IBM warns of 'bug poachers' who exploit holes, steal info, demand big bucks
At least 30 companies have been hit in the past year by so-called "bug poaching," where hackers break into corporate servers, steal data, and then demand a fee for showing how it was done. The technique, spotted by IBM's Managed Security Services researchers, involves miscreants breaking into a corp's servers, typically using a SQL injection attack against a website. In none of the cases IBM has investigated were zero-day vulnerabilities exploited – instead, crims just leveraged common or well-known programming blunders that weren't patched.