from the but-don’t-worry-they’re-just-1s-and-0s dept.
MIT Technology Review reports that efforts by U.S. government agencies and defense contractors to develop malware to attack enemies is driving a black market in zero-day vulnerabilities. Experts warn that could make the internet less secure for everyone, since malicious code is typically left behind on targeted systems and often shows up on untargeted ones, providing opportunities for reverse engineering. ‘”On the one hand the government is freaking out about cyber-security, and on the other the U.S. is participating in a global market in vulnerabilities and pushing up the prices,” says Soghoian, who says he has spoken with people involved in the trade and that prices range from the thousands to the hundreds of thousands. Even civilian law-enforcement agencies pay for zero-days, Soghoian says, in order to sneak spy software onto suspects’ computers or mobile phones.’