Slashdot Mirror
Netragard Ends Exploit Acquisition Program After Hacking Team Breach
Trailrunner7 writes: After the fallout from the HackingTeam breach, Netragard, a company that buys and sells exploits, has decided to shut down its exploit acquisition program. Leaked documents show that Natragard was selling exploits to the Italian maker of intrusion and surveillance software. In addition, documents further showed that the company sold its products to a variety of oppressive regimes, including Egypt and Ethiopia. A company statement reads in part: "We’ve decided to terminate our Exploit Acquisition Program (again). Our motivation for termination revolves around ethics, politics, and our primary business focus. The HackingTeam breach proved that we could not sufficiently vet the ethics and intentions of new buyers. HackingTeam unbeknownst to us until after their breach was clearly selling their technology to questionable parties, including but not limited to parties known for human rights violations. While it is not a vendors responsibility to control what a buyer does with the acquired product, HackingTeam’s exposed customer list is unacceptable to us. The ethics of that are appalling and we want nothing to do with it."
Translation: CIA and NSA are pressuring us for exclusivity.
Seriously, who would believe a sleazy company that makes money off exploits is worried about "human rights violations".
Our motivation for termination revolves around ethics, politics, and our primary business focus. The HackingTeam breach proved that we could not sufficiently vet the ethics and intentions of new buyers. HackingTeam unbeknownst to us until after their breach was clearly selling their technology to questionable parties, including but not limited to parties known for human rights violations.
So you were selling these hoping that it would save the whales or make the bunnies happy? You're selling vulnerabilities that you acquire. Specifically weapons and like all weapons, it's a commodity based business and you took the money. The remorse is a bit late and a bit shallow because a weapons manufacturer doesn't feign surprise when somebody gets killed with their product.
Harrison's Postulate - "For every action there is an equal and opposite criticism"
What did you expect your customers to do with the knowledge about unpatched, unknown 0day exploits? Make a funny little collection to show around to their friends?
"Hey, Fred, look what I got! It's a genuine 0day that MS doesn't know about yet. Ain't it cool? Huh? No, why would I use it?"
Seriously, what did you expect?
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.