A Russian company known as Operation Zero has recently announced that it is willing to pay a whopping $20 million for hacking tools that can be used to exploit vulnerabilities in iPhones and Android devices. The company specializes in acquiring and selling zero-day exploits, which are flaws in software that are unknown to the developer.
Russian company, Operation Zero, is offering $20 million for hacking tools that can exploit vulnerabilities in iPhones and Android devices. The company aims to attract developer teams to work with their platform by increasing payments and offering competitive plans and bonuses.
Increasing Payments and Encouraging Developers
Operation Zero made the announcement on its official social media accounts, stating that it is increasing payments for zero-days in the iOS and Android platforms from $200,000 to $20 million. In addition to the increased payment, the company also stated that it is offering competitive plans and bonuses for contract works to encourage developer teams to work with their platform.
The Non-NATO Clause
Operation Zero, which is based in Russia and exclusively serves Russian private and government organizations, stated that the end user of their hacking tools is a non-NATO country. When asked about this clause, CEO Sergey Zelenyuk declined to provide specific reasons, simply stating “no reasons other than obvious ones.”
The Temporary Nature of Bounties
Zelenyuk mentioned that the current bounties offered by Operation Zero may be temporary and depend on the availability and demand for specific zero-day exploits. According to him, full chain exploits for mobile phones are the most expensive products in the market and are primarily used by government actors. Consequently, the high prices reflect the urgency and desire of these actors to acquire the exploits before they fall into the hands of other parties.
The Gray Market of Zero-Days
Unlike traditional bug bounty platforms, Operation Zero does not alert vendors about the vulnerabilities discovered but instead sells the exploits to government customers. This creates a gray market where prices fluctuate, and the identity of customers remains largely secret. Similar companies in the market include Zerodium and Crowdfense, which also offer significant bounties for zero-day exploits.
The Unregulated Market and Political Influence
The market for zero-days is largely unregulated, and companies may need to obtain export licenses from the governments they operate from. This has resulted in a fractured market that is increasingly influenced by politics. For example, China has recently passed a law requiring security researchers to alert the Chinese government of bugs before informing software makers, effectively allowing China to control the market for zero-days for intelligence purposes.
With the increasing demand for zero-day exploits and the high prices being offered by companies like Operation Zero, the market for hacking tools is likely to continue evolving and attracting attention from various entities.