If you’re a Moscow-based zero-day exploit seller, all you have to do is e-mail a spyware company like Hacking Team out of the blue. You can go from initial, unsolicited message to getting paid tens of thousands of dollars in just a matter of weeks. After Hacking Team, the Italian spyware vendor, was itself hacked and 400GB of its internal data released onto BitTorrent, Ars reviewed internal e-mails from the company. The chain of e-mails that follow offer a rare look into exactly how new security vulnerabilities get sold to companies and governments around the globe. The Moscow vendor’s first e-mail, dated October 13, 2013, was short and to the point: Hi, is your company interested in buying zero-day vulnerabilities with RCE exploits for the latest versions of Flash Player, Silverlight, Java, Safari? All exploits allow to embed and remote execute custom payloads and demonstrate modern techniques for bypassing ASLR [address space layout randomization] and DEP [data execution prevention]-like protections on Windows, OS X, and iOS without using of unreliable ROP and heap sprays. The e-mail contained no identifying information about its sender except for the e-mail address: firstname.lastname@example.org. The Hacking Team response, direct from CEO David Vincenzetti, came within 24 hours: Absolutely. Would […]
For more information go to http://www.NationalCyberSecurity.com, http://www. GregoryDEvans.com, http://www.LocatePC.net or http://AmIHackerProof.com
The post How a Russian hacker made $45,000 selling a zero-day Flash exploit to Hacking Team appeared first on National Cyber Security.
View full post on National Cyber Security