Your browser does not support the HTML5 canvas tag.
Εγχειρίδιο χειρισμού κρίσεων λόγω πολιτικών ΔΝΤ από τη CIA! / Already confirmed: Civil liberties under attack! / Greece's creditors gone completely insane! / How the global financial mafia sucked Greece's blood / ECB's economic hitmen / The German Thatcher confirms bureaufascists' plans! / Η Μέρκελ επιβεβαιώνει τα σχέδια των γραφειοφασιστών! /Greece: the low-noise collapse of an entire country/ Proxy wars everywhere, the planet already in flames ... / Ενώ η Γερμανία προετοιμάζεται για τα χειρότερα, η Ελλάδα επιμένει στο ευρώ! / Ένας παγκόσμιος "proxy" πόλεμος κατά της ελευθερίας έχει ξεκινήσει! / McCarthyism 2.0 against the independent information / Ο επικεφαλής του "σκιώδους συμβουλίου" της ΕΚΤ επιβεβαιώνει ότι η ευρωζώνη είναι μια χρηματοπιστωτική δικτατορία! / It has started: A global proxy war against freedom! / Βαρουφάκης: Το ΤΧΣ δεν ελέγχεται από το δημόσιο! / Η Ευρώπη συνθλίβεται από τους φασίστες, τους ισλαμοφασίστες, τους γραφειοφασίστες και τα αφεντικά τους / Europe crushed by the fascists, islamofascists, bureaufascists and their masters / Δεν γίνεται έτσι "σύντροφοι" ... / Panama Papers: When mainstream information wears the anti-establishment mask / The Secret Bank Bailout / The head of the ECB “shadow council” confirms that eurozone is a financial dictatorship! / A documentary by Paul Mason about the financial coup in Greece / The ruthless neo-colonialists of 21st century / First cracks to the establishment by the American people / From Tsipras to Corbyn and Sanders: This is not the Left we want / Clinton emails - The race of the Western neo-colonialist vultures over the Libyan corpse / Επιχείρηση Panama Papers: Το κατεστημένο θέλει το μονοπώλιο και στις διαρροές; / Operation "looting of Greece" reaches final stage / Varoufakis describes how Merkel sacrificed Greece to save the Franco-German banks / France officialy enters the neo-Feudal era! / The US establishment just gave its greatest performance so far ... / A significant revelation by WikiLeaks that the media almost ignored / It's official: the US is funding Middle-East jihadists! / Οι αδίστακτοι νεο-αποικιοκράτες του 21ου αιώνα / How to handle political unrest caused by IMF policies!

17 March, 2017

US government bought control over software privacy vulnerabilities

The CIA’s vast database of software vulnerabilities has not only been putting the cyber security of millions of Americans at risk for years, it has also cost American taxpayers millions of dollars, as the agency has had to pay for a monopoly on the vulnerabilities. Considering that the CIA lost control of this database over a year ago, those dollars have essentially been wasted.

Part 2 - Feeding the Beast: Explosive Growth in the “Zero-day” Exploit Market

While the Wikileaks release is the first public disclosure of the U.S. government’s hefty expenditures on software vulnerabilities, the practice has been known about for years. In 2013, the New York Times reported on the sale of “zero-day” exploits to government agencies, bolstering claims made by NSA whistleblower Edward Snowden that government surveillance assets were embedded in software developed by private companies.

Zero-day” refers to weaknesses in hardware or software that are not known to manufacturers, leaving them with zero days to create patches to address the vulnerabilities. While private companies have “bounty” programs that are meant to incentivize the reporting of weaknesses, governments find them incredibly attractive and valuable, using them in sophisticated cyberattacks or investigations.

Decades ago, hackers and other tech-savvy individuals would often inform tech companies of vulnerabilities for free for pennies on the dollar if they were sold. However, growing government – as well as criminal – interest has led to the emergence of a lucrative business in recent years, with companies dedicated to the discovery and sale of zero-day exploits springing up throughout the world.

Not surprisingly, many of these companies are secretive and refuse to disclose their clientele. However, Snowden’s revelations strongly suggested that the U.S. government was among the main buyers of programming flaws, though that evidence was not clear-cut.

Releases from Wikileaks have now proven that the U.S. government is very much involved in the purchase of exploits from contractors that specialize in their sale. In a document detailing some of the CIA’s exploits of iOS and Android, several exploits are listed as having been “purchased by the NSA” and “shared with CIA.” It also lists other tools that were acquired from several contractors, who were given code-names like Baitshop, SurfsUp, Fangtooth and Anglerfish.

While the code-names have obfuscated the identities of these companies (for now), there are some likely candidates. This 2013 New York Times article on the zero-day exploit market mentions a Virginia company called Endgame “in which a former director of the NSA is playing a major role.” According to the Times, Endgame has developed “a number of tools that it sells primarily to the United States government to discover vulnerabilities, which can be used for fighting cyber-espionage and for offensive purposes.

Endgame also gained notoriety as being of particular interest to imprisoned journalist Barrett Brown and was allegedly part of a story slain journalist Michael Hastings was working on at the time of his death. Brown had uncovered an email in which former Endgame CEO Chris Rouland stated that he wanted to “keep a low profile” on his company’s work for the federal government. Another company – Netragard – is also named by the Times as having “strictly U.S.-based” clientele whose demand for its “services” pushed the price it charged per flaw up dramatically, rising from 35,000 dollars in 2010 to 160,000 dollars in 2013.

Source and links:

[1] [3] [4]

No comments:

Post a Comment