US Navy caught soliciting for 0-day security bugs

The US government seems to really have a thing about backdoors, which doesn’t sound good whether or not you have an overactive mind. It is almost understandable that the CIA and the NSA and the FBI would want such kind of access to software, but now even the Navy seems to be in on the scheme. Advocacy group Electronic Frontier Foundation or EFF discovered that the Navy posted, and later took down, an online solication that, in essence, was trying to buy zero or N day security bugs from widely used software.

The US government’s belief is that, with a well-placed security hole, they can quickly and quietly get in and out of computers and networks, all for the sake of national security. It believes in that idea so strongly that, at one point, the government not only did not report discovered vulnerabilities, it was also covertly trying to keep those holes open, if not creating new ones.

This latest listing from the Navy falls squarely in that philosophy. A zero day exploit, or one that is less than 60 days old, is of extreme interest to them because these are the exploits that have not yet been patched up. Meaning, they remain open to be exploited. And who better to do the exploiting than the government itself. And it’s not just any software, mind you. It wants bugs in widely used and relied on software like those form Adobe, Microsoft, and Google. While tech companies are setting up bounties and contests to discover and fix these bugs, the Navy will pay to keep those open instead. As long as it can exploit them, of course.

The problem with this line of reasoning, which has been stated to death, is that a backdoor doesn’t discriminate between the good guys and the bad guys. Anyone who knows th backdoor can get in, and in the case of hackers, knowing that a backdoor merely exists is enough to get it cracked wide open eventually.

For now, the Navy has taken down the posting, showing that it is somewhat reluctant to let that particular activity be known to the public. At the same time, however, it also proves to what extent government agencies are willing to go just to get that backdoor access.

SOURCE: EFF

VIA: Boing Boing