Slate Magazine
Endgame is one of a small but growing number of boutique cyber mercenaries that specialize in what security professionals euphemistically call “active defense.” It’s a somewhat misleading term, since this kind of defense doesn’t entail just erecting firewalls or installing antivirus software. It can also mean launching a pre-emptive or retaliatory strike. Endgame doesn’t conduct the attack, but the intelligence it provides can give clients the information they need to carry out their own strikes. It’s illegal for a company to launch a cyberattack, but not for a government agency. According to three sources familiar with Endgame’s business, nearly all of its customers are U.S. government agencies. According to security researchers and former government officials, one of Endgame’s biggest customers is the National Security Agency. The company is also known to sell to the CIA, Cyber Command, and the British intelligence services.