Al-Qaeda does not need IT gurus in order to attack US business’ and the governments. All they need to do is buy IT weapons for their arsenal.
IT professionals invest a lot of time working with systems. Some IT professionals, either accidentally or on purpose, discover a “weak link” in an operating system or application. Terrorists will pay “big bucks” to be able to exploit those vulnerabilities. That means terrorist organizations can launch attacks without needing advanced IT knowledge.
There is a “middle-person” known as a broker. Brokers pay the IT professional and then sell the exploit information to the highest bidder—which could be a foreign government or a terrorist organization. With pricing in the millions, you can see why IT professionals would be tempted to sell to a broker.
The “high resale value” exploits are the ones that the vendors such as Microsoft, Adobe, Google, etc. do not know about yet. These are called “Zero Day” exploits since attackers can launch attacks knowing the vendors have not yet released patches to prevent the attacks.
For more information, Forbes magazine ran two stories that you can either Google or use these links:
http://www.forbes.com/forbes/2012/0409/technology-hackers-government-security-zero-day-salesmen.html