NSA's contract with VUPEN, 'Darth Vader of Cybersecurity'

As French cyber security firm expands to U.S., it had already nabbed at least one major customer

Documents requested by MuckRock user Heather Akers-Healy (@abbynormative) from the National Security Agency show it had a contract with the French security researcher VUPEN, whose founder and CEO Chaouki Bekrar puckishly touts himself as the "Darth Vader of Cybersecurity."

The contract is sparse on details: Even the unit price and total value of the contract are redacted in full. But the contract does detail that VUPEN sold the NSA, in a no-bid contract, "Binary Analysis and Exploits Service 12 months subscription."

Here it is in full:

The founder of the security firm, which recently tweeted that it was looking to open offices in Maryland, was nonchalant about the document release, going so far as to suggest other FOIA requests:

The company might need the local bodies to drum up more work: The contract sent over was signed Sept. 14, 2012 and only ran for a year. The contract did not include any indication that it was being renewed. There is a bright spot, however, in that the market for services offered by VUPEN and others is rapidly expanding, as Bekrar himself noted:

Image courtesy Jedi Temple Archives.

Want to do your own investigating, whether into the NSA or your local school system? Register for a MuckRock account today and we'll help you write, file, track and share your requests, or help you get your FOIA questions answered free. Stay in touch via our mailing list, on Twitter or on Facebook.