Slashdot Mirror

← Back to Stories (view on slashdot.org)

Meet the Tiny Startup That Sells IPhone and Android Zero Days To Governments (vice.com)

Posted by msmash on from the closer-look dept.

An anonymous reader writes: The story of Azimuth Security, a tiny startup in Australia, provides a rare peek inside the secretive industry that helps government hackers get around encryption. Azimuth is part of an opaque, little known corner of the intelligence world made of hackers who develop and sell expensive exploits to break into popular technologies like iOS, Chrome, Android and Tor.

51 comments

  1. Russian Aussies? by Anonymous Coward · · Score: 1

    Elite Dundee!

  2. Ethics? by Anonymous Coward · · Score: 0

    And this is ethical because...?????

    1. Re:Ethics? by Anonymous Coward · · Score: 2, Interesting

      And this is ethical because...?????

      Because it's profitable of course..

    2. Re:Ethics? by Anonymous Coward · · Score: 0

      Oh please! That shit went out the window ten thousand years ago... No, sorry! 13 billion years ago, more or less...

      You are never going to win with the "better argument". So, really, just stop... and have a beer, or a toke..

    3. Re:Ethics? by bobbied · · Score: 4, Interesting

      And this is ethical because...?????

      They do claim to only sell their uncovered secrets to a "select group of countries and not repressive" ones.

      provides exploits to ... the United States, United Kingdom, Canada, Australia, and New Zealand.

      That's how they answer this ethics question. Which may or may not work for you.

      --
      "File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
    4. Re:Ethics? by Anonymous Coward · · Score: 2, Insightful

      But that's not the ethical problem.

      The ethical problem is hoarding exploits rather than responsibly reporting them to the software vendors. This puts many people at risk to serve the needs of the few.

    5. Re:Ethics? by bobbied · · Score: 2

      Then their answer doesn't work for you. I'm not defending or attacking them, I was just answering the question of what the ethical justification might be for this work.

      --
      "File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
    6. Re:Ethics? by fafalone · · Score: 1

      So they're lying, got it.

    7. Re:Ethics? by Muckluck · · Score: 4, Interesting
      Ethics has a simple definition that is extremely difficult to apply.

      Ethics, in a nutshell, is "Do the right things for the right reasons". Figuring out and agreeing upon what the right things are and what the right reasons are, is the hard part. Everything with ethics depends on context. Lying may or may not be ethical depending upon the situation at hand. Lying to a man who has a school full of children as hostages, ethical. Lying to your spouse about cheating, unethical. And the lying part of the unethical example I just gave may have other situational conditions that make it ethical.

      Context is key and ethics are in the eye of the beholder...

      --


      --I like turtles...
    8. Re: Ethics? by Anonymous Coward · · Score: 1

      Mysteriously those countries are all part of the "Five eyes". Coincidence much?

    9. Re:Ethics? by fido_dogstoyevsky · · Score: 1

      And this is ethical because...?????

      It isn't. And I'm ashamed.

      --
      It's NOT a conspiracy... it's a plot.
    10. Re:Ethics? by Anonymous Coward · · Score: 0

      And this is ethical because...?????

      What's your definition of 'ethical'?

    11. Re:Ethics? by Anonymous Coward · · Score: 0

      Or the software vendors can hire them themselves, or a pen test team, or... a CEO can take responsibility for IT security for once, or people can learn not to click on that random attachment. In short, these guys are just filling a hole left wide open by a bunch of for-profits who only care about sales and security when it's costing them sales.

      Case and point: Why doesn't apple pay these guys and then go fix the exploits?

    12. Re:Ethics? by Anonymous Coward · · Score: 0

      Hiding behind the AC thing eh? Out of mod points I see... So sad for you.

    13. Re:Ethics? by Anonymous Coward · · Score: 0

      The DoD has been doing this for decades.

    14. Re:Ethics? by Anonymous Coward · · Score: 0

      Apple doesn't market directly to criminals and traitors. They provide something that many people take for granted. Criminals and traitors take advantage of that.

      No thanks on Somalia. I'll stay here. You're welcome to move to Europe if you think big government is the way to go. You'll find it's even worse than it is in the US. Most libertarians that I know are not anarchists. They simply want the government to leave them alone and not encroach on every aspect of their lives. I agree with that. For practical purposes though I like to look at the things the government mostly does right. National defense, national infrastructure, economic control, and to an increasing degree security although that hasn't always been true. On the social front almost all of their solutions are woefully ineffective and astronomically expensive. I'm a big proponent for going with what works.

  3. "Azimuth Security"!? by K.+S.+Kyosuke · · Score: 2

    More like Azimuth Insecurity, right?

    --
    Ezekiel 23:20
    1. Re:"Azimuth Security"!? by Opportunist · · Score: 4, Funny

      So we have azimuth, can I have the correct elevation, too? I'll take care of the rest, then...

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    2. Re:"Azimuth Security"!? by Anonymous Coward · · Score: 0

      Security for despots, anyway.

  4. Re:Russian Slashvertisement? by Hetero · · Score: 1

    How is this even newsworthy? Is it that Beau/Miss Mash finds great interest in a startup existing out of Silicon Valley?

    At least it's not another "KGB" "story."

  5. *A* NOT *THE* by Anonymous Coward · · Score: 4, Insightful

    Important differentiation. This makes it sound like they are the original or only startup doing this.

    This has literally been done for a decade for smartphones and probably 2-3 decades for computers (Hint: Israel has a *HUGE* computer security industry which runs off this exact type of business. I am sure there are places in every major nation doing the same, albeit most of them not as well.)

  6. I got zero day to sell by sinij · · Score: 1

    I have zero day to sell that allows local unlocking of any smartphone still in possession of original owner. This very powerful vulnerability can be yours for just 1MILLION! dogecoins. The exploit vector involves a rubber house. Ideal for government use.

    1. Re:I got zero day to sell by Opportunist · · Score: 2

      Sorry, that exploit doesn't work on this batch of terrorists. It would literally be like beating a dead horse.

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    2. Re:I got zero day to sell by sinij · · Score: 1

      Sorry, that exploit doesn't work on this batch of terrorists. It would literally be like beating a dead horse.

      You are not holding it correctly.

    3. Re:I got zero day to sell by Anonymous Coward · · Score: 0

      The hose is for use on the terroists not the horse.

    4. Re:I got zero day to sell by Anonymous Coward · · Score: 0

      What does a rubber house have to do with anything?

    5. Re:I got zero day to sell by Opportunist · · Score: 1

      Well, if you find enough bits of the terrorist after the attack, go ahead and beat them...

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  7. 0day can happen to anybody by Anonymous Coward · · Score: 0

    0day can happen to anybody

    1. Re:0day can happen to anybody by Anonymous Coward · · Score: 0

      I just 0day'd in my pants, couldn't make it to the toilet.

  8. Funny quote from the article by Errol+backfiring · · Score: 5, Insightful

    While the trade is commonly painted as a wild west full of mercenaries who sell hacking tools to whoever can afford them, over a dozen well-placed sources described an overlooked section of the industry that focuses on supplying to a select group of democratic governments, rather than authoritarian regimes.

    Phew! I'm glad that there are still people who can tell the difference between "democratic governments" and authoritarian regimes, especially in the field of violating basic human rights.

    --
    Nae king! Nae laird! Nae yurrupiean pressedent! We willna be fooled again!
    1. Re:Funny quote from the article by Anonymous Coward · · Score: 0

      Phew! I'm glad that there are still people who can tell the difference between "democratic governments" and authoritarian regimes, especially in the field of violating basic human rights.

      I get what you (probably) mean - that these capabilities will be used for warrantless surveillance... and you are probably right, but the way you put it seems hyperbole... Is it a 'basic human right' to have unbreakable encryption? In the past, if someone accused of a crime had their financial records encrypted, are their basic human rights violated if the government had hired some smart guy to decipher them? What is the difference if in the cause of an investigation of some crime, someone's phone is decrypted?

    2. Re:Funny quote from the article by Anonymous Coward · · Score: 0

      You're arguing with an idiot. They have a religious belief that America=bad. They're completely okay with Apple selling out to the Chinese government, as long as the US government can't crack encryption. You can't win an argument with someone who's value system is fundamentally hypocritical.

    3. Re: Funny quote from the article by llZENll · · Score: 1

      They must not have anything too great since the US government repeatedly tries to force Apple to implement back doors.

    4. Re: Funny quote from the article by Anonymous Coward · · Score: 0

      As an American I agree with the OP. Although I don't think America=bad I do think this type of surveillance makes America=worse. Remember the spirit of what made America=good in the first place. Encryption helps solidify the first bullet point in the bill of rights. Warrantless surveillance goes against what many consider a basic human right and encryption helps protect people from that infringement.

    5. Re:Funny quote from the article by Anonymous Coward · · Score: 0

      ... violating basic human rights ...

      Privacy is not a right, although alone-ness might be. Now, privacy may be necessary for society to function but people need to agree to the rules en masse. Facebook and Tumblr prove that many people are willing to forego privacy as commercial transaction and furthermore, seek ego-stroking from pernicious strangers by exposing themselves or their associates.

    6. Re: Funny quote from the article by Anonymous Coward · · Score: 0

      Privacy isn't a right? Funny that numerous laws in numerous countries disagree with you on that one.

    7. Re:Funny quote from the article by Anonymous Coward · · Score: 0

      Yeh, I mean, these guys wake up every morning and consider themselves legit programmers. In the meantime, they enable all sorts of unethical and creepy activity, but they figure it's all justified because they aren't doing it on the sly and their clients are governments. Either way, those asshats are enabling abuse of power. I hope some kind of universal balance come round on their asses for that.

    8. Re: Funny quote from the article by Anonymous Coward · · Score: 0

      Thats what they tell you.

  9. TOR? No, caint be none right. by Anonymous Coward · · Score: 0, Flamebait

    I been told that the TOR aint no way inspectable by the gubment. Have I been lied to?

  10. Sell to government & who else ... by Alain+Williams · · Score: 1

    other customers might not be properly acknowledged; might not even be sold by the company but by an employee who is running short of cash this month ...

  11. Fucking Cops by Anonymous Coward · · Score: 0

    Boo, you guys are fucking cops

  12. coast by Anonymous Coward · · Score: 0

    They don't have to go after Microsoft: Bill Gates lets the NSA put any exploits they want in there.

  13. Why is this even legal? by jonwil · · Score: 3, Insightful

    Companies like Microsoft and Google and Apple would probably rather not have exploits in their software bought and sold on the open market I am sure so why haven't they lobbied governments to make such buying and selling of vulnerabilities illegal (with heavy penalties up to jail time for violations).

    It should be illegal for anyone except the vendor of the software to buy such vulnerabilities (companies, governments, anyone) and illegal to sell it to anyone other than the original vendor.

    With less market to sell to and heavy penalties, the only people still active will be the black hats who provide vulnerabilities to malware authors and criminal gangs and the like and where there is no risk of being caught and punished (because they are in countries like Russia where the criminal gangs running the cybercrime operations are in good with the government) and there are a lot less of those.

    Some will say that if you ban this it will just drive it deeper underground but the criminal gangs and such who want to use vulnerabilities for bad things (malware, cyber attacks, stealing credit card numbers etc) are already deep underground along with the hackers that supply them and most of those operating semi-legitimately probably dont particularly want to go to jail and aren't suddenly going to start selling their services to the Russian cybercrime gangs.

    Less vulnerabilities will be floating around out there to be exploited and less people will be engaged in the business of finding vulnerabilities for abusive purposes (meaning the vendors and other white hats who look for vulnerabilities with the intent of fixing them will have less competition)

    1. Re:Why is this even legal? by OppMan29 · · Score: 2

      the government relies on this vulnerabilities ... they wouldn't agree to make them illegal

  14. Re:bernie sanders by Anonymous Coward · · Score: 0

    I fail to see what Bernie Sanders has to do with this. If he was really so interested in spreading the wealth he could have started with his own. I've noticed he hasn't done that.

  15. Re:Russian Slashvertisement? by Anonymous Coward · · Score: 0

    stop trolling for karma

  16. Re:TOR? No, caint be none right. by scum-e-bag · · Score: 1

    TOR entry/exit points need a platform to run on. Exploit this platform and you've got a good starting point for an attack vector.

    --
    Does it go on forever?
  17. Great Article by Anonymous Coward · · Score: 0

    Great article thanks for sharing this information i also bookmark this page.
    SMS Bomber 2018