[liberationtech] WaPo releases details on US offensive cyber-ops

[Jason Gulledge]

On Sep 2, 2013, at 11:13 PM, coderman <coderman at gmail.com> wrote:

> On Mon, Sep 2, 2013 at 10:44 AM, Gregory Foster
> <gfoster at entersection.org> wrote:
>> ...
>> The NSA designs most of its own implants, but it devoted $25.1
>> million this year to “additional covert purchases of software
>> vulnerabilities” from private malware vendors, a growing
>> gray-market industry based largely in Europe.
> 
> 
> i would love to know how much of the overall market for exploits this
> $25.1mm figure represents, and how much was exclusive vs. shared
> access...
> -- 

Perhaps just as troubling….  there's no certainty that the companies who deal in cyber-arms (exploits) to governments aren't selling the same exploits to other, adversarial governments.   Some companies, like Vupen, attempt to make themselves seem like they're doing humanity a favor by only selling to "NATO members", but when faced with criticism from companies who can't (or won't) outbid governments for access to exploits, Vupen had this to say:

“We don’t work as hard as we do to help multibillion-dollar software companies make their code secure,... If we wanted to volunteer, we’d help the homeless.”

Many companies against which they develop exploits aren't multi-billion dollar companies, and no one is asking them to volunteer. This company admits it doesn't want to help companies make their code secure. These are cyber arms dealers. 

source for quote: http://www.forbes.com/sites/andygreenberg/2012/03/21/meet-the-hackers-who-sell-spies-the-tools-to-crack-your-pc-and-get-paid-six-figure-fees/


Best,
Jason Gulledge
@ramdac
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20130903/e2c462e4/attachment.html>