A Saudi Cybersecurity Company Tried to Buy Zero Day Exploits from Me

[InfoSec News <alerts () infosecnews org>]

https://motherboard.vice.com/en_us/article/xwbk5j/saudi-cybersecurity-company-tried-buy-zero-days-from-me-haboob-darkmatter

By Joseph Cox
Motherboard.vice.com
March 12, 2019

Zero days -- exploits that take advantage of vulnerabilities the vendor, such as
Apple, doesn’t know about -- are a hot commodity. With a zero day, a hacker,
perhaps working for a government, can have a better chance of being able to
break into a target's computer or phone. If Apple or Google aren’t even aware of
a security issue with their products, hackers don't have to worry about a
target's device being patched to defend against it.

A booming industry of contractors, boutique exploit shops, and individual
brokers are looking to buy such attacks, sometimes so they can then sell them to
government clients. We recently got a rare look at how a company tried to source
these exploits through private one-on-one deals.

I know, because the company tried to buy zero days from me.

Seemingly not understanding I was a journalist despite my online presence
showing clearly I work for a media outlet, one person linked to a company based
in Saudi Arabia reached out, and explained they were hoping to buy zero day
exploits.

"Thanks and looking to deal with you," the person, who said they worked for a
cybersecurity company called Haboob, wrote in a message from a Saudi number.

[...]

--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
https://twitter.com/infosecnews_