Ho-hum? NSA bought exploits from Vupen

By

Business as usual.

The US National Security Agency has obtained services from French zero-day seller Vupen, US freedom of information documents reveal.

Ho-hum? NSA bought exploits from Vupen

Documents published by public records site MuckRock show the NSA bought a year-long Vupen subscription that ended earlier this month for a “binary analysis and exploits service”. [pdf]

The value of the deal was redacted, however the NSA had spent more than $25 million on exploit purchases this year, according to theThe Washington Post

While the disclosure comes on the coattails of more alarming news of the NSA potentially undermining encryption protocols and strong-arming technology vendors into opening backdoors into their products and services, the contract appeared standard business for Vupen.

The French hacker outfit has regularly publicly disclosed that it sold exploits to government agencies and has been unapologetic for the practice.

Vupen, in addressing privacy and security concerns that come from selling security exploits, says it only sold services to democracies such as the Five Eye group of nations that included Australia and had heeded international regulations.

However it remained unclear why the NSA had purchased the services. 

Chief Chaouki Bekrar told SC US some customers used the services for defensive purposes.

"Many of these agencies work with various local and foreign exploit providers to get the largest coverage and protection possible against software and hardware vulnerabilities."

Privacy advocate Chris Soghoian said on Twitter the services could offer a means of deniability for the agency's operations.

"There are times when US special forces use AK47s, even though they have superior guns available. Same for NSA's VUPEN purchase. Deniability," Soghoian said.

Earlier this month, documents from Edward Snowden revealed the NSA had obtained backdoors into vendor encryption software by either demanding access or simply stealing keys.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:

Most Read Articles

Qantas facing 'significant' data theft after cyber attack

Qantas facing 'significant' data theft after cyber attack

Home Affairs officer accessed data on "friends and associates"

Home Affairs officer accessed data on "friends and associates"

International Criminal Court hit by cyber attack

International Criminal Court hit by cyber attack

Ex-student charged over Western Sydney University cyberattacks

Ex-student charged over Western Sydney University cyberattacks

Log In

  |  Forgot your password?