Magazine article Newsweek International

Black Market in Bad Code

Magazine article Newsweek International

Black Market in Bad Code

Article excerpt

Byline: Benjamin Sutherland

Time is the hackeras enemy. The countdown starts as soon as a hacker learns about a security loophole that makes an Internet site vulnerable to a break-in. Security and software firms have, by and large, succeeded in shortening this period, but hackers have responded in kind. Theyave created a brisk underground market for buying and selling azero daya codeasoftware that can be used instantly to exploit an as-yet-unsecured loophole.

Zero-day code is a reaction to the increased sophistication of firewalls and other computer protections. Many individuals and groups wanting to commit online fraud or theft no longer possess the skills needed to compromise computers. Likewise, many talented zero-day programmers lack the know-how to turn a computer intrusion into cash by, say, laundering money stolen from corporate pension-payment systems. Zero-day code bridges these two talent pools. It can be used to steal credit-card and banking information and install malicious software. aThere are a lot of slow-burners out there that are generating large amounts of income and trying to remain under the radar,a says Steve Santorelli, a former Scotland Yard computer-crime investigator now at Team Cymru, a Seattle computer-security consultancy to corporations and law-enforcement agencies. Online payment systems such as PayPal, which can provide users with more anonymity than bank transfers, have given the black market an aenormousa boost by providing sellers with an anonymous way to collect, says a Romanian hacker who would agree to be identified only by his online name, flo_flow.

This division of labor is making hacking a more productive industry. The market harnesses the expertise of hackers who have qualms about committing certain types of fraud or theft but are willing to sell zero-days to others who do the dirty work. …

Search by... Author
Show... All Results Primary Sources Peer-reviewed

Oops!

An unknown error has occurred. Please click the button below to reload the page. If the problem persists, please try again in a little while.