Hackers no longer need to break into online banking sites or steal your credit card info to make money. Over the past few years, a new market has evolved where they can make serious cash without even breaking the law: finding bugs and vulnerabilities in popular software (think Windows, web browsers), then selling the information to governments, the New York Times reports. The hackers can also sell the info back to the software companies—Microsoft will pay up to $150,000 per flaw—but it's often more lucrative to sell to governments. "Governments are starting to say, 'In order to best protect my country, I need to find vulnerabilities in other countries,'" say a former White House cybersecurity coordinator. "The problem is that we all fundamentally become less secure."
Israel, Britain, Russia, India, and Brazil are some of the biggest customers, the Times reports, but Malaysia, Singapore, North Korea, and some Middle Eastern countries are also buying. Another customer? The NSA. One US-based company, Endgame, which trades in these bugs, is actually working with a former NSA director. A French company, Vupen, which specializes in bugs that can access systems like water treatment facilities, oil pipelines, and power plants, charges $100,000 just to see its catalog. Worried? You can thank the US and Israel, says the Times, who effectively created this market when they built the Stuxnet worm.