Meet The Hackers Who Sell Spies The Tools To Crack Your PC (And Get Paid Six-Figure F

http://www.forbes.com/sites/andygre...o-crack-your-pc-and-get-paid-six-figure-fees/

Meet The Hackers Who Sell Spies The Tools To Crack Your PC (And Get Paid Six-Figure Fees)

 

You shouldn't worry about Vupen, there are many other ahem “darker groups” below the radar doing the same thing for much bigger stakes, and 'cyber-exploit' trading is a very profitable enterprise. As I mentioned in an older wilders post, there currently is a hidden cyber grab going on between governments and organized cyber criminals alike to suck up as many 0days as possible and absorb these proven hacking groups (Sorry Anonymous not you) into their own objectives. I wish in this case I was talking in just paranoid speak, though go to a conference such as Blackhat, present an interesting attack vector and watch as organizations and criminal groups alike try to 'make you an offer you cant refuse' to go work for them. These are how 0days attacks such as Stuxnet are able to be deployed.

Tech vendors I believe are finally catching on hoping similar individuals will help them and you are seeing more of these "bounties" being issued by the companies that can afford to. While the firm Vupen in this article is clearly showboating it does also illustrate the need for vendors to pony up more resource allocation to secure their software in-house instead of pushing it out the door and hoping users do their beta testing for them.

 

This has been going on forever and a day, it's just a part of the 21st century intel/counter-intel world. Vupen strikes me as almost like its own Anonymous, they're quite..vocal. But yes, they aren't the only player in the game. Stuxnet was a very very different situation, but yes, for the most part, intel agencies let these groups find the holes, and the agencies exploit them.

These groups play a dangerous game, but admittedly the money is quite good.

 

Not at all, it utilized 0 days on its targeted adversary systems. It brings to light the point I was making.

 

I meant Stuxnet wasn't "shopped around" to the highest bidder or used in a general manner like most exploits are. It was created for one purpose only, and targeted an extremely specific setup.

 

“Zero-day” exploit sales should be key point in cybersecurity debate

https://www.eff.org/deeplinks/2012/...ales-should-be-key-point-cybersecurity-debate

Key snippet:

The administration has repeatedly warned of a crippling cyber-attack to our infrastructure and Congress is in the midst of debating an expansive new "cybersecurity" bill that, as EFF previously explained, will likely invade users’ privacy in the name of promoting Internet security. Yet the sale and use of exploits that leave ordinary users of popular software vulnerable—a real cybersecurity threat—remains unmentioned in this cybersecurity debate.