Netragard, one of the small number of companies that buys and sells exploits, has shut down its exploit acquisition program in the wake of the HackingTeam breach.
Among the revelations in the cache of documents leaked after the attack on HackingTeam was information about Netragard selling an exploit to the Italian maker of intrusion and surveillance software. The HackingTeam documents also showed that the company sold its products to a variety of customers associated with oppressive regimes, including Egypt and Ethiopia. In the last, HackingTeam officials had denied that they dealt with such customers, but the leaked emails and other documents from the attack earlier this month showed otherwise.
After the documents became public, Netragard officials said that they only sold one exploit to HackingTeam and characterized it as en exception to the company’s normal policy of only dealing with customers in the United States. Netragard CEO Adriel Desautels said in the immediate aftermath of the breach that it was ending its relationship with HackingTeam.
“The breach of HackingTeam is a blessing in disguise. The breach exposed their customer list which contained a variety of questionable countries known for human rights violations. Their customers are the very same customers that we’ve worked so hard to avoid. It goes without saying that our relationship with them is over and we’ve tightened our vendor vetting process,” he said in a blog post on July 9.
Now, Desautels said the company has decided to end its exploit acquisition program altogether due to the ethical and political issues it involves.
We’ve decided to terminate our Exploit Acquisition Program (again). Our motivation for termination revolves around ethics, politics, and our primary business focus. The HackingTeam breach proved that we could not sufficiently vet the ethics and intentions of new buyers. HackingTeam unbeknownst to us until after their breach was clearly selling their technology to questionable parties, including but not limited to parties known for human rights violations. While it is not a vendors responsibility to control what a buyer does with the acquired product, HackingTeam’s exposed customer list is unacceptable to us. The ethics of that are appalling and we want nothing to do with it,” he said in a blog post over the weekend.
- See more at: https://threatpost.com/netragard-sh...quisition-program/113846#sthash.GXkYmcMS.dpuf
Among the revelations in the cache of documents leaked after the attack on HackingTeam was information about Netragard selling an exploit to the Italian maker of intrusion and surveillance software. The HackingTeam documents also showed that the company sold its products to a variety of customers associated with oppressive regimes, including Egypt and Ethiopia. In the last, HackingTeam officials had denied that they dealt with such customers, but the leaked emails and other documents from the attack earlier this month showed otherwise.
After the documents became public, Netragard officials said that they only sold one exploit to HackingTeam and characterized it as en exception to the company’s normal policy of only dealing with customers in the United States. Netragard CEO Adriel Desautels said in the immediate aftermath of the breach that it was ending its relationship with HackingTeam.
“The breach of HackingTeam is a blessing in disguise. The breach exposed their customer list which contained a variety of questionable countries known for human rights violations. Their customers are the very same customers that we’ve worked so hard to avoid. It goes without saying that our relationship with them is over and we’ve tightened our vendor vetting process,” he said in a blog post on July 9.
Now, Desautels said the company has decided to end its exploit acquisition program altogether due to the ethical and political issues it involves.
We’ve decided to terminate our Exploit Acquisition Program (again). Our motivation for termination revolves around ethics, politics, and our primary business focus. The HackingTeam breach proved that we could not sufficiently vet the ethics and intentions of new buyers. HackingTeam unbeknownst to us until after their breach was clearly selling their technology to questionable parties, including but not limited to parties known for human rights violations. While it is not a vendors responsibility to control what a buyer does with the acquired product, HackingTeam’s exposed customer list is unacceptable to us. The ethics of that are appalling and we want nothing to do with it,” he said in a blog post over the weekend.
- See more at: https://threatpost.com/netragard-sh...quisition-program/113846#sthash.GXkYmcMS.dpuf
