Private sector firms have been involved in discovering and selling exploits for many years, but there is a rise in turnkey espionage solutions.
Commercial Surveillance Vendors (CSVs) offer pay-to-play tools that bundle an exploit chain designed to get past security measures, along with the spyware and the necessary infrastructure, in order to collect the desired data from the targeted user. Four primary groups have found it profitable to work together — thereby further enabling this industry: Vulnerability researchers and exploit developers:
- While some vulnerability researchers choose to monetize their work by improving the security of products (e.g., contributing to bug bounty programs, or working as defenders), others use their knowledge to develop and sell exploits to brokers, or directly to CSVs.
Read more…
Source: Google