An underground market in zero-day exploits and software vulnerabilities allows the American government, foreign security agencies, and rival companies to snoop on strangers' computers.
Right now, all over the world, experts are poring over code looking for weaknesses in software. Their exploits they discover--virtual break-ins for everyday computer programs and services that allow entry to hackers, spies, and all manner of digital ne'er-do-wells--can sell for thousands. Buyers include Fortune 500 firms, household name tech firms, foreign intelligence services, and even, according to some reports, the United States government.
While no one will go on record asserting that, say, the U.S. government uses Windows exploits to spy on Mexican drug cartels or that Israel pays certain researchers big cash for backdoors onto Hezbollah servers, the market for these types of exploits and the potential for these kinds of uses is massive. And most of it isn't technically illegal--yet.
James Denaro of CipherLaw, a legal firm specializing in intellectual property and information security law, told Fast Company in a phone conversation that while the exploit marketplace is unregulated, it is tangentially affected by existing legislation. Hacking activity used to discover vulnerabilities, for instance, can run afoul of regulations such as the Computer Fraud & Abuse Act (CFAA), and sale of exploits by U.S. citizens to foreign entities can violate security, customers, and terrorism regulations.
For the rest of the story: http://www.fastcompany.com/3009156/the-code-war/how-spies-hackers-and-the-government-bolster-a-booming-software-exploit-market?utm_source=twitter&utm_medium=feed&utm_campaign=Feed%3A+fastcompany%2Fheadlines+%28Fast+Company%29