• Hackers selling info on software bugs worldwide
    By
     | July 14,2013
     

    On the tiny Mediterranean island of Malta, two Italian hackers have been searching for bugs — not the island’s many beetle varieties, but secret flaws in computer code that governments pay hundreds of thousands of dollars to learn about and exploit.

    The hackers, Luigi Auriemma, 32, and Donato Ferrante, 28, sell technical details of such vulnerabilities to countries that want to break into the computer systems of foreign adversaries. The two will not reveal the clients of their company, ReVuln, but big buyers of services like theirs include the National Security Agency — which seeks the flaws for America’s growing arsenal of cyberweapons — and U.S. adversaries like the Iranian Revolutionary Guard.

    All over the world, from South Africa to South Korea, business is booming in what hackers call “zero days,” the coding flaws in software like Microsoft’s Windows that can give a buyer unfettered access to a computer and any business, agency, or individual dependent on one.

    Just a few years ago, hackers like Auriemma and Ferrante would have sold the knowledge of coding flaws to companies like Microsoft and Apple, which would fix them. Last month, Microsoft sharply increased the amount it was willing to pay for such flaws, raising its top offer to $150,000.

    Increasingly, however, the businesses are being outbid by countries with the goal of exploiting the flaws in pursuit of the kind of success, albeit temporary, that the United States and Israel achieved three summers ago when they attacked Iran’s nuclear enrichment program with a computer worm that became known as “Stuxnet.’’

    The flaws get their name from the fact that once discovered, “zero days” exist for the user of the computer system to fix them before hackers can take advantage of the vulnerability. A “zero-day exploit” occurs when hackers or governments strike by using the flaw before anyone else knows it exists, like a burglar who finds, after months of probing, that there is a previously undiscovered way to break into a house without sounding an alarm.

    “Governments are starting to say, ‘In order to best protect my country, I need to find vulnerabilities in other countries,’” said Howard Schmidt, the former White House cybersecurity coordinator. “The problem is that we all fundamentally become less secure.”

    MORE IN Wire News
    LOS ANGELES — A thunderstorm formed so rapidly over a Southern California beach that experts said... Full Story
    Rare storm at California beach hard to see coming
    WASHINGTON — The Federal Aviation Administration said Monday it is proposing a $12 million civil... Full Story
    FAA proposes to fine Southwest Airlines $12M
    SHAKHTARSK, Ukraine — Heavy fighting raged Monday around the Malaysia Airlines debris field, once... Full Story
    Police team turns back from Ukraine crash site
    More Articles
  •  
     
    • MEDIA GALLERY 
    • VIDEOS
    • PHOTOS