A common image of the zero day industry—which provides non-public vulnerabilities to government agencies—is that of a wild west, with merchants selling hacking technology to whomever is willing to buy, including authoritarian regimes and adversaries of democracies. But there is another, much harder to cover section of the industry: companies that provide high end exploits and other tools to members of the Five Eyes, including the UK, US, Canada, and Australia. These companies keep a low profile, don’t advertise at surveillance fairs, and keep any information on their public websites vague. This talk will discuss how these firms operate, the dynamic between them, Silicon Valley, and intelligence agencies, and highlight the latest developments in the zero day trade. If policy makers, academics, journalists, and technologists are going to have a fruitful and informed debate around issues such as exploit proliferation, or how this trade works, then more focus should be on these firms.
Joseph Cox is a journalist covering cyber-security, the digital underground, and the surveillance industry for Motherboard.