On the tiny Mediterranean island of Malta, two Italian hackers have been searching for bugs — not the island’s many beetle varieties, but secret flaws in computer code that governments pay hundreds of thousands of dollars to learn about and exploit.
The hackers, Luigi Auriemma, 32, and
Donato Ferrante, 28, sell technical details of such vulnerabilities to countries that want to break into the computer systems of foreign adversaries.
The two will not reveal the clients of their company, ReVuln, but big buyers of services like theirs include the National Security Agency — which seeks the flaws for America’s growing arsenal of cyberweapons — and US adversaries like the Iranian Revolutionary Guard.
Ten years ago, hackers would hand knowledge of such flaws to Microsoft and Google free, in exchange for a T-shirt or perhaps for an honorable mention on a company’s website.
Now, the market for information about computer vulnerabilities has turned into a gold rush. Disclosures by Edward J Snowden, the former NSA consultant who leaked classified documents, made it clear that the United States is among the buyers of programming flaws. But the country is not alone.
Israel, Britain, Russia, India and Brazil are some of the biggest spenders.
New York Times