NSA Bought Exploit Service From VUPEN

← Back to Stories (view on slashdot.org)

NSA Bought Exploit Service From VUPEN

Posted by Soulskill on Tuesday September 17, 2013 @07:51AM from the they-get-by-with-a-little-help-from-vupen dept.

New submitter Reverand Dave writes "The U.S. government – particularly the National Security Agency – is often regarded as having advanced offensive cybersecurity capabilities. But that doesn't mean that they're above bringing in a little outside help when it's needed. A newly public contract shows that the NSA last year bought a subscription to the zero-day service sold by French security firm VUPEN. The contract, made public through a Freedom of Information Act request by MuckRock, an open government project that publishes a variety of such documents, shows that the NSA bought VUPEN's services on Sept. 14, 2012. The NSA contract is for a one-year subscription to the company's 'binary analysis and exploits service.'"

4 of 81 comments (clear)

Min score:

Reason:

Sort:

The truth gets out... by CajunArson · 2013-09-17 07:53 · Score: 5, Interesting

It's not as conspiracy-theory cool as magical backdoors implanted in every piece of hardware, but this is how the NSA actually breaks into systems... they do it the same way everyone else does, just on a much larger scale and with even less fear of legal repercussions that the cyber criminals.

--
AntiFA: An abbreviation for Anti First Amendment.
1. Re:The truth gets out... by khasim · 2013-09-17 08:16 · Score: 4, Interesting
  
  This is a SECURITY firm, not a backroom russian exploits dealer, ...
  Bullshit.
  From TFA:
  
  VUPEN is one of a handful of companies that sell software exploits and vulnerability details.
  Just because they're French instead of Russian does not change the fact that they're selling exploits.
2. Re:The truth gets out... by Virtucon · 2013-09-17 08:19 · Score: 4, Interesting
  
  VUPEN sells access to their vulnerabilities on a sliding scale and It's well known that governments buy services from them. That's not news, but for the life of me I don't know why Cisco, Microsoft and other big players just don't pay up to get at least some insight into how these guys are finding exposures in their systems. It would seem to me money well spent if they did and at least closed up these holes or made VUPEN's job harder, making it tougher for these data stealing, scum sucking government agencies breaking into everything and anything.
  
  --
  Harrison's Postulate - "For every action there is an equal and opposite criticism"
3. Re:The truth gets out... by bill_mcgonigle · 2013-09-17 08:52 · Score: 4, Insightful
  
  for the life of me I don't know why Cisco, Microsoft and other big players just don't pay up to get at least some insight into how these guys are finding exposures in their systems
  it's almost as if they've been persuaded not to, eh?
  
  --
  My God, it's Full of Source!
  OUTSIDE_IP=$(dig +short my.ip @outsideip.net)