14 DAY TRIAL // A newly declassified FISA court document regarding the NSA’s mass surveillance practices clues in to the fact that the agency has some outside partners, namely French-based security company Vupen.
The security company is known for selling secret codes used to crack into computers. According to the newly declassified document, the NSA got a 12-month subscription to the firm’s binary analysis and exploits service last September, the document reveals.
Basically, this means the NSA has a powerful tool at its disposal in a continuous effort to get its hands on communications that could contain terrorism-related information.
The service Vupen says it provides is reserved to government entities, law enforcement agencies and computer response teams in various countries.
By offering these entities "zero-day exploits" it gives them a "cyber weapon" as some have chosen to call it. Providing its clients with these newly-discovered vulnerabilities in the security of a certain product, all individuals using that particular software could become targets of Vupen's employers, namely the NSA in this case.
Considering the fact that the company brags software creators such as Microsoft and Adobe take a long time to release a security patch, which makes them vulnerable, the size of the entire operation takes on a new scale.
Windows, created by Microsoft, is run by some 91 percent of the world's desktop PCs. This means that if, for instance, Vupen shared one of the Windows vulnerabilities with the NSA, the intelligence agency could, theoretically, gain access to any of the computers running that particular Windows version.
Vupen is also known for managing to crack the Google Chrome browser for the first time in years and refusing to share the information with Google.
The people at Vupen don’t seem too concerned with the issue, saying there is no news there since governments need to leverage the most detailed and advanced vulnerability research to protect their infrastructure.