A Freedom of Information Act request reveals that the DEA spent $575,000 buying access to weaponized zero-day exploits sold by Hacking Team, the hacked and disgraced Italian cyber-arms dealer who outfitted despots, dictators, the FBI, and America's local police departments.
Hacking Team's depravity can't be overstated.
We already knew that Hacking Team had done business with the DEA, but the new release reveals that the DEA was complicit in hoarding exploits that left Americans vulnerable to criminals, sitting on them rather than warning us about them.
Judging by the DEA invoice, these exploits included zero-days present in common file formats. A 2011 Hacking Team document describing the company's portal points to formats such as Adobe PDFs, and Microsoft Powerpoint and Word documents. The portal allegedly always contains at least three zero-day exploits, the document adds.
Here's a DEA Invoice for Zero-Day Exploits
[Joseph Cox/Motherboard]