> I'm surprised by how cheap the vulnerabilities market is
I think this has a lot to do with government agencies buying any exploit they can get their hands and there is basically no market besides that. I don't know if that is illegal in the US, but it seems that government is the only buyer.
I'm wondering if hedge funds would buy something that would allow access to private data. I heard insider trading is not an unusual thing, so a polished series of exploites wrapped up as a tool with clear interface might be taken seriously.
> if hedge funds would buy something that would allow access to private data
Extremely unlikely. The risk/reward if found out is too lopsided. Conviction for insider trading has you pay a penalty and transform your fund into a family office -- Raj Rajaratnam going to prison for a decade is a unique exception not the rule.
Conviction for insider trading in combination with wire fraud, espionage, and all the other exploit-related charges will send everyone involved to prison for 10-20 years, pretty much guaranteed. What use is a bigger hedge fund if you have that sword of Damocles hanging over you?
Well, for what it’s worth, if you purchase an exploit and use it to hack phones and then trade on the info you steal, I don’t think there would be any insider trading charges involved.
Lots and lots of other charges but if no insider is giving you info then it wouldn’t be insider trading.
What would be 100% legal would be if you bought an exploit and then traded on the release of that exploit. Depending on the severity of the exploit it could move the stock price a bit. And, even though people wouldn’t like it, that’s kind of the point of the market. You get rewarded for helping with information and price discovery.
I think this has a lot to do with government agencies buying any exploit they can get their hands and there is basically no market besides that. I don't know if that is illegal in the US, but it seems that government is the only buyer.