A cleverly-named security company has a clever idea. Zerodium will pay you $1 million if you find a zero-day exploit in iOS 9. Then, if history is any indicator, it will turn around and sell that intelligence to a despotic regime like the NSA.
Chaouki Bekrar, the founder of Zerodium, is infamous for founding the French hacking firm Vupen–which specializes in buying up zero-day exploits and selling them to governments. Wired’s Andy Greenberg reports:
Bekrar’s past customers for such undisclosed hacking techniques have included the NSA as well as other NATO countries and “NATO partners” that Bekrar declines to name. Bekrar declined to identify any of Zerodium’s potential customers, but he has previously revealed that they’re limited to certain government agencies.
It gets worse:
ACLU lead technologist Chris Soghoian has called Bekrar a “modern-day merchant of death,” selling “the bullets for cyberwar.” After a sale, Soghoian argues, Vupen turns a blind eye to where its exploits end up and whether repressive regimes might be using them to spy on citizens.
And that sucks. However, it sounds rather profitable, and $1 million for a zero-day vulnerability is a record high price that many hackers will surely chase. Who knows who will ultimately exploit it–but when they do, at least a couple people will get rich.