FBI Turns to ‘Gray Market’ for Hackers

By Allan Lengel
ticklethewire.com

The FBI has long complained about the difficulties cracking encrypted cell phones.

Rhys Dipshan of Slate reports that the agency has spent a fair amount of money hiring private hackers:

Most of the time, cracking encrypted devices comes down to finding and leveraging zero-day vulnerabilities—unknown exploitable weaknesses in software or hardware. While agencies like the FBI can do this themselves, they also outsource the task to third-party hackers and companies who operate on the “gray market”—a furtive marketplace of sellers offering zero-days and hacking services exclusively to government and corporate clients.

In 2015, for instance, the FBI paid about $1.3 million to an undisclosed gray-market company for an exploit—essentially a tool leveraging a zero-day vulnerability—that cracked a locked iPhone used by gunman Syed Farook in the San Bernardino, California, shooting, according to then–FBI Director James Comey. While the purchase received much attention, it was hardly the first time the U.S. government relied on the gray market. In 2012, the NSA bought exploits from Montpellier, France–based Vupen, a gray-market company that closed in 2015 and reopened as Zerodium. In fact, the NSA budgeted $25.1 million to purchase zero-days in 2013.

Leave a Reply