US became the biggest buyer of computer malware

Amid the U.S. government confrotnations with China and other rival powers over the burning issue of cyber-espionage, the US itself has become the biggest buyer in a burgeoning gray market of computer malware.

Citing its own resources in the US Department of Defense, Reuters report that the U.S. government pays great sums of money for so-called "zero-days"- critical vulnerabilities in the software, which the software maker has zero days' notice to fix before the tool's discovery.Experts claim that the use of even a single zero-day in a program often signals that a perpetrator is serious.

Allegedly, the infamous Stuxnet worm was one of the first 'zero-days' used to target Iranian nuclear facility in 2010. Back then, Stuxnet was used to deliberately speed up and slow down uranium-enriching centrifuges until they broke.

The starting rate for a zero-day exploit is around $50,000 and can reach hundred thousands of US dollars depending on such factors as how widely installed the targeted software is and how long the zero-day is expected to remain exclusive.
On the buy side are US government agencies and private defense contractors that transform the exploits into cyber-weapons. Reuters reports that other 'customers' are known to include organized crime groups and repressive governments spying on their citizens.