How to make a bazillion dollars in 2014 from Windows XP

Posted by Rob Enderle

Support for Windows XP is officially ending in April, although it is estimated that about a third of the world will still be using the slowly aging operating system.   

Currently, flaws in the product (yes there is actually a market for this), can sell anywhere from a few thousand dollars to well over a hundred thousand dollars. Yep, you find a flaw and if it is unique, depending on what it does, you can get over a year’s salary when you sell it. This is because Microsoft will buy the flaw to correct it and intelligence agencies and criminals will snap the flaw up for an exploit.  

But what limits the value of the flaw is the likelihood it will be quickly patched. Meaning, you could buy the flaw, yet before you had a chance to exploit it, the vendor will have patched it. However, Microsoft exits this market in April and will stop coding patches, which means any remaining flaws could be worth 4 to 10 times (this is an arbitrary figure because for the right kind of flaw a government could pay millions ) what it is now. This could make Windows XP the most lucrative platform for hackers ever created. So screw the lottery - finding Windows XP flaws after April could be both surer and far more lucrative.  

A Unique Opportunity

To create this massive opportunity, you need a broadly used platform that will become obsolete, yet remain in place during a time when there is a marketplace for hacks and when most were connected to networks providing the hacker access. Up until now, we haven’t had all of these in place with Windows. Windows 9x products, largely because they were unreliable, were pre-placed pretty aggressively and were effectively all gone before Google became a power.  

Windows 2000 was mostly used by businesses and rushed to market which made people move to Windows XP aggressively, leaving little footprint behind to attack. But Windows XP was the culmination of Microsoft’s effort to get people off of Windows 9x and Windows 2000 - and was crazy successful. People liked the OS so much they didn’t really want to upgrade and Windows Vista, the initial product they were supposed to upgrade too, kind of sucked so much of the market froze on Windows XP.  

Upgrade paths from XP have been relatively difficult and instead of buying new PCs a huge chunk of the market bought new smartphones and tablets instead, leaving a massive number of folks, future victims, on the older platform just waiting to be harvested by government agencies and criminal organizations. Come April when Microsoft officially discontinues support, these folks will form an almost impossible temptation and the price for successful exploits should skyrocket. 

Selling code that takes advantages of these exploits is a huge industry in Russia where the laws treat the code much like US laws treat immunization. Legal as long as you don’t shoot someone with it yourself.   

Wrapping UP:  Live Where You Want, Make a Ton of Money and Get Off XP

The reason I bring up this topic now is because of a recent conversation with Jason Fossen on XP security issues. Fossen specializes in Windows Security and had been predicting a huge market for XP bugs next year. He pointed me to this New York Times article which describes h two hackers who work out of Malta and make a ton of money (up to $150K per exploit) selling the vulnerabilities they find to governments and companies. Meaning, you could live in some exotic place, work your own hours, and still get rich doing this apparently on a variety of platforms and products.   

I’ve been to Malta, a nice safe semi-tropical place to hang out, party, make a ton of money, and you can even live in a cave, which might be wise should your exploit be used to say penetrate organized crime. Still, it could be an amazing life. Granted, this also implies you might want to get off Windows XP yourself before April or change your name to Vic, short for "Victim."