The news comes via an article about two Italian hackers, Luigi Auriemma, 32, and Donato Ferrante, 28, who sell technical details of such vulnerabilities to countries that want to break into the computer systems of foreign adversaries.
The two will not reveal the clients of their company, ReVuln, but big buyers of services like theirs include the National Security Agency — which seeks the flaws for America’s growing arsenal of cyberweapons — and American adversaries like the Revolutionary Guards of Iran. All over the world, from South Africa to South Korea, business is booming in what hackers call “zero days,” the coding flaws in software like Microsoft Windows that can give a buyer unfettered access to a computer and any business, agency or individual dependent on one.
Last month, Microsoft reportedly increased the amount it was willing to pay for zero-day flaws to $150,000. However, companies like Microsoft are being outbid by countries who want to achieve the success of worms like Stuxnet.
“Governments are starting to say, ‘In order to best protect my country, I need to find vulnerabilities in other countries,’ ” said Howard Schmidt, a former White House cybersecurity coordinator. “The problem is that we all fundamentally become less secure.”
The NYT says that Apple does not have a program to pay hackers for discovering vulnerabilities in its software; however, exploits for iOS are some of the most coveted. Two sources told the paper that an iOS zero-day exploit sold for $500,000.
Read More [via Reddit]