[ISN] Meet The Hackers Who Sell Spies The Tools To Crack Your PC (And Get Paid Six-Figure Fees)

From: InfoSec News <alerts_at_private>
Date: Thu, 22 Mar 2012 04:55:15 -0500 (CDT)
http://www.forbes.com/sites/andygreenberg/2012/03/21/meet-the-hackers-who-sell-spies-the-tools-to-crack-your-pc-and-get-paid-six-figure-fees/

By Andy Greenberg
Forbes Staff
Security
3/21/2012

This story appears in the April 9th issue of Forbes magazine.

At a Google-run competition in ­Vancouver last month, the search giant’s 
famously secure Chrome Web browser fell to hackers twice. Both of the 
new methods used a rigged ­website to bypass Chrome’s security 
protections and completely hijack a target computer. But while those two 
hacks defeated the company’s defenses, it was only a third one that 
actually managed to get under Google’s skin.

A team of hackers from French security firm Vupen were playing by 
different rules. They declined to enter Google’s contest and instead 
dismantled Chrome’s security to win an HP-sponsored hackathon at the 
same conference. And while Google paid a $60,000 award to each of the 
two hackers who won its event on the condition that they tell Google 
every detail of their attacks and help the company fix the 
vulnerabilities they had used, Vupen’s chief executive and lead hacker, 
Chaouki Bekrar, says his company never had any intention of telling 
Google its secret techniques—certainly not for $60,000 in chump change.

“We wouldn’t share this with Google for even $1 million,” says Bekrar. 
“We don’t want to give them any knowledge that can help them in fixing 
this exploit or other similar exploits. We want to keep this for our 
customers.”

Those customers, after all, don’t aim to fix Google’s security bugs or 
those of any other commercial software vendor. They’re government 
agencies who ­purchase such “zero-day” exploits, or hacking techniques 
that use undisclosed flaws in software, with the ­explicit ­intention of 
invading or disrupting the computers and phones of crime suspects and 
intelligence targets.

[...]


______________________________________________________________________________
CISSP and CEH training with Expanding Security is the fastest, easiest way
to grock the relevant data you need now.   A free class invite is in every
PainPill.  Sign up for the free weekly PainPill .  It's that easy.
http://www.expandingsecurity.com/PainPill
Received on Thu Mar 22 2012 - 02:55:15 PDT

This archive was generated by hypermail 2.2.0 : Thu Mar 22 2012 - 03:02:30 PDT