NSA contracted to buy malware from French hacker company
It’s more than necessity that makes strange bedfellows, apparently. It’s also online surveillance.
Despite France’s flourishes of outrage at the activities of the National Security Agency, the country’s hackers didn’t find the agency nearly so unpalatable as its politicians did.
A contract that’s come to light with the recent release of documents from a successful Freedom of Information Act request shows that the NSA bought software exploits from a French hacking firm called Vupen, headquartered in Montpelier.
The NSA contracted with Vupen for a year-long “subscription” to zero day exploits, previously unknown vulnerabilities in software and hardware. Knowledge of zero day exploits allows for both defense against their use and offensive use for the purposes of surveillance and data theft.
Vupen CEO Chaouki Bekrar told Slate’s Ryan Gallagher that his company’s services include highly technical documentation and private exploits written by Vupen’s team of researchers for critical vulnerabilities affecting major software and operating systems.”
The amount paid for this subscription was redacted on the document, and Bekrar did not divulge it, but the company pulled in $1.2 million in 2011—86 percent from non-French clients.
French investigative hackers Reflets.info has had their eye on Vupen for some time, the publication’s Fabrice Epelboin told the Daily Dot. Hacker and Reflets journalist Kitetoa wrote about the group yesterday.
Among his discoveries: Vupen has close ties with the French Army and is deeply involved in the French Army cyber-command’s offensive online initiatives.
“The exploits sold by Vupen,” he said, “can and will backfire, just like Stuxnet, which ended up getting outside the Iranian nuclear project it was supposed to sabotage. This could have serious consequences.”
It may be tempting, with the prominence of Anonymous, the recent request by DEF CON that federal authorities not attend, and the heckling of NSA director Keith Alexander at another hacker con, Black Hat, to imagine hackers and governments as being inherently at odds. That is hardly the case.
Just as some scientists are concerned with the pure science of their investigations, some hackers are captivated by the challenges of their craft. Still others, of course, are dazzled by gold.
Judge brings burglary suspect to tears after revealing a surprise about his past
This will give you the feels.4.4k
Why the first U.S. measles death in 12 years is such a big deal
It’s not just because it’s the first one in 12 years.3.5k
xPeke plans to retire after Worlds
One of the most iconic names in esports plans to hang up his mouse and keyboard in just a couple of months.3.4k
Is Reddit's relocation policy to blame for dismissals?
Reddit's expanding alumni page may not be the only sea change in store.
The 3 biggest questions heading into the ESL ESEA final
The first edition of the ESL ESEA Pro League is coming to a head this weekend with $250,000 on the line.29