4 comments

[ 2.1 ms ] story [ 23.4 ms ] thread
What stops the NSA from buying the tools?
These tools are years old. They can just report these vulnerabilities to the vendors and use their new exploits.
Nothing?

We don't know that they didn't buy (some of) these particular exploits (in the recent "dump") and, in fact, it's very likely that they do buy exploits. I imagine that CNE of high-value targets is an area where they could "never have enough".

From the linked "FOXACID SOP for Operational Management of FOXACID Infrastructure" document:

> What can cause [FOXACID] exploitation failure?

> JavaScript turned off

> ...

> Browser has extensions loaded. This causes certain exploits to fail.