Meet The Hackers Who Sell Spies The Tools To Crack Your PC (And Get Paid Six-Figure F

Discussion in 'other security issues & news' started by Hungry Man, Mar 22, 2012.

Thread Status:
Not open for further replies.
  1. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    http://www.forbes.com/sites/andygre...o-crack-your-pc-and-get-paid-six-figure-fees/

    Meet The Hackers Who Sell Spies The Tools To Crack Your PC (And Get Paid Six-Figure Fees)

     
  2. EncryptedBytes

    EncryptedBytes Registered Member

    Joined:
    Feb 20, 2011
    Posts:
    449
    Location:
    N/A
    You shouldn't worry about Vupen, there are many other ahem “darker groups” below the radar doing the same thing for much bigger stakes, and 'cyber-exploit' trading is a very profitable enterprise. As I mentioned in an older wilders post, there currently is a hidden cyber grab going on between governments and organized cyber criminals alike to suck up as many 0days as possible and absorb these proven hacking groups (Sorry Anonymous not you) into their own objectives. I wish in this case I was talking in just paranoid speak, though go to a conference such as Blackhat, present an interesting attack vector and watch as organizations and criminal groups alike try to 'make you an offer you cant refuse' to go work for them. These are how 0days attacks such as Stuxnet are able to be deployed.

    Tech vendors I believe are finally catching on hoping similar individuals will help them and you are seeing more of these "bounties" being issued by the companies that can afford to. While the firm Vupen in this article is clearly showboating it does also illustrate the need for vendors to pony up more resource allocation to secure their software in-house instead of pushing it out the door and hoping users do their beta testing for them.
     
  3. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    This has been going on forever and a day, it's just a part of the 21st century intel/counter-intel world. Vupen strikes me as almost like its own Anonymous, they're quite..vocal. But yes, they aren't the only player in the game. Stuxnet was a very very different situation, but yes, for the most part, intel agencies let these groups find the holes, and the agencies exploit them.

    These groups play a dangerous game, but admittedly the money is quite good.
     
  4. EncryptedBytes

    EncryptedBytes Registered Member

    Joined:
    Feb 20, 2011
    Posts:
    449
    Location:
    N/A
    Not at all, it utilized 0 days on its targeted adversary systems. It brings to light the point I was making.
     
  5. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    I meant Stuxnet wasn't "shopped around" to the highest bidder or used in a general manner like most exploits are. It was created for one purpose only, and targeted an extremely specific setup.
     
  6. TheWindBringeth

    TheWindBringeth Registered Member

    Joined:
    Feb 29, 2012
    Posts:
    2,084
    “Zero-day” exploit sales should be key point in cybersecurity debate

    https://www.eff.org/deeplinks/2012/...ales-should-be-key-point-cybersecurity-debate

    Key snippet:

    The administration has repeatedly warned of a crippling cyber-attack to our infrastructure and Congress is in the midst of debating an expansive new "cybersecurity" bill that, as EFF previously explained, will likely invade users’ privacy in the name of promoting Internet security. Yet the sale and use of exploits that leave ordinary users of popular software vulnerable—a real cybersecurity threat—remains unmentioned in this cybersecurity debate.
     
  7. JRViejo

    JRViejo Global Moderator

    Joined:
    Jul 9, 2008
    Posts:
    20,940
    Location:
    U.S.A.
    Re: Meet The Hackers Who Sell Spies The Tools To Crack Your PC (And Get Paid Six-Figu

    Merged Threads to Continue Related Topic.
     
Loading...
Thread Status:
Not open for further replies.