Some do it for the lulz, others do it for the Benjamins. In a piece published today in Forbes, Andy Greenburg introduces us to VUPEN, a company that is apparently a proponent of the latter. VUPEN sells hacking secrets to government agencies for big bucks, and a host of Internetty folk are terrified of the implications.
VUPEN calls itself the “Leading Provider of Defensive and Offensive Security,” and it’s that “Offensive” part that has some in a tizzy. The company has become an expert at mining software like Google Chrome for security vulnerabilities, then making crazy amounts of cash selling their hacking secrets to parties willing to shell out a handsome fee.
And usually, people with the cash and desire to purchase hacking secrets aren’t exactly the most innocent of characters. “In that shady but legal market for security vulnerabilities, a zero-day exploit that might earn a hacker $2,000 or $3,000 from a software firm could earn 10 or even 100 times that sum from the spies and cops who aim to use it in secret,” writes Mr. Greenburg.
Privacy experts are rightly concerned about the havoc VUPEN’s transactions could wreak on the Internet. Though VUPEN claims to refuse to sell to “nondemocratic nations,” they’re essentially playing Russian roulette with backdoor hacks. With so many different clients with opposing interests, and without a way to keep track of where their information goes once an agency pays for it, the whole shebang is bound to implode at some point.
Forbes quotes privacy activist Chris Soghoian with a little more insight: “Vupen is the Snooki of this industry,” he said. “They’re the Jersey Shore of the exploit trade.”
So VUPEN is a collection of famewhoring orange monsters comprised of 80 percent tequila and 20 percent cheap body glitter? Got it.