Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
Security Privacy

Netragard Ends Exploit Acquisition Program After Hacking Team Breach 48

Trailrunner7 writes: After the fallout from the HackingTeam breach, Netragard, a company that buys and sells exploits, has decided to shut down its exploit acquisition program. Leaked documents show that Natragard was selling exploits to the Italian maker of intrusion and surveillance software. In addition, documents further showed that the company sold its products to a variety of oppressive regimes, including Egypt and Ethiopia. A company statement reads in part: "We’ve decided to terminate our Exploit Acquisition Program (again). Our motivation for termination revolves around ethics, politics, and our primary business focus. The HackingTeam breach proved that we could not sufficiently vet the ethics and intentions of new buyers. HackingTeam unbeknownst to us until after their breach was clearly selling their technology to questionable parties, including but not limited to parties known for human rights violations. While it is not a vendors responsibility to control what a buyer does with the acquired product, HackingTeam’s exposed customer list is unacceptable to us. The ethics of that are appalling and we want nothing to do with it."
This discussion has been archived. No new comments can be posted.

Netragard Ends Exploit Acquisition Program After Hacking Team Breach

Comments Filter:
  • by Anonymous Coward

    Our motivation for termination revolves around ethics, politics, and our primary business focus.

    My sides! My sides! Look out Major Tom!

    • by Anonymous Coward

      More like "all the zero days we were selling, HackingTeam had bought and they got leaked. Now we might as well go out of business."

    • Our motivation for termination revolves around ethics, politics, and our primary business focus.

      I am shocked, shocked to discover that our hacking exploits were being sold to totalitarian governments!

  • NSA (Score:5, Insightful)

    by hjf ( 703092 ) on Monday July 20, 2015 @01:53PM (#50147187) Homepage

    Translation: CIA and NSA are pressuring us for exclusivity.

    Seriously, who would believe a sleazy company that makes money off exploits is worried about "human rights violations".

    • by Anonymous Coward

      Well the old 'Dot refused to post my comment, so I'll just ramble it here. agree 100%. Who the hell did this company think it's end users were, security researchers?

      Exploits being sold are being sold for 1 single reason, to be used. Nice way to try to save face, but sorry, the intertubes never forget.

      • Yes but rebel exploit sellers want rebels to buy exploits to use against oppressive regimes like... essentially everyone who used Hacking Team. Pretty much everyone on their client list qualifies as an oppressive regime. Including the government in control of the servers I'm posting on.
    • by tomhath ( 637240 )
      Or any of dozens of other agencies all around the world who might have made them an offer they couldn't refuse. NSA probably has better stuff than this place anyway.
    • Translation: CIA and NSA are pressuring us for exclusivity.

      Seriously, who would believe a sleazy company that makes money off exploits is worried about "human rights violations".

      That's a bit too broad. Would a company that makes money by finding exploits and selling them to the makers of the relevant products (via Vulnerability Rewards Programs, or similar), also be sleazy and unworried about human rights violations? There are a lot of highly ethical researchers who make their livings in exactly this way.

      Note that I'm not claiming Netragard is among them.

      • by hjf ( 703092 )

        The "researchers" you mention are able to get into the cesspools of the internet as easily as this company does.

        • The "researchers" you mention are able to get into the cesspools of the internet as easily as this company does.

          Why would they risk that?

  • by Anonymous Coward

    They went in and full well knew or should have known what they got into. So no, I'm not buying this in the least. It just means they're spineless cowards.

    If they had any ethics, they either wouldn't haven gotten into this obviously immoral or at least amoral game in the first place, or, going in knowing full well what they got into and why, they'd have the balls to see this through now. So I call them cowards. Spineless cowards. Contemtible wretches.

    Pretty much no better than the rest of the s'kiddie scum i

    • by AqD ( 1885732 )

      Why should they care? It's the same business as making weapons, things we do everyday.

    • by BVis ( 267028 )

      If they had any ethics, they either wouldn't haven gotten into this obviously immoral or at least amoral game in the first place, or, going in knowing full well what they got into and why, they'd have the balls to see this through now. So I call them cowards. Spineless cowards. Contemtible wretches.

      It's ok, though. They made money.

  • How convincing! (Score:2, Interesting)

    by Anonymous Coward

    So, these fine and respectable folks are shocked, shocked that dodgy reselling of exploits might be going on. Really. How utterly plausible.

    Unless you are selling to an end user who does their own development, what other possible outcome could you expect? They only want to purchase the exploit from you because they think that they can package it up and sell it on to enough of their own customers to come out in the black. That is a situation where all the incentives push toward transactions being largely sec

    • There are different flavors of troubling. Many of the hacking groups out there are effectively digital rebel warriors trying to fight oppressive regimes like Egypt and the US. Their actions may be criminal and in some cases immoral but they are fighting greater evils perpetrated by the powers we've failed to resist by conventional means. That is civil disobedience. Perhaps they considered that getting tools to these elements was worth the risk of simple profiteers getting some exploits but did not consider
  • by Anonymous Coward

    Meanwhile, Intertrode (who just happens to have the same owners) have now covertly begun an open exploit acquisition program.

  • While it is not a vendor's responsibility to control what a buyer does with the acquired product

    Anti [npr.org] 2nd-Amendment zealots [nbcphiladelphia.com] would [chicagotribune.com] disagree [washingtonpost.com].

    And, although the above lists mere tort-claims, there are movements afoot towards criminal liabilities for gun-sellers as well. For the Greater Good.

    • by BVis ( 267028 )

      Dammit, /r/ammosexuals is leaking again.

      Go grind your axe somewhere else.

      • Consider this, there would be no democracy in the world if the powers at be did not have to fear the mob which is why we have a 2nd amendment. Now that every nation in the world including ours has disarmed the people to the point the powers-at-be no longer have to fear the mob... what happens to democracy and do you honestly think it hasn't happened already?
  • by TheCarp ( 96830 ) <sjc@@@carpanet...net> on Monday July 20, 2015 @02:10PM (#50147361) Homepage

    HackingTeam unbeknownst to us until after their breach was clearly selling their technology to questionable parties, including but not limited to parties known for human rights violations."

    So would that include the US government and its allies? The Washington gang certainly falls under "parties known for human rights violations" (including torture)

    • Almost certainly, though it would be rather stupid of them not to make the purchase through some kind of shell organization. The simple fact that a government agency is acquiring information about a specific exploit is itself valuable information. At the same time, you'd almost think that the government would try to do a lot of this work in-house.
      • At the same time, you'd almost think that the government would try to do a lot of this work in-house.

        As bad as the economy is, they're still having trouble attracting the kind of people who do this work. Their general hiring policies are a big part of the problem, obviously. A lot of the qualified candidates aren't interested in pissing in a cup, and wouldn't pass if they did

      • What on earth makes you think that Netragard and the same people's instant new exploit selling system to replace it after this announcement Intertrode aren't shell organizations for the western regimes?
    • Honestly, this whole stance is stupid. You can't control that kind of information in any meaningful way. It's like deciding only the Shepherds of the Righteous will have weapons: you're just creating an imbalance.

      The more access dangerous criminals have to dangerous toys, the more society moves to control them. When society gives up hope on controlling their access to dangerous toys, it finds other ways to control criminals. In the most extreme, the criminals become so dangerous as to create a faili

  • "selling their technology to questionable parties" as if there were any other kind of customer paying for such.
  • by Virtucon ( 127420 ) on Monday July 20, 2015 @02:44PM (#50147581)

    Our motivation for termination revolves around ethics, politics, and our primary business focus. The HackingTeam breach proved that we could not sufficiently vet the ethics and intentions of new buyers. HackingTeam unbeknownst to us until after their breach was clearly selling their technology to questionable parties, including but not limited to parties known for human rights violations.

    So you were selling these hoping that it would save the whales or make the bunnies happy? You're selling vulnerabilities that you acquire. Specifically weapons and like all weapons, it's a commodity based business and you took the money. The remorse is a bit late and a bit shallow because a weapons manufacturer doesn't feign surprise when somebody gets killed with their product.

  • by Opportunist ( 166417 ) on Monday July 20, 2015 @03:03PM (#50147753)

    What did you expect your customers to do with the knowledge about unpatched, unknown 0day exploits? Make a funny little collection to show around to their friends?

    "Hey, Fred, look what I got! It's a genuine 0day that MS doesn't know about yet. Ain't it cool? Huh? No, why would I use it?"

    Seriously, what did you expect?

Real programmers don't comment their code. It was hard to write, it should be hard to understand.

Working...