14 DAY TRIAL // A freedom of information request made by public information service at MuckRock.com shows that the US National Security Agency (NSA) has purchased a 12-month subscription for a service called “Binary Analysis and Exploits Service” from VUPEN Security.
VUPEN Security has confirmed for Softpedia that the document handed over by the NSA to MuckRock.com is legitimate.
“The document is legit as it was published by the agency itself to comply with the FOIA (Freedom of Information Act),” Chaouki Bekrar, VUPEN CEO and head of research, said in a statement.
“As stated on our website, VUPEN works mostly with western countries to help them protect their systems against sophisticated attacks and/or assure the security of their nations.”
The service was purchased by the NSA on September 14, 2012. VUPEN would not say whether the spy agency had renewed the subscription.
“We cannot discuss any ongoing agreements or customer subscriptions,” Bekrar said.
The price of the service has been redacted in the FOI documents.
According to VUPEN’s website, the Binary Analysis and Exploits service is available only for trusted organizations, such as governments and law enforcement agencies in countries members or partners of NATO, ANZUS or ASEAN.
The service includes in-depth binary analysis of vulnerabilities, exploits and proof-of-concept codes, packet captures and technical support.
The exploits and proof-of-concept codes allow government organizations to identify exploitable vulnerabilities within their networks, evaluate the effectiveness of existing security policies, and improve the security of national infrastructures and vital systems.
“Binary Analysis and Exploits service allows gov organizations to quickly and easily evaluate risks related the most recent vulnerabilities, and protect national infrastructures against critical vulnerabilities before they are exploited in the wild,” reads the service’s description on VUPEN’s website.
In August, documents leaked by Edward Snowden to the media have revealed that US intelligence agencies spent almost $652 million (€493 million) on a program named GENIE.
As part of this program, the US has implanted sophisticated pieces of malware into tens of thousands of machines each year, and the number is expected to grow considerably over the upcoming period.