If you were a “white hat” or good hacker ten years ago, you would probe software and computer systems looking for flaws and vulnerabilities. When you found them your next step would be to inform the company of the flaw and then get paid by them for helping to make their software more secure. These days, the game has changed dramatically and maybe not for the better.
According to an extensive new story in the New York Times, today’s hackers are just as likely to sell the software flaws they find to governments who then use them to hack or disrupt the computer systems of rival nations. What all these people are looking for are what’s known as zero-day flaws. This means that the target has zero days or no time to fight the attack once it’s launched. Interestingly, experts say that such flaws exist for an average of 312 days before they’re found and corrected by the companies that sell the software.
And the companies themselves, are noting this trend and starting to react. Microsoft is now offering a top end payment of $150,000 for delivery of major software flaws in their products. Facebook has paid out over $1 million since it started doing so in 2011 and Apple, in one case paid $500,000 for a single flaw, though it has no official program for doing so. However, even with such payouts, governments still offer far more money.
You could get into a moral argument that the hackers should only offer the flaws to the companies and that selling them to governments amounts to being paid for espionage. But then again, it’s a free market and products go for what the market will bear. This is a fascinating story and one which should interest anyone who uses a computer. That would be pretty much all of us these days.
To read the complete story, please click here.
Image courtesy of www.business2community.com.