German intelligence service BND buys zeroday attacks against SSL now and in the future even more


"The Federal Intelligence Service (BND) wants to evaluate the encrypted data on the internet and shop for tools on the gray market for software vulnerabilities. The foreign intelligence service has been scheduled by 2020 around 4.5 million euros, for example, the common transport encryption SSL to crack. With their help wrap among other great shopping portals and banks from their supposedly secure online transactions. To bypass SSL, wants to buy information about software vulnerabilities, such as so-called "zero day exploits", the BND. This is to programming errors that allow hackers to penetrate approximately into an operating system to spy on and manipulate data. The market for such vulnerabilities is booming for several years.

The Federal Office for Information Security (BSI) announced on inquiry, it was "September 2014" entertain a contract with the French company Vupen. It is considered a world leader in software vulnerabilities. Purpose of the contract, the BSI, was "solely the protection of government networks" have been. "To support the market for vulnerabilities from public view is an extremely bad idea," says Michael Waidner, Director of the Fraunhofer Institute for Secure Information Technology. Each gap is a major risk for its own citizens, governments and businesses, because no one knew who buy all the knowledge of vulnerabilities.
source  - translated by Google translate - not corrected
in fact services like VUPEN should be prohibited which doesn't mean that securityservices shouldn't be compensated for their work (by a state agency for example)
so it is not only the NSA who is a client of VUPEN - because aside BND many others will probably be a client

The comments are closed.