform actions or processes unintended by its operator.

Characteristics
Cyberweapon is usually sponsored or employed by a state or non-state actor, meets an objective that would otherwise require espionage or the use of force, and is employed against specific targets. A cyberweapon performs an action that would normally require a soldier or spy, and which would be considered either illegal or an act of war if performed directly by a human agent of the sponsor during peacetime. Legal issues include violating the privacy of the target and the sovereignty of its host nation. Example of such actions are surveillance, data theft and electronic or physical destruction. While a cyberweapon almost certainly results in either direct or indirect financial damages to the target group, direct financial gains for the sponsor are not a primary objective of this class of agent. '''Often, though not always, cyberweapons are associated with causing physical or functional harm to the system which it attacks, despite being software. However, there is no consensus on what officially constitutes a cyberweapon .'''

Unlike malware used by script kiddies to organize botnets, where the ownership, physical location, and normal role of the machines attacked is largely irrelevant, cyberweapons show high selectivity in either or both of their employment and their operation. Before the attack, cyberweapons usually identify the target using different methods. Likewise, malware employed by fraudsters for the theft of personal or financial information demonstrates lower selectivity and wider distribution.

'''Cyberweapons are dangerous for multiple reasons. They are typically difficult to track or defend against due to their lack of physical components. This allows them to hide in systems undetected until their attack is unleashed. Many of these attacks exploit "zero days" (i.e. vulnerabilities in software that companies get their name from the idea that when a company finds one of these vulnerabilities, they have zero days to fix it since due to their vulnerability). They are also significantly cheaper to produce than cyber defenses to protect against them. Oftentimes, cyberweapons from one force are obtained by an opposing force and are then repurposed to be used against the original force .'''

While the term cyber weapon is frequently used by the press, some articles avoid it, instead using terms such as "internet weapon", "hack", or "virus". Mainstream researchers debate the requirements of the term while still referring to the employment of the agent as a "weapon", and the software development community in particular uses the term more rarely.

History
'''Stuxnet was among the first and most influential cyberweapons. In 2010, it was launched by the United States and Israel to attack Iranian nuclear facilities. Prior to Stuxnet's attack, cyberwarfare was not considered as an eminent threat; with Stuxnet's introduction, it became a reality. Stuxnet was also the first time a nation used a cyberweapon to attack another nation. Following the In retaliation following the Stuxnet attacks, by the United States and Israel, Iran used cyberweapons to target top American financial institutions in retaliation to the United States and Israel, including the New York Stock Exchange .'''

'''Stuxnet was subsequently followed by Duqu in 2011 and Flame in 2012. Flame was, at the time, considered to be "the most complex malware ever found." It used vulnerabilities in Microsoft Windows to spread. It was deployed against groups primarily in the Middle East and specifically targeted Iranian oil terminals .'''

In 2017 data breaches showed that supposedly secure hacking tools used by government agencies can be obtained − and sometimes exposed − by third parties. Furthermore, it was reported that after losing control of such tools the government appears to leave "exploits open to be re-used by scammers, criminals, or anyone else − for any purpose". Claudio Guarnieri, a technologist from Amnesty International states: "what we learn from the disclosures and leaks of the last months is that unknown vulnerabilities are maintained secret even after they've been clearly lost, and that is plain irresponsible and unacceptable".

Also in that year WikiLeaks released the Vault 7 documents series that contain details of CIA exploits and tools with Julian Assange stating that they are working to "disarm" them before publication. Disarmament of cyber weapons may come in the form of contacting respective software vendors with information of vulnerabilities in their products as well as potential help with or autonomous development (for open source software) of patches.

'''The exploitation of hacking tools by third parties has particularly affected the United States National Security Agency (NSA). In 2016, information about NSA hacking tools were captured by a Chinese hacking group, ATP3, that allowed them to reverse engineer their own version of the tool. It was subsequently used against European and Asian nations, though the United States was not targeted. Later that year, an anonymous group called the "Shadow Brokers" leaked NSA tools online. These two groups are not known to be affiliated, and ATP3 had access to the tools at least a year before the Shadow Brokers leak. The Shadow Brokers leaks were accompanied by blog posts, using misspelled English, with some of the posts being critical of the Trump administration. The leaked tools were developed by the Equation Group, a cyberwarfare that works with the NSA .'''

'''Among the tools leaked by the Shadow Brokers was EternalBlue, which the NSA had used to exploit bugs in Microsoft Windows. This prompted Microsoft to issue updates to guard against the tool. When the Shadow Brokers publicly released EternalBlue, it was quickly used by North Korean and Russian hackers, who formed it into the ransomware WannaCry and NotPetya, respectively .'''

NotPetya, which was initially launched in Ukraine but subsequently spread around the world, encrypted hard drives and forced users to pay a ransom fee for their data, despite never actually giving the data back .

In September of 2018, the United States Department of Defense officially confirmed that the United States uses cyberweapons to advance national interests .

Potential Regulations
'''While there has been no full regulation of cyberweapons, possible systems of regulation have been proposed. One system would have cyberweapons, when not being used by a state, subject to criminal law of the country and, when being used by a state, subject to international laws on warfare. Most proposed systems rely on international law and enforcement to stop the inappropriate use of cyberweaponry. Considering the novelty of the weapons, there has also been discussion about how previously existing laws, not designed with cyberweapons in mind, apply to them .'''

Characteristics
Cyberweapon is usually sponsored or employed by a state or non-state actor, meets an objective that would otherwise require espionage or the use of force, and is employed against specific targets. A cyberweapon performs an action that would normally require a soldier or spy, and which would be considered either illegal or an act of war if performed directly by a human agent of the sponsor during peacetime. Legal issues include violating the privacy of the target and the sovereignty of its host nation. Example of such actions are surveillance, data theft and electronic or physical destruction. While a cyberweapon almost certainly results in either direct or indirect financial damages to the target group, direct financial gains for the sponsor are not a primary objective of this class of agent. 'Often, though not always, cyberweapons are associated with causing physical or functional harm to the system which it attacks, despite being software [I think you can delete the citation here as this sentence and the next sentence both come from the nature paper'']. However, there is no consensus on what officially constitutes a cyberweapon .'''

Unlike malware used by script kiddies to organize botnets, where the ownership, physical location, and normal role of the machines attacked is largely irrelevant, cyberweapons show high selectivity in either or both of their employment and their operation. Before the attack, cyberweapons usually identify the target using different methods. Likewise, malware employed by fraudsters for the theft of personal or financial information demonstrates lower selectivity and wider distribution.

'''Cyberweapons are dangerous for multiple reasons. They are typically difficult to track or defend against due to their lack of physical components. This [Unclear antecedent; Maybe change it to "The anonymity"?] allows them to hide in systems undetected until their attack is unleashed. Many of these attacks exploit "zero days:" vulnerabilities in software that get their name from the idea that when a company finds one of these vulnerabilities, they have zero days to fix it since due to their vulnerability. They are also significantly cheaper to produce than cyber defenses to protect against them. Oftentimes, cyberweapons from one force are obtained by an opposing force and are then repurposed to be used against the original force .'''

While the term cyber weapon is frequently used by the press, some articles avoid it, instead using terms such as "internet weapon", "hack", or "virus". Mainstream researchers debate the requirements of the term while still referring to the employment of the agent as a "weapon", and the software development community in particular uses the term more rarely.

History
'''Stuxnet was among the first and most influential cyberweapons. In 2010, it was launched by the United States and Israel to attack Iranian nuclear facilities. Prior to Stuxnet's attack, cyberwarfare was not considered as an eminent threat; with Stuxnet's introduction, it became a reality. Stuxnet was also the first time a nation used a cyberweapon to attack another nation. In retaliation following the Stuxnet attacks by the United States and Israel, Iran used cyberweapons to target top American financial institutions, including the New York Stock Exchange .'''

'''Stuxnet was subsequently followed by Duqu in 2011 and Flame in 2012. Flame was, at the time, considered to be "the most complex malware ever found." It used vulnerabilities in Microsoft Windows to spread. [''I don't think a reference on guardian can be considered as a reliable citation as press usually has its own political tendency. I suggest to change this sentence and find something from a journal or a conference''] It was deployed against groups primarily in the Middle East and specifically targeted Iranian oil terminals. [''Same as here. Suggest to change the source]'

In 2017 data breaches showed that supposedly secure hacking tools used by government agencies can be obtained − and sometimes exposed − by third parties. Furthermore, it was reported that after losing control of such tools the government appears to leave "exploits open to be re-used by scammers, criminals, or anyone else − for any purpose". Claudio Guarnieri, a technologist from Amnesty International states: "what we learn from the disclosures and leaks of the last months is that unknown vulnerabilities are maintained secret even after they've been clearly lost, and that is plain irresponsible and unacceptable".

Also in that year WikiLeaks released the Vault 7 documents series that contain details of CIA exploits and tools with Julian Assange stating that they are working to "disarm" them before publication. Disarmament of cyber weapons may come in the form of contacting respective software vendors with information of vulnerabilities in their products as well as potential help with or autonomous development (for open source software) of patches.

'''The exploitation of hacking tools by third parties has particularly affected the United States National Security Agency (NSA). In 2016, information about NSA hacking tools were captured by a Chinese hacking group, ATP3, that allowed them to reverse engineer their own version of the tool. It was subsequently used against European and Asian nations, though the United States was not targeted. Later that year, an anonymous group called the "Shadow Brokers" leaked NSA tools online. These two groups are not known to be affiliated, and ATP3 had access to the tools at least a year before the Shadow Brokers leak. [''Not a reliable secondary source. Suggesting to change the citation'']The Shadow Brokers leaks were accompanied by blog posts, using misspelled English, with some of the posts being critical of the Trump administration. The leaked tools were developed by the Equation Group, a cyberwarfare that works with the NSA .'''

'''Among the tools leaked by the Shadow Brokers was EternalBlue, which the NSA had used to exploit bugs in Microsoft Windows [Websites are not reliable secondary source]. This prompted Microsoft to issue updates to guard against the tool [Websites are not reliable secondary source]. When the Shadow Brokers publicly released EternalBlue, it was quickly used by North Korean and Russian hackers, who formed it into the ransomware WannaCry and NotPetya, respectively .'''

NotPetya, which was initially launched in Ukraine but subsequently spread around the world, encrypted hard drives and forced users to pay a ransom fee for their data, despite never actually giving the data back .

In September of 2018, the United States Department of Defense officially confirmed that the United States uses cyberweapons to advance national interests .

Potential Regulations
'''While there has been no full regulation of cyberweapons, possible systems of regulation have been proposed. One system would have cyberweapons, when not being used by a state, subject to criminal law of the country and, when being used by a state, subject to international laws on warfare. Most proposed systems rely on international law and enforcement to stop the inappropriate use of cyberweaponry. Consider the novelty of the weapons, there has also been discussion about how previously existing laws, not designed with cyberweapons in mind, apply to them .'''

=== Overall comment: I really enjoy reading your topic! And I think in terms of the article organization, you did a great job. However, I also spotted one issue: it seems like you have a lot of references from websites like CNNMoney, Forbes, Guardian. Based on the wikipedia training, I do not think they are at a neutral stand points. Moreover, they cannot be considered as reliable secondary material as some of the articles may not be peer-reviewed. Therefore, I suggest you to change all arguments derived from these websites. Great job! === = Edit By Jack Casey = Cyberweapon is commonly defined as a malware agent employed for military, paramilitary, or intelligence objectives as part of a cyberattack. This includes computer viruses, trojans, spyware, and worms that can introduce corrupted code into existing software, causing a computer to perform actions or processes unintended by its operator.

Characteristics
Cyberweapon is usually sponsored or employed by a state or non-state actor, meets an objective that would otherwise require espionage or the use of force, and is employed against specific targets. A cyberweapon performs an action that would normally require a soldier or spy, and which would be considered either illegal or an act of war if performed directly by a human agent of the sponsor during peacetime. Legal issues include violating the privacy of the target and the sovereignty of its host nation. Example of such actions are surveillance, data theft and electronic or physical destruction. While a cyberweapon almost certainly results in either direct or indirect financial damages to the target group, direct financial gains for the sponsor are not a primary objective of this class of agent. '''Often, though not always, cyberweapons are associated with causing physical or functional harm to the system which it attacks, despite being software. However, there is no consensus on what officially constitutes a cyberweapon .'''

Unlike malware used by script kiddies to organize botnets, where the ownership, physical location, and normal role of the machines attacked is largely irrelevant, cyberweapons show high selectivity in either or both of their employment and their operation. Before the attack, cyberweapons usually identify the target using different methods. Likewise, malware employed by fraudsters for the theft of personal or financial information demonstrates lower selectivity and wider distribution.

'''Cyberweapons are dangerous for multiple reasons. They are typically difficult to track or defend against due to their lack of physical components. This allows them to hide in systems undetected until their attack is unleashed. Many of these attacks exploit "zero days:" vulnerabilities in software that get their name from the idea that when a company finds one of these vulnerabilities, they have zero days to fix it since due to their vulnerability .' [I think you may want to reword this sentence as the etymology of 'zero day' is irrelevant, and it is unclear who 'they' are at the end. I also believe the term is 'zero day', and you may want to link to the wikipedia article on the subject]'' They are also significantly cheaper to produce than cyber defenses to protect against them . Oftentimes, cyberweapons from one force are obtained by an opposing force and are then repurposed to be used against the original force .

While the term cyber weapon is frequently used by the press, some articles avoid it, instead using terms such as "internet weapon", "hack", or "virus". Mainstream researchers debate the requirements of the term while still referring to the employment of the agent as a "weapon", and the software development community in particular uses the term more rarely.

History
'''Stuxnet was among the first and most influential cyberweapons. In 2010, it was launched by the United States and Israel to attack Iranian nuclear facilities. Prior to Stuxnet's attack, cyberwarfare was not considered as an eminent threat; with Stuxnet's introduction, it became a reality . [This strikes me as having a weird tone for the article.] Stuxnet was also the first time a nation used a cyberweapon to attack another nation. In retaliation following the Stuxnet attacks by the United States and Israel, Iran used cyberweapons to target top American financial institutions, including the New York Stock Exchange .'''

'''Stuxnet was subsequently followed by Duqu in 2011 and Flame in 2012. Flame was, at the time, considered to be "the most complex malware ever found." [I would discourage the use of quotes here, especially if you don't put in text who is saying this] It used vulnerabilities in Microsoft Windows to spread. It was deployed against groups primarily in the Middle East and specifically targeted Iranian oil terminals .'''

In 2017 data breaches showed that supposedly secure hacking tools used by government agencies can be obtained − and sometimes exposed − by third parties. Furthermore, it was reported that after losing control of such tools the government appears to leave "exploits open to be re-used by scammers, criminals, or anyone else − for any purpose". Claudio Guarnieri, a technologist from Amnesty International states: "what we learn from the disclosures and leaks of the last months is that unknown vulnerabilities are maintained secret even after they've been clearly lost, and that is plain irresponsible and unacceptable".

Also in that year WikiLeaks released the Vault 7 documents series that contain details of CIA exploits and tools with Julian Assange stating that they are working to "disarm" them before publication. Disarmament of cyber weapons may come in the form of contacting respective software vendors with information of vulnerabilities in their products as well as potential help with or autonomous development (for open source software) of patches.

'''The exploitation of hacking tools by third parties has particularly affected the United States National Security Agency (NSA). In 2016, information about NSA hacking tools  was  captured by a Chinese hacking group, ATP3, that allowed them to reverse engineer their own version of the tool. It was subsequently used against European and Asian nations, though the United States was not targeted. Later that year, an anonymous group called the "Shadow Brokers" leaked NSA tools online. These two groups are not known to be affiliated, and ATP3 had access to the tools at least a year before the Shadow Brokers leak. The Shadow Brokers leaks were accompanied by blog posts, using misspelled English, with some of the posts being critical of the Trump administration .' [ Is this last sentence relevant? ]  The leaked tools were developed by the Equation Group, a cyberwarfare [Group? Unit?]'' that works with the NSA .

'''Among the tools leaked by the Shadow Brokers was EternalBlue, which the NSA had used to exploit bugs in Microsoft Windows. This prompted Microsoft to issue updates to guard against the tool. When the Shadow Brokers publicly released EternalBlue, it was quickly used by North Korean and Russian hackers, who formed it into the ransomware WannaCry and NotPetya, respectively .'''

NotPetya, which was initially launched in Ukraine but subsequently spread around the world, encrypted hard drives and forced users to pay a ransom fee for their data, despite never actually giving the data back . [Should this go in the above paragraph?]

In September of 2018, the United States Department of Defense officially confirmed that the United States uses cyberweapons to advance national interests .

Potential Regulations
'''While there has been no full regulation of cyberweapons, possible systems of regulation have been proposed. One system would have cyberweapons, when not being used by a state, subject to criminal law of the country and, when being used by a state, subject to international laws on warfare. Most proposed systems rely on international law and enforcement to stop the inappropriate use of cyberweaponry . Considering the novelty of the weapons, there has also been discussion about how previously existing laws, not designed with cyberweapons in mind, apply to them .'''

My Thoughts
See my comments in [italics and brackets], and see my direct edits in  underlined italics . I think you did a good job overall. There were a few sentences that I felt could be reworded, and a few where I though the sentence wasn't that relevant. I do acknowledge that I could have the wrong judgement on these, so treat everything with a grain of salt.

Strong work.

--JackCasey067 (talk) 19:07, 7 May 2022 (UTC)

= Edit Yamato Hart =

Characteristics
Cyberweapon is usually sponsored or employed by a state or non-state actor, meets an objective that would otherwise require espionage or the use of force, and is employed against specific targets. A cyberweapon performs an action that would normally require a soldier or spy, and which would be considered either illegal or an act of war if performed directly by a human agent of the sponsor during peacetime. Legal issues include violating the privacy of the target and the sovereignty of its host nation. Example of such actions are surveillance, data theft and electronic or physical destruction. While a cyberweapon almost certainly results in either direct or indirect financial damages to the target group, direct financial gains for the sponsor are not a primary objective of this class of agent. '''Often, though not always, [This statement seems reduntant] cyberweapons are associated with causing physical or functional harm to the system which it attacks, despite being software. However, there is no consensus on what officially constitutes a cyberweapon .'''

Unlike malware used by script kiddies to organize botnets, where the ownership, physical location, and normal role of the machines attacked is largely irrelevant, cyberweapons show high selectivity in either or both of their employment and their operation. Before the attack, cyberweapons usually identify the target using different methods. Likewise, malware employed by fraudsters for the theft of personal or financial information demonstrates lower selectivity and wider distribution.

'''Cyberweapons are dangerous for multiple reasons. They are typically difficult to track or defend against due to their lack of physical components. This allows them to hide in systems undetected until their attack is unleashed. Many of these attacks exploit "zero days:" vulnerabilities in software that get their name from the idea that when a company finds one of these vulnerabilities, they have zero days to fix it since due to their vulnerability. They are also significantly cheaper to produce than cyber defenses to protect against them. Oftentimes, cyberweapons from one force are obtained by an opposing force and are then repurposed to be used against the original force .'''

While the term cyber weapon is frequently used by the press, some articles avoid it, instead using terms such as "internet weapon", "hack", or "virus". Mainstream researchers debate the requirements of the term while still referring to the employment of the agent as a "weapon", and the software development community in particular uses the term more rarely.

History
'''Stuxnet was among the first and most influential cyberweapons. In 2010, it was launched by the United States and Israel to attack Iranian nuclear facilities. Prior to Stuxnet's attack, cyberwarfare was not considered as an eminent threat; with Stuxnet's introduction, it became a reality. Stuxnet was also the first time a nation used a cyberweapon to attack another nation. In retaliation following the Stuxnet attacks by the United States and Israel, Iran used cyberweapons to target top American financial institutions, including the New York Stock Exchange .'''

'''Stuxnet was subsequently followed by Duqu in 2011 and Flame in 2012. Flame was, at the time, considered to be "the most complex malware ever found." It used vulnerabilities in Microsoft Windows to spread. It was deployed against groups primarily in the Middle East and specifically targeted Iranian oil terminals .'''

In 2017 data breaches showed that supposedly secure hacking tools used by government agencies can be obtained − and sometimes exposed − by third parties. Furthermore, it was reported that after losing control of such tools the government appears to leave "exploits open to be re-used by scammers, criminals, or anyone else − for any purpose". Claudio Guarnieri, a technologist from Amnesty International states: "what we learn from the disclosures and leaks of the last months is that unknown vulnerabilities are maintained secret even after they've been clearly lost, and that is plain irresponsible and unacceptable".

Also in that year WikiLeaks released the Vault 7 documents series that contain details of CIA exploits and tools with Julian Assange stating that they are working to "disarm" them before publication. Disarmament of cyber weapons may come in the form of contacting respective software vendors with information of vulnerabilities in their products as well as potential help with or autonomous development (for open source software) of patches.

'''The exploitation of hacking tools by third parties has particularly affected the United States National Security Agency (NSA). In 2016, information about NSA hacking tools were captured by a Chinese hacking group, ATP3, that allowed them to reverse engineer their own version of the tool. It was subsequently used against European and Asian nations, though the United States was not targeted. Later that year, an anonymous group called the "Shadow Brokers" leaked NSA tools online. These two groups are not known to be affiliated, and ATP3 had access to the tools at least a year before the Shadow Brokers leak. The Shadow Brokers leaks were accompanied by blog posts, using misspelled English, with some of the posts being critical of the Trump administration. The leaked tools were developed by the Equation Group, a cyberwarfare that works with the NSA .'''

'''Among the tools leaked by the Shadow Brokers was EternalBlue, which the NSA had used to exploit bugs in Microsoft Windows. This prompted Microsoft to issue updates to guard against the tool. When the Shadow Brokers publicly released EternalBlue, it was quickly used by North Korean and Russian hackers, who formed it into the ransomware WannaCry and NotPetya, respectively .'''

NotPetya, which was initially launched in Ukraine but subsequently spread around the world, encrypted hard drives and forced users to pay a ransom fee for their data, despite never actually giving the data back .

In September of 2018, the United States Department of Defense officially confirmed that the United States uses cyberweapons to advance national interests .

Potential Regulations
'''While there has been no full regulation of cyberweapons, possible systems of regulation have been proposed. One system would have cyberweapons, when not being used by a state, subject to criminal law of the country and, when being used by a state, subject to international laws on warfare. Most proposed systems rely on international law and enforcement to stop the inappropriate use of cyberweaponry. Consider [considering?]the novelty of the weapons, there has also been discussion about how previously existing laws, not designed with cyberweapons in mind, apply to them .'''

Revised Edition Post Peer Review
Before this revised version is considered, I would like to mention two things. One of my peer reviews talked about my sources, many of which came from news sites. I checked in the training, and these are concerned to be good sources for Wikipedia (a lot of articles related to my topic used these) but I also went through and revised some of my sources. Second, I forgot to include the examples section (which is unedited) as a part of my draft. My bad! Just wanted to mention it.

Cyberweapon is commonly defined as a malware agent employed for military, paramilitary, or intelligence objectives as part of a cyberattack. This includes computer viruses, trojans, spyware, and worms that can introduce corrupted code into existing software, causing a computer to perform actions or processes unintended by its operator.

Characteristics
Cyberweapon is usually sponsored or employed by a state or non-state actor, meets an objective that would otherwise require espionage or the use of force, and is employed against specific targets. A cyberweapon performs an action that would normally require a soldier or spy, and which would be considered either illegal or an act of war if performed directly by a human agent of the sponsor during peacetime. Legal issues include violating the privacy of the target and the sovereignty of its host nation. Example of such actions are surveillance, data theft and electronic or physical destruction. While a cyberweapon almost certainly results in either direct or indirect financial damages to the target group, direct financial gains for the sponsor are not a primary objective of this class of agent. Often cyberweapons are associated with causing physical or functional harm to the system which it attacks, despite being software. However, there is no consensus on what officially constitutes a cyberweapon.

Unlike malware used by script kiddies to organize botnets, where the ownership, physical location, and normal role of the machines attacked is largely irrelevant, cyberweapons show high selectivity in either or both of their employment and their operation. Before the attack, cyberweapons usually identify the target using different methods. Likewise, malware employed by fraudsters for the theft of personal or financial information demonstrates lower selectivity and wider distribution.

Cyberweapons are dangerous for multiple reasons. They are typically difficult to track or defend against due to their lack of physical components. Their anonymity allows them to hide in systems undetected until their attack is unleashed. Many of these attacks exploit "zero days" (vulnerabilities in software that companies have zero days to fix). They are also significantly cheaper to produce than cyber defenses to protect against them. Oftentimes, cyberweapons from one force are obtained by an opposing force and are then repurposed to be used against the original force, as can be seen with the cyberweapons WannaCry and NotPetya.

While the term cyber weapon is frequently used by the press, some articles avoid it, instead using terms such as "internet weapon", "hack", or "virus". Mainstream researchers debate the requirements of the term while still referring to the employment of the agent as a "weapon", and the software development community in particular uses the term more rarely.

Examples
The following malware agents generally meet the criteria above, have been formally referred to in this manner by industry security experts, or have been described this way in government or military statements:


 * Duqu
 * Flame (malware)
 * Great Cannon
 * Mirai (malware)
 * Stuxnet
 * Wiper (malware)

History
Stuxnet was among the first and one of the most influential cyberweapons. In 2010, it was launched by the United States and Israel to attack Iranian nuclear facilities. Stuxnet is considered to be the first major cyberweapon. Stuxnet was also the first time a nation used a cyberweapon to attack another nation. Following the Stuxnet attacks, Iran used cyberweapons to target top American financial institutions, including the New York Stock Exchange.

Stuxnet was subsequently followed by Duqu in 2011 and Flame in 2012. Flame's complexity was unmatched at the time. It used vulnerabilities in Microsoft Windows to spread. It specifically targeted Iranian oil terminals.

In 2017 data breaches showed that supposedly secure hacking tools used by government agencies can be obtained − and sometimes exposed − by third parties. Furthermore, it was reported that after losing control of such tools the government appears to leave "exploits open to be re-used by scammers, criminals, or anyone else − for any purpose". Claudio Guarnieri, a technologist from Amnesty International states: "what we learn from the disclosures and leaks of the last months is that unknown vulnerabilities are maintained secret even after they've been clearly lost, and that is plain irresponsible and unacceptable".

Also in that year WikiLeaks released the Vault 7 documents series that contain details of CIA exploits and tools with Julian Assange stating that they are working to "disarm" them before publication. Disarmament of cyber weapons may come in the form of contacting respective software vendors with information of vulnerabilities in their products as well as potential help with or autonomous development (for open source software) of patches.

The exploitation of hacking tools by third parties has particularly affected the United States National Security Agency (NSA). In 2016, information about NSA hacking tools was captured by a Chinese hacking group, ATP3, that allowed them to reverse engineer their own version of the tool. It was subsequently used against European and Asian nations, though the United States was not targeted. Later that year, an anonymous group called the "Shadow Brokers" leaked NSA tools online. These two groups are not known to be affiliated, and ATP3 had access to the tools at least a year before the Shadow Brokers leak. The leaked tools were developed by the Equation Group, a cyberwarfare group that works with the NSA.

Among the tools leaked by the Shadow Brokers was EternalBlue, which the NSA had used to exploit bugs in Microsoft Windows. This prompted Microsoft to issue updates to guard against the tool. When the Shadow Brokers publicly released EternalBlue, it was quickly used by North Korean and Russian hackers, who formed it into the ransomware WannaCry and NotPetya, respectively. NotPetya, which was initially launched in Ukraine but subsequently spread around the world, encrypted hard drives and forced users to pay a ransom fee for their data, despite never actually giving the data back.

In September of 2018, the United States Department of Defense officially confirmed that the United States uses cyberweapons to advance national interests.

Potential Regulations
While there has been no full regulation of cyberweapons, possible systems of regulation have been proposed. One system would have cyberweapons, when not being used by a state, subject to criminal law of the country and, when being used by a state, subject to international laws on warfare. Most proposed systems rely on international law and enforcement to stop the inappropriate use of cyberweaponry. Considering the novelty of the weapons, there has also been discussion about how previously existing laws, not designed with cyberweapons in mind, apply to them.