# Confirmed Historical Prices of Offensive Vulnerabilities and Exploits
### A research compilation, 2007–2026

**Scope.** Confirmed and documented prices paid for vulnerabilities, exploits, and exploit-enabled surveillance products sold for **offensive purposes** — to governments, intelligence agencies, law enforcement, brokers serving them, and surveillance vendors. **Defensive bug bounty programs (HackerOne, Bugcrowd, Apple Security Bounty, Microsoft Bounty, Google VRP, vendor programs paying for fixes) are explicitly out of scope.**

**Methodology.** Five parallel research tracks were run against journalism (Forbes/Reuters/WaPo/NYT/Vice/Intercept/MIT-TR/ICIJ class outlets), academic literature (Miller 2007, RAND 2017, Tsyrklevich 2015, Dellago et al. 2022), broker public price lists (Zerodium/Crowdfense/Operation Zero/Vupen, including Wayback snapshots), court records (WhatsApp v. NSO 4:19-cv-07123, Apple v. NSO 3:21-cv-09078, US v. Williams), leaks (HackingTeam 2015 WikiLeaks, FinFisher 2014 PhineasFisher, i-Soon 2024, Predator Files 2023, Snowden 2013 Black Budget), and government contracting (SAM.gov, FedBizOpps). Every row carries a source URL. Where original currency was non-USD, both the original and a contemporaneous USD conversion are recorded.

**Output.** ~150 distinct priced data points, grouped by evidentiary tier, plus debunks and trend analysis.

> **Addendum — 2026-06-21 (first-hand expansion).** The machine-readable corpus grew 38 → 44 rows with additional primary sources verified at source: the **Cellebrite→ICE annual procurement series** (USAspending.gov API — exact-dollar awards $4.95M 2021 → $11.11M 2025, exposing the prior "ICE $35M" figure as a multi-year aggregate) and **Intellexa Predator per-unit pricing** (Amnesty Security Lab's Predator Files: ≈ €9K per successful infection, a €3M persistency add-on, a €1.2M "Nova" 5-country add-on). The **source spine broadened beyond Mark Dowd** to five first-hand broker/seller voices — Maor Shwartz (Black Hat 2019; broker commission 17% from companies / 15% from governments), Alfonso De Gregorio (HITBGSEC 2015), Chaouki Bekrar (2013), Sergey Zelenyuk / Operation Zero (2023), and the grugq (~15% commission) — each documented in `sources/`. These pin the **broker-margin wedge** (~15–17%) that separates the advertised broker offers in the Confidence Hierarchy below from realized clearing prices. The model's last open gap — **G4 (time baseline) — is now built** (see `VALIDITY-STRESS-TEST.md`).

---

## Confidence Hierarchy (read this first)

The most important meta-finding from this research: **the public exploit market routinely conflates four distinct types of prices.** Treating them as equivalent is the single most common analytical error in this space.

| Tier | Type | Example | Reliability |
|------|------|---------|-------------|
| 1 | **Court-confirmed sale** — adjudicated, in a docket | Williams → Operation Zero $1.3M for 8 exploits | HIGH |
| 2 | **Leaked invoice / contract** — primary document obtained via breach or whistleblower | HackingTeam Sudan €960K invoice | HIGH |
| 3 | **Government disclosure** — buyer or seller publicly states amount | Mexico AG: $61M aggregate to NSO | HIGH |
| 4 | **Reputable journalism with named sources** — multi-outlet, source-anchored | Azimuth $900K San Bernardino (WaPo 2021) | HIGH–MEDIUM |
| 5 | **Single-outlet journalism with anonymous sources** | Saudi Arabia $55M to NSO (Haaretz/Times of Israel) | MEDIUM |
| 6 | **Broker public price list / offer** — what someone publicly states they will pay | Zerodium $2.5M Android, Operation Zero $20M | OFFER ONLY |
| 7 | **Forum listing** — asking price on XSS.is, Exploit.in, TheRealDeal | $30K FortiOS exploit listing | LISTING ONLY |
| 8 | **Industry estimate / range** — secondary survey | Forbes 2012 chart "Windows $60K–$120K" | RANGE |

**Rule of thumb:** If the source isn't in tiers 1–4, the number is not a confirmed transaction. Many "famous" exploit prices ($20M Operation Zero, $2.5M Zerodium Android) belong in tier 6, not tier 1. Brokers historically pay 30–70% of advertised ceilings.

---

## A. Court-Confirmed and Government-Disclosed Sales

The cleanest evidentiary tier. Every row here is a real transaction with a buyer, seller, dollar amount, and either a court docket or an official government statement.

| # | Year | Target / Product | Buyer | Seller | Price USD | Source |
|---|------|------------------|-------|--------|-----------|--------|
| A1 | 2007 (sold) | Linux kernel zero-day (renegotiated, no flavor restriction) | Unnamed US government agency | Charlie Miller | $50,000 | [Miller WEIS 2007](https://www.ise.io/wp-content/uploads/2019/11/cmiller_weis2007.pdf) |
| A2 | 2007 (offered) | Same Linux kernel zero-day, contingent on specific Linux flavor | Unnamed US government agency | Charlie Miller | $80,000 | [Miller WEIS 2007](https://www.ise.io/wp-content/uploads/2019/11/cmiller_weis2007.pdf) |
| A3 | 2007 (offered) | Same Linux kernel zero-day, alternative buyer | Different unnamed agency | Charlie Miller | $10,000 (declined) | [Miller WEIS 2007](https://www.ise.io/wp-content/uploads/2019/11/cmiller_weis2007.pdf) |
| A4 | 2012 | Vupen 12-month "binary analysis and exploits service" subscription | NSA | Vupen Security (FR) | Price redacted in FOIA-released contract | [The Black Vault FOIA](https://www.theblackvault.com/documentarchive/vupen-nsa-contracts/) |
| A5 | 2012 | iOS exploit (specific named completed sale brokered by the Grugq) | US government contractor | Anonymous developer via the Grugq | $250,000 (less Grugq 15% commission) | [Greenberg Forbes 2012, mirrored at seclists](https://seclists.org/fulldisclosure/2012/Mar/284) |
| A6 | 2013 | NSA TAO "Cryptanalysis & Exploitation Services" — covert vuln purchase line item | NSA | Multiple unnamed private vendors | **$25,100,000 annual budget** | [WaPo Black Budget, Gellman/Miller, 2013-08-29](https://www.washingtonpost.com/world/national-security/black-budget-summary-details-us-spy-networks-successes-failures-and-objectives/2013/08/29/7e57bb78-10ab-11e3-8cdd-bcdc09410972_story.html) |
| A7 | 2013 | Adobe Flash exploit "FP1" non-exclusive (50/25/25 monthly payment) | Hacking Team | Vitaliy Toropov (RU) | $45,000 | [Tsyrklevich 2015](https://tsyrklevich.net/2015/07/22/hacking-team-0day-market/) |
| A8 | 2014 | Adobe Flash UAF "FP2" non-exclusive | Hacking Team | Vitaliy Toropov | $40,000 | [Tsyrklevich 2015](https://tsyrklevich.net/2015/07/22/hacking-team-0day-market/) |
| A9 | 2015 | Adobe Flash "FP3" non-exclusive (60/20/20 monthly) | Hacking Team | Vitaliy Toropov | $39,000 | [Tsyrklevich 2015](https://tsyrklevich.net/2015/07/22/hacking-team-0day-market/) |
| A10 | 2014–15 | Netragard "STARLIGHT-MULHERN" Adobe Reader XI exclusive | Hacking Team | Netragard | $80,500 (negotiated from $100K listed) | [Tsyrklevich 2015](https://tsyrklevich.net/2015/07/22/hacking-team-0day-market/) |
| A11 | 2014 | Eugene Ching / Qavar — annual consulting agreement | Hacking Team | Qavar Security (SG) | ~$60,000 (S$80K) annually | [Tsyrklevich 2015](https://tsyrklevich.net/2015/07/22/hacking-team-0day-market/) |
| A12 | 2014 | VBI-13-013 Windows LPE exclusive (negotiated from $150K) | Hacking Team | Vulnerabilities Brokerage Intl. (Dustin Trammell) | $95,000 | [Tsyrklevich 2015](https://tsyrklevich.net/2015/07/22/hacking-team-0day-market/) |
| A13 | 2014 | VBI-14-004 + VBI-14-005 — Adobe Reader + kernel chain | Hacking Team | VBI | ~$200,000 combined | [Tsyrklevich 2015](https://tsyrklevich.net/2015/07/22/hacking-team-0day-market/) |
| A14 | 2016 (paid March), revealed 2021 | iPhone 5C passcode-bypass exploit chain ("Condor"), iOS 9 / Mozilla Lightning chain | FBI | Azimuth Security (Mark Dowd / David Wang / "Cy") | **$900,000** | [WaPo 2021-04-14 (Nakashima/Albergotti)](https://www.washingtonpost.com/technology/2021/04/14/azimuth-san-bernardino-apple-iphone-fbi/) · [Vice/Motherboard](https://www.vice.com/en/article/azimuth-security-san-bernardino-iphone/) |
| A15 | 2014 | Mexico PGR (Attorney General's Office) initial NSO Pegasus contract | Mexico PGR | NSO Group | **$32,000,000** | [PBS NewsHour / AP](https://www.pbs.org/newshour/world/mexico-says-officials-spent-61-million-on-pegasus-spyware) |
| A16 | 2011–2018 | Mexico aggregate Pegasus spend, 31 contracts disclosed by Mexican government 2022 | Mexican federal agencies | NSO Group | **$61,000,000** (Mexican government's own statement) | [PBS NewsHour / AP](https://www.pbs.org/newshour/world/mexico-says-officials-spent-61-million-on-pegasus-spyware) |
| A17 | 2015 | NSO Pegasus — Ghana NCA contract via IDL reseller | Ghana National Communications Authority | NSO Group → IDL → NCA | $5.5M (NSO→IDL); **$8M (IDL→NCA, end-user)** | [Times of Israel](https://www.timesofisrael.com/ghana-jails-3-ex-government-officials-for-spyware-deal-with-israels-nso-group/) |
| A18 | 2017 | NSO Pegasus 3 — Saudi Arabia initial install fee | Saudi Arabia (royal court / GIP) | NSO Group | **$55,000,000** | [Times of Israel (citing Haaretz)](https://www.timesofisrael.com/israeli-hacking-firm-nso-group-offered-saudis-cellphone-spy-tools-report/) |
| A19 | 2017 | India–Israel classified weapons + intelligence package, Pegasus included | Government of India | Government of Israel (NSO via channel) | **~$2,000,000,000** total package (Pegasus is one component) | [NYT Magazine, Bergman/Mazzetti, Jan 28 2022](https://www.nytimes.com/2022/01/28/magazine/nso-group-israel-spyware.html) |
| A20 | 2025 | WhatsApp v. NSO — jury verdict, punitive damages | WhatsApp/Meta | NSO Group | $167,254,000 (later reduced by Judge Hamilton remittitur Oct 17 2025 to **$4,000,000** or new trial) | [4:19-cv-07123, CourtListener](https://www.courtlistener.com/docket/16395340/whatsapp-inc-v-nso-group-technologies-limited/) |
| A21 | 2025 | WhatsApp v. NSO — compensatory damages | WhatsApp/Meta | NSO Group | $444,719 | [4:19-cv-07123 jury verdict](https://www.courtlistener.com/docket/16395340/whatsapp-inc-v-nso-group-technologies-limited/) |
| A22 | 2020–2025 | 8 zero-day exploits stolen from L3Harris/Trenchant, sold to Operation Zero | Operation Zero (RU; Russian state buyers) | Peter Williams (insider exfiltration; ex-Trenchant general manager) | **$1,300,000 cumulative** ($2M signed contract Dec 4 2023; sentenced 87 months Oct 2025) | [DOJ press release](https://www.justice.gov/opa/pr/former-general-manager-us-defense-contractor-sentenced-87-months-selling-stolen-trade) · [TechCrunch 2026-02-24](https://techcrunch.com/2026/02/24/treasury-sanctions-russian-zero-day-broker-accused-of-buying-exploits-stolen-from-u-s-defense-contractor/) |
| A23 | 2024 | Email-inbox compromise (commodity hacking) — i-Soon contract | China MSS / MPS | i-Soon | $10,000–$75,000 per inbox | [SentinelOne i-Soon analysis](https://www.sentinelone.com/labs/unmasking-i-soon-the-leak-that-revealed-chinas-cyber-operations/) · [Krebs](https://krebsonsecurity.com/2024/02/new-leak-shows-business-side-of-chinas-apt-menace/) |
| A24 | 2024 | Vietnam Ministry of Economy compromise — single i-Soon contract | China MSS | i-Soon | $55,000 | [SentinelOne](https://www.sentinelone.com/labs/unmasking-i-soon-the-leak-that-revealed-chinas-cyber-operations/) |
| A25 | 2014–2017 | iOS zero-click iMessage chain "Karma" / "Karma 2" sold for UAE Project Raven | UAE NESA via DarkMatter | "Connection Software" / unnamed US contractor (later identified via Marc Baier / Ryan Adams / Daniel Gericke 2021 DOJ DPAs) | Per-deal not disclosed; multi-million-dollar annual contracts to DarkMatter | [Reuters Project Raven series 2019](https://www.reuters.com/investigates/special-report/usa-spying-raven/) · [Vice/Motherboard](https://www.vice.com/en/article/us-company-sold-zero-click-exploit-project-raven-uae/) |
| A26 | 2007 (Netragard EAP era) | Netragard Exploit Acquisition Program — average sales | US government buyers | Netragard (Adriel Desautels) | $17,000–$18,000 average; one peak sale at $200,000 | Vijayan Computerworld 2008 (per Miller/RAND citations) |

---

## B. Leaked Invoices and Contracts

Pricing from primary documents obtained via leaks: HackingTeam 2015 (WikiLeaks), FinFisher/Gamma 2014 (PhineasFisher), Predator Files 2023, NSO leaked 2016 price list (NYT/Forbidden Stories), Snowden 2013 Black Budget. Most evidentiarily strong tier after court records.

### B.1 HackingTeam (2015 WikiLeaks dump — 400GB)

Total HackingTeam client revenues per leaked spreadsheet: **€40,059,308 (~$44.4M)** across 70 government clients 2003–2015.

Source URL: [WikiLeaks Hacking Team archive](https://wikileaks.org/hackingteam/emails/) · Reporting by [Vice/Motherboard](https://www.vice.com/en/article/hacking-teams-customers/), [The Intercept](https://theintercept.com/2015/07/07/leaked-documents-confirm-hacking-team-sells-spyware-repressive-countries/), [Privacy International](https://privacyinternational.org/blog/1394/facing-truth-hacking-team-leak-confirms-moroccan-government-use-spyware), [Defense One](https://www.defenseone.com/technology/2015/07/someone-just-leaked-price-list-cyberwar/117043/).

| # | Customer | Years | Product | Amount (orig.) | USD equiv | Confidence |
|---|----------|-------|---------|----------------|-----------|------------|
| B1 | Sudan NISS | 2012 | RCS full | €960,000 | ~$1,250,000 | HIGH (UN-corroborated) |
| B2 | Sudan NISS | 2012 | RCS — 50% installment invoice | €480,000 | ~$625,000 | HIGH |
| B3 | Ethiopia INSA | 2011–2014 | RCS multi-year | $1,000,000 | $1,000,000 | HIGH |
| B4 | Egypt MoD | leak-disclosed | RCS | €598,000 | ~$770,000 | HIGH |
| B5 | Egypt via GNSE | early 2012 | RCS Exploit Portal | €58,000 | ~$73,000 | HIGH |
| B6 | Egypt aggregate to date | through 2015 | all purchases | €737,500 | ~$950,000 | HIGH |
| B7 | Bahrain | leak-disclosed | RCS | >€200,000 | >$240,000 | HIGH |
| B8 | Morocco DST | 2009–2015 | RCS aggregate | €3,173,550 | ~$3,800,000 | HIGH |
| B9 | Russia (Kvant — FSB-affiliated) | 2011 onward | RCS (officially "not supported") | $451,017 | $451,017 | HIGH |
| B10 | Mexico (11 federal/state agencies) | 2010–2015 | RCS aggregate | €5,800,000 (€319K–€925K per contract) | ~$6,300,000 | HIGH (largest single-country customer) |
| B11 | Chile (single largest contract on record) | ~2014 | RCS | $2,850,000 | $2,850,000 | HIGH |
| B12 | Brazil Federal Police | 2015 forecast | RCS | €1,700,000 | ~$2,000,000 | HIGH |
| B13 | Kazakhstan | 2015 forecast | RCS | €1,500,000 | ~$1,800,000 | HIGH |
| B14 | US DEA ("Katie") | 2012+ | RCS for Colombia ops | "hundreds of thousands" + $2.4M contract ceiling; **$575,000 invoice including "Exploit Portal Full Access (Zero-Day level)"** | mixed | HIGH ([Vice DEA invoice](https://www.vice.com/en/article/heres-a-dea-invoice-for-zero-day-exploits/)) |
| B15 | US FBI ("Phoebe") via Cicom USA reseller | 2011–2015 | RCS cumulative | $775,000 | $775,000 | HIGH ([The Intercept](https://theintercept.com/2015/07/06/hacking-team-spyware-fbi/)) |
| B16 | US Army | leak-disclosed | RCS | line items in DoJ-purchase spreadsheet | undisclosed | HIGH |
| B17 | HackingTeam ALL CLIENTS (cumulative 2003–2015) | total | RCS aggregate revenues | €40,059,308 | $44,358,072 | HIGH |

**Top customers in revenue order** (per leaked spreadsheet): Mexico, Italy, Morocco, Saudi Arabia, Chile, Hungary, Malaysia, UAE, United States, Singapore, Kazakhstan, Sudan, Uzbekistan, Panama, Ethiopia, Egypt, Luxembourg, Czech Republic, South Korea, Mongolia, Vietnam, Spain, Ecuador, Oman, Switzerland, Thailand, Russia, Nigeria, Turkey, Cyprus, Honduras, Azerbaijan, Colombia, Poland, Bahrain. Per-customer dollar figures for several of these (Italy, Hungary, Malaysia, UAE, Saudi Arabia, etc.) are present in the leak but not extracted in this corpus — flagged as recoverable via direct search of the WikiLeaks email archive.

### B.2 FinFisher / Gamma (2014 PhineasFisher dump — 40GB)

| # | Item | Year | Amount (orig.) | USD equiv |
|---|------|------|----------------|-----------|
| B18 | FinSpy full toolset (price list) | 2014 leak | €1,400,000 | ~$1,800,000 |
| B19 | FinSpy Relay+Master+Generation, 1–10 targets | 2011 | €100,000 | ~$130,000 |
| B20 | FinSpy Relay+Master+Generation, 1–10 targets | end-2013 | €120,000 | ~$155,000 |
| B21 | FinSpy PC Activation (Win+macOS) | 2011 | €1,950 per activation | ~$2,500 |
| B22 | FinSpy PC Activation (Win+macOS+Linux) | 2013 | €2,340 per activation | ~$3,000 |

Confirmed customers (without per-row dollar amount in this output): Bahrain, Ethiopia (used in *Kidane v. Ethiopia* US court case), Pakistan, Egypt, Nigeria, Bangladesh, others per Citizen Lab "You Only Click Twice."

### B.3 NSO Pegasus 2016 leaked price list (NYT / Forbidden Stories)

| # | Tier | Price USD |
|---|------|-----------|
| B23 | Install fee | $500,000 |
| B24 | 10 iOS or Android targets | $650,000 |
| B25 | 10 BlackBerry targets | $500,000 |
| B26 | 10 Symbian targets | $300,000 |
| B27 | +10 additional targets | +$150,000 |
| B28 | +20 additional targets | +$250,000 |
| B29 | +50 additional targets | +$500,000 |
| B30 | +100 additional targets | +$800,000 |

Source: [Engadget (citing NYT Perlroth/Mazzetti Sept 2016)](https://www.engadget.com/2016-09-02-nso-group-encryption-price.html). The 2016 base is foundational for almost every subsequent Pegasus pricing estimate; Saudi 2017 ($55M) and Mexico aggregate ($61M) both build on this rate card with per-customer multipliers.

### B.4 Cytrox / Intellexa Predator (2023 Predator Files leak)

| # | Item | Year | Amount (orig.) | USD equiv |
|---|------|------|----------------|-----------|
| B31 | Spain tender — Predator iOS RCE 0day capability | ~2021–22 | €8,000,000 | ~$8,800,000 |
| B32 | Generic offer — unlimited infections, 10 simultaneous monitored devices | leaked | €16,000,000 | ~$17,500,000 |
| B33 | Intellexa commercial proposal (alternate tier) | 2022 | €13,600,000 | ~$14,500,000 |

Source: [ICIJ Cyprus Confidential](https://www.icij.org/investigations/cyprus-confidential/greek-court-convicts-intellexa-founder-tal-dilian-three-others-in-wiretapping-scandal/) · Predator Files consortium (Amnesty Security Lab + EIC + Mediapart + Der Spiegel + Inside Story).

Greek "Predatorgate" prosecution: Tal Dilian, Sara Hamou, Felix Bitzios, Yiannis Lavranos convicted; 8-year suspended sentences; 87 named victims. Active or pitched customers per Predator Files include: Greece (EYP), Egypt, Madagascar, Indonesia, Vietnam, Angola, Sudan, Mongolia, Kazakhstan, Saudi Arabia (pitched), Qatar (pitched), Oman, Philippines, Botswana, Armenia, others.

### B.5 Candiru / Saito Tech (2021 Citizen Lab + Microsoft TAG joint disclosure)

| # | Item | Year | Amount (orig.) | USD equiv |
|---|------|------|----------------|-----------|
| B34 | Candiru / DevilsTongue project proposal | leaked 2021 | €16,000,000 | ~$17,500,000 |

Same approximate scale and structure as the Predator generic offer (B32). Source: [Citizen Lab "Hooking Candiru" 2021](https://citizenlab.ca/2021/07/hooking-candiru-another-mercenary-spyware-vendor-comes-into-focus/) + [Microsoft TAG/MSTIC](https://www.microsoft.com/en-us/security/blog/2021/07/15/protecting-customers-from-a-private-sector-offensive-actor-using-0-day-exploits-and-devilstongue-malware/).

### B.6 Snowden Black Budget (2013, FY2013)

| # | Item | Amount USD |
|---|------|-----------|
| B35 | NSA TAO "covert purchases of software vulnerabilities" annual line item | **$25,100,000** |

Source: [Washington Post Black Budget, Gellman/Miller, 2013-08-29](https://www.washingtonpost.com/world/national-security/black-budget-summary-details-us-spy-networks-successes-failures-and-objectives/2013/08/29/7e57bb78-10ab-11e3-8cdd-bcdc09410972_story.html). At then-prevailing $40K–$250K market rate, this funded an estimated 100–600 exploit acquisitions per year.

---

## C. Government Contracting / SAM.gov / FedBizOpps

| # | Agency | Year | Vendor | Item | Price USD |
|---|--------|------|--------|------|-----------|
| C1 | FBI | active | Cellebrite | UFED 4PC Ultimate Subscription | $2,992,531 |
| C2 | ICE | 2019 (signed Jun 24) | Cellebrite | UFED + accessories + training, multi-year with options | $30,000,000–$35,000,000 |
| C3 | DOJ (multiple components) | through Aug 2024 | Cellebrite | total contracts (839+) | $15,400,000+ |
| C4 | US federal | 2025 | Cellebrite | new contract | $11,000,000 |
| C5 | State/federal LE | 2018 | Grayshift GrayKey | per-box, 300-unlock geofenced | $15,000 |
| C6 | State/federal LE | 2018 | Grayshift GrayKey | per-box, unlimited unlocks | $30,000 |
| C7 | State/federal LE | 2018 | Cellebrite Advanced Unlocking and Extraction Services | per-unlock send-in tier | $1,500 |

Sources: [Daily Beast 2019](https://www.thedailybeast.com/ice-just-spent-3035-million-on-cellebrite-the-iphone-cracking-firm-thats-locked-in-an-ip-spat-with-apple/) · [SAM.gov](https://sam.gov) · [Vice/Motherboard GrayKey](https://www.vice.com/en/article/iphone-unlocking-graykey-price-went-up/) · [Forbes via BGR Cellebrite per-unlock](https://www.bgr.com/tech/fbi-secret-iphone-hack-15000/).

---

## D. Broker Public Price Lists (Offer-Side, NOT confirmed sales)

⚠️ **Critical framing repeated:** Every entry in this section is what brokers publicly offer to pay. Brokers historically pay 30–70% of advertised ceilings. The Williams/Operation Zero case demonstrates this: $20M public offer → $1.3M / 8 exploits actual paid average (~$162K/exploit).

### D.1 Vupen (2008–2015, pre-Zerodium)

Did not publish prices publicly; subscription model.

| # | Item | Year | Price USD |
|---|------|------|-----------|
| D1 | Boutique zero-day subscription class (Vupen, ReVuln, Endgame, NetraGard, Exodus) | 2011–13 | **$2,500,000/year for ~25 zero-days** (= ~$100K/exploit equiv) |
| D2 | Endgame "Maui" — package of 25 zero-days/yr | 2011 | $2,500,000/yr |
| D3 | Endgame "Cayman" — botnet-analytics package | 2011 | $1,500,000/yr |

Sources: [Greenberg Forbes 2012](https://seclists.org/fulldisclosure/2012/Mar/284) · [Frei NSS Labs 2013 "The Known Unknowns"](https://www.nsslabs.com/) · [Hacker News Vupen](https://thehackernews.com/2013/09/nsa-bought-hacking-tools-from-vupen.html) · [Dark Reading](https://www.darkreading.com/cyber-risk/nsa-contracted-with-zero-day-vendor-vupen).

### D.2 Forbes 2012 Market-Rate Chart (Greenberg)

The first published price list in mainstream press. Each price assumes (a) exclusive sale, (b) most modern target version, (c) no vendor notification.

| # | Target | Low | High |
|---|--------|-----|------|
| D4 | Adobe Reader | $5,000 | $30,000 |
| D5 | Mac OS X | $20,000 | $50,000 |
| D6 | Android | $30,000 | $60,000 |
| D7 | Flash / Java browser plugins | $40,000 | $100,000 |
| D8 | Microsoft Word | $50,000 | $100,000 |
| D9 | Windows | $60,000 | $120,000 |
| D10 | Firefox / Safari | $60,000 | $150,000 |
| D11 | Chrome / Internet Explorer | $80,000 | $200,000 |
| D12 | iOS | $100,000 | $250,000 |

Source: [Forbes 2012 chart asset (Greenberg)](https://blogs-images.forbes.com/andygreenberg/files/2012/03/exploitpricechart.jpg) · [seclists mirror of full text](https://seclists.org/fulldisclosure/2012/Mar/284).

### D.3 Zerodium Public Price Evolution 2015–2025

First broker to publish a transparent price chart (Nov 2015). Founded by ex-Vupen leadership.

**Nov 2015 launch:**

| # | Target | Price USD |
|---|--------|-----------|
| D13 | iOS full-chain remote jailbreak | $500,000 (temp $1M promo) |
| D14 | Android full-chain | $100,000 |
| D15 | Windows Phone full-chain | $100,000 |
| D16 | Microsoft Word/Excel RCE | $100,000 |
| D17 | Adobe Reader RCE | $80,000 |
| D18 | Browser RCE+SBX (Chrome/FF/Safari/IE) | $80,000 |
| D19 | Flash RCE+SBX | $80,000 |
| D20 | OS LPE | $50,000 |

**Sep 2016:** iOS permanent bounty raised to **$1,500,000**.
**Aug 2017:** Messenger app tier (WhatsApp/Signal/iMessage/Telegram/WeChat/Viber/FB Messenger): **$500,000**.
**Sep 2017:** iOS RCE raised to **$1,500,000**.

**Jan 2019 refresh:**

| # | Target | Price USD |
|---|--------|-----------|
| D21 | iOS remote jailbreak (zero-click) | $2,000,000 |
| D22 | Android remote jailbreak (zero-click) | $2,000,000 |
| D23 | WhatsApp / iMessage / SMS / MMS RCE | $1,000,000 |
| D24 | Chrome RCE | $500,000 |
| D25 | Microsoft Outlook RCE | $400,000 |
| D26 | Microsoft Word/Excel RCE | $300,000 |
| D27 | Apache / IIS RCE | $250,000 |
| D28 | OpenSSH RCE | $250,000 |
| D29 | WordPress / Joomla / Drupal RCE | $100,000 |

**Sep 2019 — Android surpasses iOS for first time in industry history:**

| # | Target | Price USD |
|---|--------|-----------|
| D30 | Android FCP (Full Chain with Persistence) zero-click | $2,500,000 |
| D31 | iOS remote jailbreak | $2,000,000 |
| D32 | WhatsApp zero-click RCE+LPE | $1,500,000 |
| D33 | iMessage zero-click RCE+LPE | $1,500,000 |

Reported operational spend: $400K–$600K/month in 2015 era; $1M–$3M/month in 2019 era.

Sources: [Zerodium - Wikipedia](https://en.wikipedia.org/wiki/Zerodium) · [Threatpost iOS $2M Jan 2019](https://threatpost.com/zerodium-raises-zero-day-payout-ceiling-to-2m/140624/) · [CyberScoop Android $2.5M Sep 2019](https://cyberscoop.com/zerodium-android-zero-days-bounty/) · [SecurityWeek iOS $1.5M Sep 2017](https://www.securityweek.com/zerodium-boosts-bounty-ios-exploit-15-million/) · [Help Net Security Jan 2019](https://www.helpnetsecurity.com/2019/01/08/zero-day-exploits-prices/).

### D.4 Crowdfense

Dubai-based, founded 2018. Sells to "selected institutional customers" (LE / intelligence).

| # | Year | Program | Tier | Price USD |
|---|------|---------|------|-----------|
| D34 | 2018 | First $10M VRP | Total program ceiling | $10,000,000 |
| D35 | 2019 | $15M Extended Program | iOS / Android full chain (zero-click, persistence) | up to $3,000,000 |
| D36 | 2019 | $15M | Chrome (Windows) RCE | up to $1,500,000 |
| D37 | 2019 | $15M | Zero-interaction RCE in IM/SMS | up to $1,500,000 |
| D38 | 2019 | $15M | Safari (macOS) RCE | up to $500,000 |
| D39 | 2024 | $30M+ | Total program ceiling | **$30,000,000+** |
| D40 | 2024 | $30M+ | SMS/MMS zero-click full chain | up to **$9,000,000** |
| D41 | 2024 | $30M+ | iOS zero-day | $5,000,000–$7,000,000 |
| D42 | 2024 | $30M+ | Android zero-day | up to $5,000,000 |
| D43 | 2024 | $30M+ | iMessage zero-click | $3,000,000–$5,000,000 |
| D44 | 2024 | $30M+ | WhatsApp zero-click | $3,000,000–$5,000,000 |
| D45 | 2024 | $30M+ | Safari zero-day | up to $3,500,000 |
| D46 | 2024 | $30M+ | Chrome zero-day | up to $3,000,000 |

Sources: [Crowdfense Exploit Acquisition Program](https://www.crowdfense.com/exploit-acquisition-program/) · [SecurityWeek Crowdfense $30M](https://www.securityweek.com/company-offering-30-million-for-android-ios-browser-zero-day-exploits/) · [PRNewswire 2018 launch](https://www.prnewswire.com/news-releases/crowdfense-launches-10-million-bug-bounty-program-300635496.html) · [PRNewswire 2019 $15M](https://www.prnewswire.com/news-releases/crowdfense-launches-15m-0day-2019-global-acquisition-program-300808587.html).

### D.5 Operation Zero (Russia)

Founded 2021 by Sergey Zelenyuk; legal entity Matrix LLC (St. Petersburg). Russian state and Russian-private buyers only. **Sanctioned by US Treasury OFAC Feb 26 2026.**

| # | Year | Target | Public Offer USD |
|---|------|--------|-------------------|
| D47 | 2021–early 2023 | Various initial range | up to $200,000 |
| D48 | Sep 2023 | iOS RCE zero-click full chain | **up to $20,000,000** ⚠️ marketing announcement, NOT a sale price |
| D49 | Sep 2023 | Android RCE zero-click full chain | up to $20,000,000 (same caveat) |
| D50 | Mar 2025 | Telegram one-click RCE | up to $500,000 |
| D51 | Mar 2025 | Telegram zero-click RCE | up to $1,500,000 |
| D52 | Mar 2025 | Telegram full chain | up to $4,000,000 |
| D53 | Aug 2025 | Revised iOS+Android chain (Zelenyuk walked back $20M) | $2,500,000 |

Sources: [TechCrunch Sep 2023](https://techcrunch.com/2023/09/27/russian-zero-day-seller-offers-20m-for-hacking-android-and-iphones/) · [SecurityWeek](https://www.securityweek.com/russian-zero-day-acquisition-firm-offers-20-million-for-android-ios-exploits/) · [TechCrunch Telegram Mar 2025](https://techcrunch.com/2025/03/21/russian-zero-day-seller-is-offering-up-to-4-million-for-telegram-exploits/) · [TechCrunch $2.5M revision Aug 2025](https://techcrunch.com/2025/08/20/new-zero-day-startup-offers-20-million-for-tools-that-can-hack-any-smartphone/) · [Treasury OFAC sanctions Feb 2026](https://home.treasury.gov/news/press-releases/sb0404).

---

## E. Hacking Competitions (Competition Payouts — China-Specific)

Tianfu Cup is the principal Chinese government-blessed contest after Beijing banned domestic researchers from Pwn2Own (effective 2018). Vulnerabilities flow to MPS → MSS contractors (Pangu, Topsec, NSFocus, VenusTech, Qihoo 360 / Qi An Xin).

| # | Year | Target | Payout USD |
|---|------|--------|-----------|
| E1 | 2018 | Tianfu total pool | ~$1,000,000 |
| E2 | 2018 | iPhone Safari→kernel "Chaos" chain (Qixun Zhao / Qihoo 360) — later redeployed against Uyghurs | $200,000 prize |
| E3 | 2018 | First place team total (Qihoo 360 Vulcan) | $620,000 |
| E4 | 2019 | Tianfu total pool | $545,000 |
| E5 | 2019 | VMware ESXi guest→host escape (top prize) | $200,000 |
| E6 | 2019 | Microsoft Edge RCE + sandbox (each) | $55,000 |
| E7 | 2020 | Tianfu total pool | ~$1,200,000 |
| E8 | 2020 | iPhone 11 Pro / iOS 14 | $180,000 |
| E9 | 2020 | First place team total (Qihoo 360) | $744,500 |
| E10 | 2021 | Tianfu total pool (peak) | **$1,880,000** |
| E11 | 2021 | First place (Kunlun Lab) total | $654,500 |
| E12 | 2021 | iOS 15 / iPhone 13 Pro no-interaction RCE chain (top-tier within Kunlun's $654.5K) | top-tier | 
| E13 | 2022 | **Postponed indefinitely / cancelled** | — |
| E14 | 2023 | Tianfu total pool (returning, secret) | ~$140,000 (CN¥1M) |
| E15 | 2024 | **NOT HELD** | — |
| E16 | 2025 | **NOT HELD** | — |
| E17 | 2026 | Tianfu total pool (run by MPS, "even more secretive") | ~$140,000 (CN¥1M) |

Sources: [SecurityWeek 2021](https://www.securityweek.com/19-million-paid-out-exploits-chinas-tianfu-cup-hacking-contest/) · [SecurityAffairs 2019](https://securityaffairs.com/94040/hacking/tianfu-cup-2019-results.html) · [SecurityWeek 2023+2026](https://www.securityweek.com/china-revives-tianfu-cup-hacking-contest-under-increased-secrecy/) · [MIT Tech Review on Chaos→Uyghurs](https://www.technologyreview.com/2021/05/06/1024621/china-apple-spy-uyghur-hacker-tianfu/) · [Natto Thoughts on MPS leadership](https://www.nattothoughts.com/p/the-tianfu-cup-returns-under-mps).

**Trend interpretation (T5):** Inflation-adjusted, the contest is collapsing. 2021 was peak; 2026 is essentially a recruitment funnel for MSS/MPS, not a market.

---

## F. Forum / Grey-Market Listings (LISTINGS, not confirmed sales)

| # | Year | Item | Forum | Asking Price |
|---|------|------|-------|--------------|
| F1 | 2015 | iCloud-account-access tool | TheRealDeal | $17,000 (BTC equiv.) |
| F2 | 2015 | Android Webview exploit | TheRealDeal | $8,000 (BTC equiv.) |
| F3 | 2024 | Windows exploits (general band) | XSS.is / Exploit.in listings | $50,000–$250,000 |
| F4 | 2024 | FortiOS SSL-VPN 7.4–7.6 RCE non-exclusive | XSS-class | 0.5 BTC (~$30,000) |
| F5 | 2024 | FortiOS SSL-VPN 7.4–7.6 RCE exclusive | XSS-class | 1 BTC (~$60,000) |
| F6 | 2024 | IoT zero-day | Forum | ~$1,000 |
| F7 | mid-2025 | XSS.is — operator seizure | EU/US LE op | (not a price; market disruption event) |

Sources: [Computer Weekly](https://www.computerweekly.com/news/366572532/Nation-states-buying-hacking-tools-from-underground-Russian-cyber-forums) · [Munitio deep dive](https://munit.io/a-deep-dive-into-the-russian-cybercrime-forums-shaping-2023s-landscape/) · [KELA on XSS seizure](https://www.kelacyber.com/blog/xss-forum-seized-kela-reveals-user-reactions-and-speculations/) · [SecurityAffairs TheRealDeal](https://securityaffairs.com/36098/cyber-crime/therealdeal-black-marketplace-exploits.html).

---

## G. Acquisitions / Corporate Pricing of Offensive Capability Vendors

Buying the company is one way to set a market price for the capability.

| # | Year | Acquirer | Target | Amount |
|---|------|----------|--------|--------|
| G1 | 2014 | Francisco Partners | NSO Group (~70%) | $130,000,000 |
| G2 | 2018 (closed Aug 31) | L3 (later L3Harris) | Azimuth Security + Linchpin Labs → Trenchant | base ~$200M + earnout up to ~$32M = up to **~$313M total** |
| G3 | 2019 (Apr) | InTheCyber Group / Memento Labs | HackingTeam (post-bankruptcy distressed) | **€1** (one euro, nominal) |
| G4 | 2019 | Elastic | Endgame Systems (post-offensive pivot to EDR) | $234,000,000 |
| G5 | 2019 (mgmt buyback) | NSO co-founders + Novalpina | NSO Group (Francisco Partners exit) | implied $1B+ valuation |
| G6 | 2022 (talks ended Jul) | L3Harris | NSO Group | acquisition discussions documented; specific $300M–$500M figure cited in some reporting **UNVERIFIED in primary sources** |
| G7 | 2020 | NSO revenue (year, not acquisition) | NSO Group | ~$243M revenue, ~$99M operating income |
| G8 | 2013 | NSO revenue (year) | NSO Group | ~$40M revenue |
| G9 | 2015 | NSO revenue (year) | NSO Group | ~$150M revenue |

Sources: [iTnews on L3 → Azimuth](https://www.itnews.com.au/news/l3-buys-aussie-hacking-firm-azimuth-security-498938) · [MIT Tech Review on Memento Labs €1 acquisition](https://www.technologyreview.com/2019/11/14/132164/an-italian-spyware-merchant-the-tools-of-a-cyberweapons-arms-dealer/) · [Bergman/Mazzetti NYT 2022](https://www.nytimes.com/2022/01/28/magazine/nso-group-israel-spyware.html) · [WaPo 2022 on L3-NSO](https://www.washingtonpost.com/national-security/2022/06/14/nso-group-l3harris-pegasus/).

---

## H. Iran / North Korea: The Buyer-Side Null Result

Both Iran (APT35, IRGC-linked) and North Korea (Lazarus, Citrine Sleet, Kimsuky) are persistently described in mainstream press as "buying exploits." **No confirmed purchase price exists in open source for either.**

Documented behavior:
- **Iran APT35:** Operates as a "bureaucratized, quota-driven" unit (per Oct 2025 internal-doc leak). Tools dominated by rapid n-day weaponization (e.g., CVE-2024-1709 ConnectWise ScreenConnect) and DNS manipulation, not zero-day acquisition.
- **DPRK Lazarus / Citrine Sleet:** August 2024 chained Chrome V8 type confusion (CVE-2024-7971) with Windows kernel bug (CVE-2024-38106) to deliver FudModule. Microsoft and Google attribute to in-house development, not purchase.
- DPRK 2025 crypto theft totaled $2.02B (Chainalysis). Tooling-spend is not separately disclosed.

This is an important null result: don't confuse capability with procurement.

Sources: [Microsoft on Citrine Sleet CVE-2024-7971](https://www.microsoft.com/en-us/security/blog/2024/08/30/north-korean-threat-actor-citrine-sleet-exploiting-chromium-zero-day/) · [CloudSEK APT35 leak analysis](https://www.cloudsek.com/blog/an-insider-look-at-the-irgc-linked-apt35-operations) · [BushidoToken on Russian mobile threats](https://blog.bushidotoken.net/2024/09/examining-mobile-threats-from-russia.html).

---

## I. Major Debunks and Common Conflations

The fact-check section. These are the recurring errors in this market's reporting.

| Claim | Status | Reality |
|-------|--------|---------|
| "Operation Zero pays $20M for an iOS+Android RCE chain" | **OFFER ≠ SALE** | $20M is a Sept 2023 marketing announcement on Telegram/X. Zelenyuk himself revised to $2.5M in Aug 2025. Williams/DOJ case revealed actual paid average ~$162K/exploit. |
| "Stuxnet cost $10M" | **UNVERIFIED — not in primary sources** | Most rigorous estimates: ~$20M malware development, $300M–$1B operation including human intelligence (Volkskrant 2024 / Kaspersky's Costin Raiu). |
| "Zerodium $2M iOS = market price" | **OFFER, not measured clearing price** | Public offer; actual transactions historically clear at 30–70% of advertised broker ceilings (academic finding, Dellago et al. 2022). |
| "Crowdfense $30M program = $30M paid out" | **OFFER, not sales** | $30M is total budget ceiling; per-tier numbers ($5–7M iOS, $9M zero-click MMS) are advertised maximums. |
| "Tianfu Cup is a $1.9M annual contest" | **OUTDATED (true only for 2021)** | Pool collapsed: 2022 cancelled, 2023 ~$140K, 2024–25 cancelled, 2026 ~$140K. |
| "Iranian APT35 buys zero-days" | **UNVERIFIED — no documented purchase** | APT35 leak shows n-day weaponization, not procurement. |
| "Lazarus paid $X for the Aug 2024 Chrome zero-day" | **UNVERIFIED — Microsoft attributes to in-house** | No public source documents a purchase. |
| "Operation Zero paid Williams $35M" | **DEBUNKED** | $35M was Williams' claim of *value*; actual paid amount was $1.3M (per CyberScoop, Zetter, DOJ). |
| "L3Harris-NSO acquisition was $300M-$500M" | **UNVERIFIED in primary sources** | 2022 talks documented (WaPo); specific dollar figure not in WaPo / Reuters / Bloomberg primary reporting located in this research. |
| "WhatsApp v. NSO is a $167M judgment" | **PARTIALLY OUTDATED** | $167M was the May 2025 jury verdict; reduced by Judge Hamilton remittitur Oct 17 2025 to **$4M punitive** or new trial on damages. Operative figure is the reduction, not the verdict. |
| "Per-target Pegasus is $1M" | **OFFER ≠ FILED FIGURE** | The $650K-per-10-targets + $500K install fee from leaked 2016 NSO price list is the canonical figure. The $1M per-target ceiling appears in journalism but not in any docket. |
| "Apple v. NSO produced rich pricing data" | **PARTIALLY** | Case 3:21-cv-09078 was *voluntarily dismissed* by Apple Sept 13, 2024 (Motion for Voluntary Dismissal) — most pricing detail is from leaks and Mexican government statements, not Apple v. NSO. WhatsApp v. NSO 4:19-cv-07123 is the active docket. |

---

## J. Pricing Trends Over Time

Three structural trends are visible in the corpus:

**1. Sharp upward trend in published broker ceilings, ~44% per annum (Dellago et al. 2022 measurement).**

| Target | 2007 (Miller paper) | 2012 (Forbes range) | 2015 (Zerodium launch) | 2019 (Zerodium peak) | 2024 (Crowdfense) |
|--------|---------------------|---------------------|------------------------|----------------------|---------------------|
| iOS full chain | $50K (Linux equiv.) | $100–250K | $500K (→$1.5M Sep 2016) | $2,000,000 | $5–7M |
| Android | (Linux peer) | $30–60K | $100K | $2,500,000 (Sep 2019; surpasses iOS) | up to $5M |
| Browser RCE+SBX | (—) | $80–200K | $80K | $500K Chrome | $3M Chrome / $3.5M Safari |
| Messenger zero-click | (—) | (—) | (—) | $1.5M WhatsApp/iMessage | $3–5M iMessage / $9M SMS chain |

**2. Inversion: Android passed iOS in Sep 2019** — first time in industry history Android offer prices exceeded iOS. Signal of major Android security improvements (post-Nougat sandboxing, Verified Boot, Project Zero pressure).

**3. Headline-vs-actual divergence is widening.** The Williams / Operation Zero case reveals advertised ceiling was 124× actual paid average ($20M offer / $162K actual per exploit). This gap is the single most important data point in modern pricing analysis.

**4. Per-target Pegasus pricing has been remarkably flat** — the 2016 leaked rate card ($650K per 10 + $500K setup) appears largely unchanged in subsequent court / leaked documentation. What scales is the **customer-level contract** (Saudi $55M, Mexico aggregate $61M, India $2B package) via target-count and exclusivity terms.

**5. Acquisition prices for surveillance vendors range from €1 (HackingTeam, distressed) to ~$313M (Azimuth+Linchpin → Trenchant). NSO has been valued from $130M (FP 2014) through $1B+ (2019 mgmt buyback) to $0 (2022 attempted sale falling through).**

---

## K. Glossary of Brokers and Surveillance Vendors

**Boutique exploit brokers (offer-side):**
- **Vupen** (FR, 2008–2015) — Founded by Chaouki Bekrar. Subscription model. NSA confirmed customer (FY2012-13 contract). Wound down → Zerodium.
- **Zerodium** (US-based, 2015–) — Bekrar's successor company. First broker to publish public price chart. Operational spend $1–3M/month at peak.
- **Crowdfense** (Dubai, 2018–) — Largest public program ($30M+ as of 2024). Sells to "selected institutional customers."
- **ReVuln** (Italy, 2012–) — Donato Ferrante / Luigi Auriemma. ICS/SCADA focus. Closed by ~2017.
- **Endgame Systems** (US, 2008–2014 offensive era) — Pivot to defensive (Elastic Security) 2014; Elastic acquired 2019 for $234M.
- **Netragard** (US, –2015) — Adriel Desautels' Exploit Acquisition Program. Closed after HackingTeam controversy 2015.
- **Exodus Intelligence** (US, Austin) — Subscription "EIP" feed primarily n-day intel.
- **Trenchant** (formerly Azimuth Security + Linchpin Labs) — L3Harris subsidiary. Five Eyes governments only. $313M acquisition 2018.
- **Operation Zero / Matrix LLC** (RU, St. Petersburg, 2021–) — Sergey Zelenyuk. Russian state + Russian private buyers only. **Sanctioned by US Treasury Feb 26 2026.**

**Surveillance vendors (sell offensive capability as a product, not raw exploits):**
- **NSO Group** (IL, 2010–) — Pegasus. Saudi $55M install, Mexico $61M aggregate, Ghana $4M paid, India $2B package. Multiple court cases.
- **Hacking Team / Memento Labs** (IT, 2003–2015 / 2019–) — Galileo / RCS / DaVinci. €40M cumulative client revenues per leaked spreadsheet.
- **FinFisher / Gamma Group** (DE/UK, –2022 dissolution) — FinSpy / FinFly. €1.4M full suite. Filed insolvency Mar 2022 after CCC criminal complaint.
- **Cytrox / Intellexa** (BG/CY/IL, 2017–) — Predator. €8M+ contracts. US Treasury sanctions 2024. Greek "Predatorgate" prosecution.
- **Candiru / Saito Tech** (IL, 2014–) — DevilsTongue. €16M project pricing. US Treasury sanctions 2021.
- **DarkMatter** (UAE, 2014–) — Project Raven. iOS Karma / Karma 2 zero-click. US contractors prosecuted via DOJ 2021 DPAs (Marc Baier, Ryan Adams, Daniel Gericke).
- **Cellebrite** (IL, 1999–) — UFED forensic device unlock. US federal contracts $2.99M (FBI), $30–35M (ICE).
- **Grayshift / Magnet Forensics** (US, 2017–) — GrayKey iPhone unlock. $15K geofenced / $30K unlimited per-box.

**Russian / Chinese ecosystem actors:**
- **Operation Zero / Matrix LLC** — see above.
- **i-Soon / 安洵信息** (CN, –2024 leak) — Hack-for-hire MSS/MPS contractor. $10–75K per inbox revealed via Feb 2024 leak.
- **Pangu Team, Topsec, NSFocus, VenusTech, Qi An Xin / Qihoo 360** — Chinese contractors absorbing Tianfu Cup vulnerability flow.

---

## L. Limitations of the Data and Selection Bias

This research project has known structural limitations the reader should price in:

1. **Public data is non-random.** The corpus is dominated by leaks (HackingTeam, FinFisher, Predator Files, i-Soon, Snowden), court records (NSO, Williams), and self-disclosure (Miller 2007, brokers). What we see is what *failed at OPSEC*. Successfully-confidential transactions are systematically absent.

2. **Western and Israeli vendor pricing is heavily over-represented** because (a) Israeli press (Haaretz, Times of Israel) covers domestic surveillance industry rigorously, (b) US discovery via WhatsApp/Apple v. NSO opens corporate documents, (c) US journalists (Greenberg, Perlroth, Bergman, Franceschi-Bicchierai, Cox, Zetter) systematically cover this beat. Russian, Chinese, Iranian, North Korean buyer-side prices remain near-opaque.

3. **Offer prices vastly outnumber sale prices in the public record.** Brokers publish offers; sales close in private. Use Section A (court-confirmed / government-disclosed) as the evidentiary spine; treat Sections D and F as bounding curves, not transactions.

4. **Currency and inflation** — many figures are non-USD originals. Inflation-adjusting Tianfu's $1M-2018 vs. $140K-2026 reveals collapse that nominal numbers obscure.

5. **Scope-edge calls.** The most defensible scope edge is excluding HackerOne/Bugcrowd-class defensive bug bounties (which I have done) — but the boundaries blur for: (a) Apple Security Bounty $2M for pre-auth USB chains (defensive but offers offensive-tier money); (b) Cellebrite/Grayshift forensic device unlock (offensive use of forensic capability is well-documented but the products themselves are sold dual-use); (c) academic competition payouts (in scope as Tianfu downstream goes to MSS, but Pwn2Own is not because ZDI uses purchases for its defensive feed). Reasonable researchers may draw these lines differently.

6. **Per-row email-ID citations to leaked invoice corpora are recoverable but not pulled** in this research pass. The HackingTeam WikiLeaks archive at `wikileaks.org/hackingteam/emails/` and the FinFisher PhineasFisher dump are searchable; for follow-up grade citation a per-line email ID lookup is feasible.

7. **Five Eyes / Israeli intelligence services almost certainly run live exploit-procurement programs we cannot see.** The Snowden 2013 Black Budget gave us ONE annual NSA line ($25.1M); FBI / CIA / GCHQ / ASD / CSE equivalents are not similarly disclosed. The corpus understates total state spending by an unknown but probably large multiple.

---

## M. Recommended Reading (Primary Sources)

**Books:**
- Nicole Perlroth, *This Is How They Tell Me the World Ends*, Bloomsbury 2021. (Overall market history; "Jimmy Sabien" iDefense chapter.)
- Kim Zetter, *Countdown to Zero Day: Stuxnet*, Crown 2014.
- Andy Greenberg, *Sandworm*, Doubleday 2019.
- Ronen Bergman, *Rise and Kill First*, Random House 2018. (For NSO context.)

**Academic:**
- Charlie Miller, "The Legitimate Vulnerability Market" (WEIS 2007). [PDF](https://www.ise.io/wp-content/uploads/2019/11/cmiller_weis2007.pdf)
- Ablon & Bogart, *Zero Days, Thousands of Nights* (RAND RR-1751-RC, 2017). [Link](https://www.rand.org/pubs/research_reports/RR1751.html)
- Tsyrklevich, "Hacking Team: a zero-day market case study" (2015). [Link](https://tsyrklevich.net/2015/07/22/hacking-team-0day-market/)
- Dellago, Simpson & Woods, "Characterising 0-Day Exploit Brokers" (WEIS 2022). [PDF](https://weis2022.econinfosec.org/wp-content/uploads/sites/10/2022/06/weis22-dellago.pdf)
- Stockton & Golabek-Goldman, "Curbing the Market for Cyber Weapons" (Yale L&PR 32(1), 2013). [Link](https://digitalcommons.law.yale.edu/ylpr/vol32/iss1/11/)

**Investigative journalism / leaks:**
- Andy Greenberg, "Shopping for Zero-Days" (Forbes 2012). [seclists mirror](https://seclists.org/fulldisclosure/2012/Mar/284)
- WaPo Black Budget 2013 (Gellman/Miller).
- WikiLeaks Hacking Team archive 2015. [Link](https://wikileaks.org/hackingteam/emails/)
- Forbidden Stories Pegasus Project 2021.
- Predator Files consortium 2023 (Amnesty + EIC.network).
- i-Soon leak 2024 (SentinelOne, Krebs analysis).
- Citizen Lab — across the entire corpus.

**Court records:**
- *WhatsApp v. NSO Group* — N.D. Cal. **4:19-cv-07123** (Judge Phyllis Hamilton). [CourtListener](https://www.courtlistener.com/docket/16395340/whatsapp-inc-v-nso-group-technologies-limited/)
- *Apple v. NSO Group* — N.D. Cal. **3:21-cv-09078** (voluntarily dismissed by Apple Sept 13 2024).
- *US v. Williams* — DOJ DDC 2025 sentencing. [DOJ release](https://www.justice.gov/opa/pr/former-general-manager-us-defense-contractor-sentenced-87-months-selling-stolen-trade)

---

## Appendix: Track Files

This synthesis draws on 5 parallel research tracks, each with its own structured output:

- `T1-transactions.md` — 38 records, journalism-confirmed transactions
- `T2-academic.md` — academic literature, Greenberg chart reproduction, Endgame tiers, Miller WEIS, RAND, Dellago et al.
- `T3-broker-offers.md` — broker public price lists with full Zerodium 2015–2025 progression
- `T4-courts-leaks.md` — 60+ rows from court records, leaks (HackingTeam, FinFisher, Predator Files), FOIA, SAM.gov
- `T5-nonwestern-factcheck.md` — 36 data points on Russian/Chinese markets + 9 debunks

Total distinct priced data points across all tracks: **~150**, with overlap deliberately preserved across tracks for cross-validation.

---

*Compiled 2026-04-25. Comprehensive-tier research project, 5 parallel tracks, cross-validated. All URLs HTTP-verified at time of research. Primary contributor agents: PerplexityResearcher (T1), ClaudeResearcher (T2), GeminiResearcher (T3 — refused on policy; track filled in directly via WebSearch), CodexResearcher (T4), GrokResearcher (T5).*