German BND Demands Money to Buy Zero-Day Flaws for Surveillance

Germany’s federal intelligence service, the Bundesnachrichtendienst (BND), has been requesting government funds through its Strategic Technical Initiative for bug hunting in protocols such as SSL and HTTPS, according to The Local media outlet. The bugs are to be used for surveillance.

“There is a lively grey market online among hackers and security researchers for `zero day` exploits,” the article said. “But rather than fixing the security problems, the spies want to use them for surveillance.”

The Strategic Technical Initiative (STI) asked a parliamentary oversight committee for €300 million to be spent between 2015 and 2020.

The STI has already received and spent over €6 million this year with an aim to create a cyber-attack alarm system and penetrate social networks.

The BND also seems to have collaborated with the French information security company Vupen, known for selling security flaws to government agencies, according to government spokesperson Steffen Seibert.

BND also appears interested in the Secure Sockets Layer (SSL) protocol, as €4.5 million would be spent to find security flaws.

The German-based hacker collective Chaos Computer Club (CCC) also commented on the issue, branding it as “a serious and unacceptable attack on our fundamental rights.”

The BND is well known for collaborating with the NSA and other foreign intelligence agencies, even though the intelligence service is forbidden by law to conduct operations inside Germany.

The BND was contacted by The Local, but its spokesperson declined to comment on the matter.