topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • Friday November 8, 2024, 6:49 am
  • Proudly celebrating 15+ years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Author Topic: Kevin Mitnick Is Now Selling Zero-Day Exploits  (Read 10405 times)

app103

  • That scary taskbar girl
  • Global Moderator
  • Joined in 2006
  • *****
  • Posts: 5,885
    • View Profile
    • Donate to Member
Kevin Mitnick Is Now Selling Zero-Day Exploits
« on: September 26, 2014, 08:44 AM »
This gave me a really sick feeling in my stomach.  :sick:

As a young man, Kevin Mitnick became the world’s most notorious black hat hacker, breaking into the networks of companies like IBM, Nokia, Motorola, and other targets. After a stint in prison, he reinvented himself as a white hat hacker, selling his skills as a penetration tester and security consultant.

With his latest business venture, Mitnick has switched hats again: This time to an ambiguous shade of gray.

Late last week, Mitnick revealed a new branch of his security consultancy business he calls Mitnick’s Absolute Zero Day Exploit Exchange. Since its quiet inception six months ago, he says the service has offered to sell corporate and government clients high-end “zero-day” exploits, hacking tools that take advantage of secret bugs in software for which no patch yet exists. Mitnick says he’s offering exploits developed both by his own in-house researchers and by outside hackers, guaranteed to be exclusive and priced at no less than $100,000 each, including his own fee.

And what will his clients do with those exploits? “When we have a client that wants a zero-day vulnerability for whatever reason, we don’t ask, and in fact they wouldn’t tell us,” Mitnick tells WIRED in an interview. “Researchers find them, they sell them to us for X, we sell them to clients for Y and make the margin in between.”

Mitnick declined to name any of his customers, and wouldn’t say how many, if any, exploits his exchange has brokered so far. But the website he launched to reveal the project last week offers to use his company’s “unique positioning among security researchers and the hacker community” to connect exploit developers with “discerning government and corporate buyers.”





from Versioning

Renegade

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 13,291
  • Tell me something you don't know...
    • View Profile
    • Renegade Minds
    • Donate to Member
Re: Kevin Mitnick Is Now Selling Zero-Day Exploits
« Reply #1 on: September 26, 2014, 11:49 AM »
This gave me a really sick feeling in my stomach.  :sick:

I can understand why he'd do it. It's a kind of perverse revenge for that they did to him. It probably wasn't fun being thrown in a rape cage.

Still... it's perverse.
Slow Down Music - Where I commit thought crimes...

Freedom is the right to be wrong, not the right to do wrong. - John Diefenbaker

KynloStephen66515

  • Animated Giffer in Chief
  • Honorary Member
  • Joined in 2010
  • **
  • Posts: 3,758
    • View Profile
    • Donate to Member
Re: Kevin Mitnick Is Now Selling Zero-Day Exploits
« Reply #2 on: September 26, 2014, 12:21 PM »
An eye for an eye leaves everybody with less eyes.

TaoPhoenix

  • Supporting Member
  • Joined in 2011
  • **
  • Posts: 4,642
    • View Profile
    • Donate to Member
Re: Kevin Mitnick Is Now Selling Zero-Day Exploits
« Reply #3 on: September 26, 2014, 12:39 PM »
I'm not sure how long he'd even survive against the legal system doing this.

I just don't know enough about computer law.

A lot of those kinds of guys are out of reach, buried in Russia/your choice of 10 countries.

But Kevin Mitnick is in in our back yard.

Look what happened to that Dot-com guy. Or is music more important than security?!


mwb1100

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 1,645
    • View Profile
    • Donate to Member
Re: Kevin Mitnick Is Now Selling Zero-Day Exploits
« Reply #4 on: September 26, 2014, 12:54 PM »
It's like a real life Bond super villain business plan. And this is just the kind of phrase such a character might utter: “discerning government and corporate buyers”

app103

  • That scary taskbar girl
  • Global Moderator
  • Joined in 2006
  • *****
  • Posts: 5,885
    • View Profile
    • Donate to Member
Re: Kevin Mitnick Is Now Selling Zero-Day Exploits
« Reply #5 on: September 26, 2014, 06:24 PM »
Others might wish to see it as him setting his own bounty price, to find exploits in software, selling them to the big developers responsible for that software so that they can fix the vulnerabilities.

But I don't see it that way.

My thought was him selling exploits to the DHS, NSA, and CIA, even if he ends up unknowingly doing it, by selling them to one of their umbrella corporations. And what do you think they would do with those exploits?

Seems less like revenge and more like greed, if you ask me.

Deozaan

  • Charter Member
  • Joined in 2006
  • ***
  • Points: 1
  • Posts: 9,768
    • View Profile
    • Read more about this member.
    • Donate to Member
Re: Kevin Mitnick Is Now Selling Zero-Day Exploits
« Reply #6 on: September 26, 2014, 07:01 PM »
Is that even legal? Seems like a good way to land himself back in prison.

app103

  • That scary taskbar girl
  • Global Moderator
  • Joined in 2006
  • *****
  • Posts: 5,885
    • View Profile
    • Donate to Member
Re: Kevin Mitnick Is Now Selling Zero-Day Exploits
« Reply #7 on: September 26, 2014, 08:05 PM »
Is that even legal? Seems like a good way to land himself back in prison.

Selling exploits to the DHS, NSA, and CIA is perfectly legal. Selling exploits for products direct to the company that's responsible for them, such as selling exploits for Google products to Google, is perfectly legal, too. Anything else is a gray area, and it would all depend on who he sold it to and what they did with it. Sell the wrong thing to the wrong person, and he could be held responsible for what they do and charged as an accessory, if they do anything illegal with it.

Innuendo

  • Charter Member
  • Joined in 2005
  • ***
  • default avatar
  • Posts: 2,266
    • View Profile
    • Donate to Member
Re: Kevin Mitnick Is Now Selling Zero-Day Exploits
« Reply #8 on: September 27, 2014, 10:39 AM »
app103 is following my line of thought here. Hacking is considered to be an act of terrorism under modern American law. It's just a matter of time before one of his clients does something illegal with what he sold them and he'll be looking down the barrel of being charged as a terrorist.

It's amazing how some of the smartest people can also be among the stupidest.

TaoPhoenix

  • Supporting Member
  • Joined in 2011
  • **
  • Posts: 4,642
    • View Profile
    • Donate to Member
Re: Kevin Mitnick Is Now Selling Zero-Day Exploits
« Reply #9 on: September 27, 2014, 11:08 AM »
It's amazing how some of the smartest people can also be among the stupidest.

Well, that phrasing bothers me a little. I prefer it as "IQ and wisdom are far from the same thing. "
So you get both halves of the spectrum - IQ off the charts but zero wisdom, and maybe Forrest Gump on the other. (After all, he somehow managed to meet Presidents, start a business, become a leader (when he had people following him while he ran), and more, and didn't really seem to have very many vicious enemies.


Renegade

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 13,291
  • Tell me something you don't know...
    • View Profile
    • Renegade Minds
    • Donate to Member
Re: Kevin Mitnick Is Now Selling Zero-Day Exploits
« Reply #10 on: September 27, 2014, 11:28 AM »
app103 is following my line of thought here. Hacking is considered to be an act of terrorism under modern American law. It's just a matter of time before one of his clients does something illegal with what he sold them and he'll be looking down the barrel of being charged as a terrorist.

It's amazing how some of the smartest people can also be among the stupidest.

Hold on... He's selling to governments... By definition they cannot do anything "illegal". They're always right and moral and good and virtuous and puppy dogs and flowers and loveliness and virtue.

Are you suggesting that governments can be capable of criminal activity????

That's simply absurd!!!

Can a government be a terrorist?

Oh, I'm so shocked! It's just not possible!

Because...

This.

Yeah. Pretty much that. ;)



I'm sure as heck not going to defend Mitnick. But I sure as heck won't defend or excuse his clients either.

Slow Down Music - Where I commit thought crimes...

Freedom is the right to be wrong, not the right to do wrong. - John Diefenbaker

SeraphimLabs

  • Participant
  • Joined in 2012
  • *
  • Posts: 497
  • Be Ready
    • View Profile
    • SeraphimLabs
    • Donate to Member
Re: Kevin Mitnick Is Now Selling Zero-Day Exploits
« Reply #11 on: September 27, 2014, 09:52 PM »
Just the fact that he is making a profit from exploiting other people's systems is very highly questionable- I would have to read through a few software licenses to see if that aspect is even legal.

But he might make a profit regardless, its just a question of legality and morality of this type of activity.