Documents requested by MuckRock user Heather Akers-Healy (@abbynormative) from the National Security Agency show it had a contract with the French security researcher VUPEN, whose founder and CEO Chaouki Bekrar puckishly touts himself as the “Darth Vader of Cybersecurity.”
The contract is sparse on details: Even the unit price and total value of the contract are redacted in full. But the contract does detail that VUPEN sold the NSA, in a no-bid contract, “Binary Analysis and Exploits Service 12 months subscription.”
The founder of the security firm, which recently tweeted that it was looking to open offices in Maryland, was nonchalant about the document release, going so far as to suggest other FOIA requests:
@abbynormative @MuckRockNews You would better ask NSA for contracts with biggest zero-day sellers in US: Northrop, Lockheed Martin, Raytheon— Chaouki Bekrar (@cBekrar) September 2, 2013
The company might need the local bodies to drum up more work: The contract sent over was signed Sept. 14, 2012 and only ran for a year. The contract did not include any indication that it was being renewed. There is a bright spot, however, in that the market for services offered by VUPEN and others is rapidly expanding, as Bekrar himself noted:
"NSA devoted $25 million this year to additional covert purchases of software vulns from private vendors" http://t.co/jZtcyJ34LI #offensive— Chaouki Bekrar (@cBekrar) August 31, 2013
Read the full contract embedded below, or on the request page.
Image via Flickr