Slashdot Mirror

← Back to Stories (view on slashdot.org)

Meet the Hackers Who Get Rich Selling Spies Zero-Day Exploits

Posted by samzenpus on from the selling-to-the-man dept.

Sparrowvsrevolution writes "Forbes profiles Vupen, a French security firm that openly sells secret software exploits to spies and government agencies. Its customers pay a $100,000 annual fee simply for the privilege of paying extra fees for the exploits that Vupen's hackers develop, which the company says can penetrate every major browser, as well as other targets like iOS, Android, Adobe Reader and Microsoft Word. Those individual fees often cost much more than that six-figure subscription, and Vupen sells them non-exclusively to play its customers off each other in an espionage arms race. The company's CEO, Chaouki Bekrar, says Vupen only sells to NATO governments and 'NATO partners' but he admits 'if you sell weapons to someone, there's no way to ensure that they won't sell to another agency.'"

17 of 158 comments (clear)

  1. Thieves among thieves by hjf · · Score: 5, Insightful

    Oh, they only sell to NATO, right? You know, you can TRY to lie to us, but in the end, lying to the CIA is the same as lying to yourself. They know you sell to Iran, China, and every other regime out there.

    You're on a shady enough business not to sell to the best offer.

    1. Re:Thieves among thieves by Anonymous Coward · · Score: 2, Insightful

      Even if they do only sell to NATO, NATO governments haven't exactly had a stellar history of respecting human rights in the past decade.

    2. Re:Thieves among thieves by L4t3r4lu5 · · Score: 3, Insightful

      Compared to who? I'm pretty sure NATO collectively ranks at the very top of human rights respect on this planet.

      Well put. Furthermore, Harold Shipman is my choice of Serial Killer of the Year, as he only ended the lives of the elderly and infirm, and in a humane fashion.

      --
      Finally had enough. Come see us over at https://soylentnews.org/
  2. Kind of shady? by K.+S.+Kyosuke · · Score: 5, Insightful

    I mean, aren't there laws against doing things like hacking into computers you don't own? Isn't this aiding in a crime? The last time I checked, even government agencies were obliged not to break laws.

    --
    Ezekiel 23:20
    1. Re:Kind of shady? by PPH · · Score: 4, Insightful

      even government agencies were obliged not to break laws.

      Unless we're at war.

      We're always at war.

      --
      Have gnu, will travel.
    2. Re:Kind of shady? by Real_Reddox · · Score: 5, Insightful

      if a soldier hears his superior yell "fire", he shoots, no questions asked.

      As a soldier, I can only note your lack of insight in how the military works.

      --
      I spent five minutes stealing cool sigs and all I got was this.
    3. Re:Kind of shady? by Opportunist · · Score: 3, Insightful

      If you go by logic, committing the war crime is the logical conclusion.

      Imagine you're ordered to shoot civilians, or having the option to get shot by your superior. What are your options?
      1. Refusing. You're dead.
      2. Shooting your superior. Chances for a trial: Almost certain. Chances for a conviction: Rather high.
      3. Shooting the civilian. Chances for a trial: Almost zero, as long as every witness is an accomplice. Chances for conviction: Close to zero unless a reporter somehow finds out about it.

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  3. Exploit to exploit by WinstonWolfIT · · Score: 5, Insightful

    Wow. That puts huge incentive on planting moles in projects with wide distribution simply for the aim of writing exploitable code.

  4. The true faith of an armorer by Animats · · Score: 4, Insightful

    "To give arms to all men who offer an honest price for them, without respect of persons or principles: to aristocrat and republican, to Nihilist and Tsar, to Capitalist and Socialist, to Protestant and Catholic, to burglar and policeman, to black man white man and yellow man, to all sorts and conditions, all nationalities, all faiths, all follies, all causes and all crimes." - Undershaft

  5. I hope their physical security is top notch by swb · · Score: 2, Insightful

    And not just for their offices, but for their homes and the homes, schools and offices of their families, friends and anyone else they might care about.

    It strikes me that these are people you don't want to try to play around with and that some might try to influence you to give a better deal to their side than another side, perhaps using things like pictures of your kids walking to school or your wife gardening.

  6. Re:Damn... by lennier · · Score: 4, Insightful

    The question is...how do "I" get into that??!?

    1. Write any sufficiently large piece of C++ code
    2. Wait
    3. Get rooted by the black hats
    4. Find out which trivially-detectable-if-you'd-used-a-decent-language error the black hats found in your code and sell it to NATO
    5. Profit!

    --
    You are not a brain: http://books.google.com/books?id=2oV61CeDx-YC
  7. Re:Damn... by Anonymous Coward · · Score: 3, Insightful

    Because we all know that programs written in interpreted languages never have bugs nor do their VMs or interpreters.

  8. Re:Damn... by Anonymous Coward · · Score: 1, Insightful

    Whereas you're clearly doing great things with your life.....

  9. Re:Damn... by morcego · · Score: 3, Insightful

    What's next ? My dog ate my boundary checking ?

    Seriously, blaming the language for the coding bug is one of the lamest things I've ever heard. Bugs (exploitable or not) will be found on any sufficiently large piece of code, written in any language. Heck, there were 1 or 2 cases of bugs introduced by the compiler.

    The real problem is that companies need to get the software out "fast". It is cheaper for the company to fix the code after it is released and payed for, and to keep developing out of it own pockets. It is that simple.

    --
    morcego
  10. Just a reminder by Opportunist · · Score: 3, Insightful

    When you're extorting, don't get greedy. At some point it's cheaper to just get rid of you than to pay you.

    --
    We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  11. you are only required to follow lawful orders by rabenja · · Score: 4, Insightful

    This is true, but "report[ing] it to the appropriate military authority" will nearly always land the reporting person in deep doo doo. I know that from experience. A junior person's word against the CO and the system that is designed to protect the CO.

  12. All Gun Makers Should Be Arrested?! by Anonymous Coward · · Score: 0, Insightful

    America is known as the land of the free because of the
    2nd Amendment. The right to bear arms.
    Because guns kill people, they are evil. Those who make guns
    are evil. They should be arrested for 'thought crimes.'

    What is the logical solution, those of lesser intelligence?
    The government (maybe the U.S. is a leader?) should
    pay MORE THAN GOOGLE for exploits. Pay a decent salary
    to 'security researchers.' Encourage a STRONG WHITE MARKET,
    not a gray or black market.

    What is the present situation? The French Company is NOT to blame.
    They are a 'gray market.' The Black market is allegedly crime organizations.
    By PAYING MORE than the 'gray market', the WHITE MARKET accomplishes
    the following goals:

    1.)render null the zero day vulnerability
    2.)encourage needed expertise to the area
    yes, that includes even teenagers who do NOT speak English and
    write in obscure languages like OCAML.
    3.)transparency, which spurs innovation and research.
    4.)avoid similarities of the war on illegal drugs.

    The war on illegal drugs.
    Many articles, including Rolling Stone seem to indicate that WE, the
    people, ALL OF US have lost in the war on drugs.
    1.)plenty of innocent people kidnapped in Mexico .
    2.)price of illegal drugs keeps dropping. The seizures (according to
    government numbers) keep getting SUPER-LARGE.
    3.)Prohibition of Alcohol worked well in America and we in the USA should
    BRING BACK PROHIBITION OF ALCOHOL.
    4.)the 'drug cartels' seem to be getting stronger and even more vicious.

    There are plenty of automobile accidents in the USA. Auto manufacturers
    kill people. Ban all auto manufacturers!

    The present situation:
    1.)US gets the worst of both worlds. All the expertise goes to FRENCH COMPANY.
    Obiviously, they are our allies and would NEVER, NEVER, NEVER spy on our companies.
    Airbus competes directly against Boeing. But there are no temptations, right?

    2.)US companies including INNOCENT BYSTANDERS are afraid of being sued under the
    DCMA or 'Hollywood copying laws.' This is the BEST AND FASTEST WAY TO STOP
    small company innovation! RIAA copyright infringement lawsuits.

    3.)SONY rootkit is an example of a 'gun maker.' Double standard of justice. SONY spies
    via rootkit on INTERNATIONAL BASIS? Who cares? The French company is open and honest,
    it appears. Obviously, here the FRENCH are evil. Yes, that includes the Italians are they are
    close to France.

    Summary: The U.S. is an ANTI-leader or even 'reactionary' in this area. Establish ongoing competitions,
    with BIG PRIZES, open even to ELEMENTARY SCHOOL STUDENTS, and yes with REAL CASH MONEY.
    Pay for real experts, not the 'fake ones' that seem to be prevalent. Publish the OPEN information about
    vulnerabilities and allow fellow citizens to protect themselves.

    LASTLY, stoopahs. This INTERNATIONAL TREND is important. Even 'honest security coders' may be
    tempted to GET PAID BY A FRENCH COMPANY. Go to France on a 'business expense.' Enjoy
    the chocolate and champaign and the company of FRENCH LADIES - ooh, la la! And do good
    for NATO, our ally and do LEGAL INTERNATIONAL BUSINESS.