Meet the Tiny Startup That Sells IPhone and Android Zero Days To Governments (vice.com) 51
An anonymous reader writes: The story of Azimuth Security, a tiny startup in Australia, provides a rare peek inside the secretive industry that helps government hackers get around encryption. Azimuth is part of an opaque, little known corner of the intelligence world made of hackers who develop and sell expensive exploits to break into popular technologies like iOS, Chrome, Android and Tor.
Russian Aussies? (Score:1)
Re:Russian Slashvertisement? (Score:1)
At least it's not another "KGB" "story."
Re: (Score:2, Interesting)
And this is ethical because...?????
Because it's profitable of course..
Re:Ethics? (Score:4, Interesting)
And this is ethical because...?????
They do claim to only sell their uncovered secrets to a "select group of countries and not repressive" ones.
provides exploits to ... the United States, United Kingdom, Canada, Australia, and New Zealand.
That's how they answer this ethics question. Which may or may not work for you.
Re: (Score:2, Insightful)
But that's not the ethical problem.
The ethical problem is hoarding exploits rather than responsibly reporting them to the software vendors. This puts many people at risk to serve the needs of the few.
Re: (Score:2)
Re: (Score:2)
Re: Ethics? (Score:1)
Mysteriously those countries are all part of the "Five eyes". Coincidence much?
Re:Ethics? (Score:5, Interesting)
Ethics, in a nutshell, is "Do the right things for the right reasons". Figuring out and agreeing upon what the right things are and what the right reasons are, is the hard part. Everything with ethics depends on context. Lying may or may not be ethical depending upon the situation at hand. Lying to a man who has a school full of children as hostages, ethical. Lying to your spouse about cheating, unethical. And the lying part of the unethical example I just gave may have other situational conditions that make it ethical.
Context is key and ethics are in the eye of the beholder...
Re: (Score:1)
And this is ethical because...?????
It isn't. And I'm ashamed.
"Azimuth Security"!? (Score:3)
Re:"Azimuth Security"!? (Score:5, Funny)
So we have azimuth, can I have the correct elevation, too? I'll take care of the rest, then...
*A* NOT *THE* (Score:4, Insightful)
Important differentiation. This makes it sound like they are the original or only startup doing this.
This has literally been done for a decade for smartphones and probably 2-3 decades for computers (Hint: Israel has a *HUGE* computer security industry which runs off this exact type of business. I am sure there are places in every major nation doing the same, albeit most of them not as well.)
I got zero day to sell (Score:2)
Re: (Score:3)
Sorry, that exploit doesn't work on this batch of terrorists. It would literally be like beating a dead horse.
Re: (Score:2)
Sorry, that exploit doesn't work on this batch of terrorists. It would literally be like beating a dead horse.
You are not holding it correctly.
Re: (Score:2)
Well, if you find enough bits of the terrorist after the attack, go ahead and beat them...
Funny quote from the article (Score:5, Insightful)
While the trade is commonly painted as a wild west full of mercenaries who sell hacking tools to whoever can afford them, over a dozen well-placed sources described an overlooked section of the industry that focuses on supplying to a select group of democratic governments, rather than authoritarian regimes.
Phew! I'm glad that there are still people who can tell the difference between "democratic governments" and authoritarian regimes, especially in the field of violating basic human rights.
Re: Funny quote from the article (Score:2)
They must not have anything too great since the US government repeatedly tries to force Apple to implement back doors.
Re: (Score:2)
TOR entry/exit points need a platform to run on. Exploit this platform and you've got a good starting point for an attack vector.
Sell to government & who else ... (Score:2)
other customers might not be properly acknowledged; might not even be sold by the company but by an employee who is running short of cash this month ...
Why is this even legal? (Score:4, Insightful)
Companies like Microsoft and Google and Apple would probably rather not have exploits in their software bought and sold on the open market I am sure so why haven't they lobbied governments to make such buying and selling of vulnerabilities illegal (with heavy penalties up to jail time for violations).
It should be illegal for anyone except the vendor of the software to buy such vulnerabilities (companies, governments, anyone) and illegal to sell it to anyone other than the original vendor.
With less market to sell to and heavy penalties, the only people still active will be the black hats who provide vulnerabilities to malware authors and criminal gangs and the like and where there is no risk of being caught and punished (because they are in countries like Russia where the criminal gangs running the cybercrime operations are in good with the government) and there are a lot less of those.
Some will say that if you ban this it will just drive it deeper underground but the criminal gangs and such who want to use vulnerabilities for bad things (malware, cyber attacks, stealing credit card numbers etc) are already deep underground along with the hackers that supply them and most of those operating semi-legitimately probably dont particularly want to go to jail and aren't suddenly going to start selling their services to the Russian cybercrime gangs.
Less vulnerabilities will be floating around out there to be exploited and less people will be engaged in the business of finding vulnerabilities for abusive purposes (meaning the vendors and other white hats who look for vulnerabilities with the intent of fixing them will have less competition)
Re: (Score:2)