Gov'ts Are Paying Hackers Big Bucks for Software Bugs

Stuxnet created a market for software vulnerabilities
By Ruth Brown,  Newser Staff
Posted Jul 14, 2013 4:03 PM CDT
Gov'ts Are Paying Hackers Big Bucks for Software Bugs
This image details a focus of the notorious cyber virus Flamer.   (PRNewsFoto/Norman ASA)

Hackers no longer need to break into online banking sites or steal your credit card info to make money. Over the past few years, a new market has evolved where they can make serious cash without even breaking the law: finding bugs and vulnerabilities in popular software (think Windows, web browsers), then selling the information to governments, the New York Times reports. The hackers can also sell the info back to the software companies—Microsoft will pay up to $150,000 per flaw—but it's often more lucrative to sell to governments. "Governments are starting to say, 'In order to best protect my country, I need to find vulnerabilities in other countries,'" say a former White House cybersecurity coordinator. "The problem is that we all fundamentally become less secure."

Israel, Britain, Russia, India, and Brazil are some of the biggest customers, the Times reports, but Malaysia, Singapore, North Korea, and some Middle Eastern countries are also buying. Another customer? The NSA. One US-based company, Endgame, which trades in these bugs, is actually working with a former NSA director. A French company, Vupen, which specializes in bugs that can access systems like water treatment facilities, oil pipelines, and power plants, charges $100,000 just to see its catalog. Worried? You can thank the US and Israel, says the Times, who effectively created this market when they built the Stuxnet worm. (More computer virus stories.)

Get the news faster.
Tap to install our app.
X
Install the Newser News app
in two easy steps:
1. Tap in your navigation bar.
2. Tap to Add to Home Screen.

X