Tech

NSA spent $25 million on ‘software vulnerabilities’ in 2013

The vulnerabilities are reportedly used to hack foreign governments.

Photo of Jay Hathaway

Jay Hathaway

Article Lead Image

The U.S. National Security Agency spent more than $25 million this year to buy “software vulnerabilities” from gray-market malware vendors, the Washington Post reports.

Featured Video

These vulnerabilities are “zero-day” bugs that even the software vendors themselves don’t know about, and shady security firms sell them to the high bidder rather than reporting them to companies. In some cases, the highest bidder is apparently the U.S. government, which uses its stash of malware to spy on foreign governments.

Some zero-days can sell for as much as six figures, according to the Post.

The NSA’s investment in software vulnerabilities was revealed by an intelligence community “black budget” that leaked earlier this week. According to that document, the NSA accounts for more than 20 percent of the $52.6 billion the U.S. government has spent on intelligence this year.

Advertisement

Of the $10.8 billion the NSA spent in 2013, $1.6 billion went to “data processing and exploitation,” the category that presumably covers the purchase of zero-day vulnerabilities.

H/T The Washington Post | Photo by Snowshot/Flickr

 
The Daily Dot