Slashdot Mirror

← Back to Stories (view on slashdot.org)

Meet the Hackers Who Get Rich Selling Spies Zero-Day Exploits

Posted by samzenpus on from the selling-to-the-man dept.

Sparrowvsrevolution writes "Forbes profiles Vupen, a French security firm that openly sells secret software exploits to spies and government agencies. Its customers pay a $100,000 annual fee simply for the privilege of paying extra fees for the exploits that Vupen's hackers develop, which the company says can penetrate every major browser, as well as other targets like iOS, Android, Adobe Reader and Microsoft Word. Those individual fees often cost much more than that six-figure subscription, and Vupen sells them non-exclusively to play its customers off each other in an espionage arms race. The company's CEO, Chaouki Bekrar, says Vupen only sells to NATO governments and 'NATO partners' but he admits 'if you sell weapons to someone, there's no way to ensure that they won't sell to another agency.'"

14 of 158 comments (clear)

  1. Damn... by cayenne8 · · Score: 5, Funny
    That's serious money...

    The question is...how do "I" get into that??!?

    :)

    Hacking stuff, and protected by 'NATO' government paying you handsomely for the 'service'.

    sweet...

    --
    Light travels faster than sound. This is why some people appear bright until you hear them speak.........
    1. Re:Damn... by lennier · · Score: 4, Insightful

      The question is...how do "I" get into that??!?

      1. Write any sufficiently large piece of C++ code
      2. Wait
      3. Get rooted by the black hats
      4. Find out which trivially-detectable-if-you'd-used-a-decent-language error the black hats found in your code and sell it to NATO
      5. Profit!

      --
      You are not a brain: http://books.google.com/books?id=2oV61CeDx-YC
  2. I'm not scared... by asdbffg · · Score: 5, Funny

    Norton keeps me safe.

  3. So basically... by girlintraining · · Score: 5, Funny

    Step 1. Paint giant bullseye on the top of your corporate office. Write "Insert bomb here," repeatedlty around the edge.
    Step 2. Sell digital goods that can be used by sovereign powers to wage war on each other to both sides.
    Step 3. ???
    Step 4. Profi--Error: Connection reset by peer

    --
    #fuckbeta #iamslashdot #dicemustdie
  4. Thieves among thieves by hjf · · Score: 5, Insightful

    Oh, they only sell to NATO, right? You know, you can TRY to lie to us, but in the end, lying to the CIA is the same as lying to yourself. They know you sell to Iran, China, and every other regime out there.

    You're on a shady enough business not to sell to the best offer.

  5. Kind of shady? by K.+S.+Kyosuke · · Score: 5, Insightful

    I mean, aren't there laws against doing things like hacking into computers you don't own? Isn't this aiding in a crime? The last time I checked, even government agencies were obliged not to break laws.

    --
    Ezekiel 23:20
    1. Re:Kind of shady? by Desler · · Score: 5, Funny

      Your post is so cute. You actually think they care.

    2. Re:Kind of shady? by PPH · · Score: 4, Insightful

      even government agencies were obliged not to break laws.

      Unless we're at war.

      We're always at war.

      --
      Have gnu, will travel.
    3. Re:Kind of shady? by Real_Reddox · · Score: 5, Insightful

      if a soldier hears his superior yell "fire", he shoots, no questions asked.

      As a soldier, I can only note your lack of insight in how the military works.

      --
      I spent five minutes stealing cool sigs and all I got was this.
    4. Re:Kind of shady? by meerling · · Score: 4, Informative

      The military has very strict rules, and you are only required to follow lawful orders. In fact, if you are given an unlawful order, you are, by military law, required to refuse to follow it and report it to the appropriate military authority. Nobody is protected by "I was just following orders" for performing an unlawful action.
      At least with regards to the US Military. I don't know about other countries.

    5. Re:Kind of shady? by tnk1 · · Score: 4, Informative

      Summary executions by officers for anything are of extremely doubtful legality today, at least in the US. If an officer simply executed you for some cause and expected that to hold, he would face a guaranteed court-martial. If he tried to pretend that he merely apprehended you and you "escaped", there would still be an investigation at the very least. Unless the whole unit was on the side of the officer, it is unlikely that an officer would get away with it.

      As far as "friendly fire" incidents... those are always possible, but the shooter could still get found out.

      In short, if you turned the officer in for an offense that they might get execution, or life, or 20 years for, you may want to watch your back. Otherwise, no one is going to shoot you unless they are also unbalanced. In which case, you're pretty fucked anyway.

      That said, while it is actually required to refuse an unlawful order, you will still likely have to prove that at court-martial. So, you might well simply obey the officer ordering you to do something technically illegal, but petty. But, if he wants you to start shooting people, I'd suggest taking the court-martial.

  6. Exploit to exploit by WinstonWolfIT · · Score: 5, Insightful

    Wow. That puts huge incentive on planting moles in projects with wide distribution simply for the aim of writing exploitable code.

  7. The true faith of an armorer by Animats · · Score: 4, Insightful

    "To give arms to all men who offer an honest price for them, without respect of persons or principles: to aristocrat and republican, to Nihilist and Tsar, to Capitalist and Socialist, to Protestant and Catholic, to burglar and policeman, to black man white man and yellow man, to all sorts and conditions, all nationalities, all faiths, all follies, all causes and all crimes." - Undershaft

  8. you are only required to follow lawful orders by rabenja · · Score: 4, Insightful

    This is true, but "report[ing] it to the appropriate military authority" will nearly always land the reporting person in deep doo doo. I know that from experience. A junior person's word against the CO and the system that is designed to protect the CO.