US became the biggest buyer of computer malware
Baku, May 13 (AZERTAC). Amid the U.S. government confrontations with China and other rival powers over the burning issue of cyber-espionage, the US itself has become the biggest buyer in a burgeoning gray market of computer malware.
Citing its own resources in the US Department of Defense, Reuters report that the U.S. government pays great sums of money for so-called "zero-days"- critical vulnerabilities in the software, which the software maker has zero days' notice to fix before the tool's discovery. Experts claim that the use of even a single zero-day in a program often signals that a perpetrator is serious.
"My job was to have 25 zero-days on a USB stick, ready to go," said a former executive at a defense contractor that bought vulnerabilities from independent hackers and turned them into exploits for government use.
Allegedly, the infamous Stuxnet worm was one of the first 'zero-days' used to target Iranian nuclear facility in 2010. Back then, Stuxnet was used to deliberately speed up and slow down uranium-enriching centrifuges until they broke.
It took months and hundred of security experts in several countries to dissect the program. When the investigation was over it was discovered that Stuxnet had been meticulously engineered to launch invisibly from a portable flash drive and spread through connected Windows-based personal computers in search of machines running a specific piece of industrial control software made by Siemens AG.
The starting rate for a zero-day exploit is around $50,000 and can reach hundred thousands of US dollars depending on such factors as how widely installed the targeted software is and how long the zero-day is expected to remain exclusive.
On the buy side are US government agencies and private defense contractors that transform the exploits into cyber-weapons. Reuters reports that other 'customers' are known to include organized crime groups and repressive governments spying on their citizens.
Other news in this section
