David Vincenzetti, Hacking Team CEO, says terrorists and criminals are benefiting from breach

The CEO of a recently hacked spyware vendor says the attack against his company has made it easier for criminals and terrorists to operate, but privacy advocates say the breach has been instrumental in propelling an international discussion on surveillance tech.

More than three weeks after an assault against Milan-based Hacking Team compromised hundreds of gigabytes of sensitive emails and source code that were subsequently leaked to the Web, the Italian cyberfirm is still reeling.

Hacking Team had been a target of privacy proponents since well before the breach due to the company’s purported sale of spy tools to countries with poor human rights records, and disclosures in the wake of the hack have raised new questions in the time since about not just surveillance software in general, but the ethics behind developing and selling exploits.

In an editorial published Wednesday by the International Business Times, Hacking Team CEO David Vincenzetti wrote that his company has been working toward developing new products to provide to clients after several software-makers rushed to patch vulnerabilities that they had been unaware of prior to the hack.

By exploiting flaws instead of informing software developers, Hacking Team bought and sold tools that enabled clients to crack types of digital encryption and eavesdrop on targets. With the previously secret methods of attack revealed through the breach, however, many of those spy tools have since been rendered useless.

“Hacking Team is committed to providing law enforcement a way to do what it has always done, that is to track criminals and prevent or prosecute crime,” Mr. Vincenzetti wrote. “With the development of global terrorists and especially the ’lone wolf’ terrorist, the ability of law enforcement to track them is critical.”

“Hacking Team will restore the capabilities of law enforcement clients,” Mr. Vincenzetti wrote.

“Until this work is complete, criminals and terrorists in countries around the world will have a lot less to worry about from the law.”

Leaked emails pilfered through the breach confirmed that Hacking Team had supplied tools that enabled governments to spy on more than just “bad guys,” however.

Correspondence and contracts made public by hackers verified for the first time the contents of the firm’s client list, and details revealed through the breach forced the company to acknowledge publicly that its products have previously been supplied to repressive states, including Sudan, Ethiopia and Russia.

“What the Hacking Team exposure revealed was not just a lot of legitimate states violating human rights laws in order to track criminals, but also a lot of states with abysmal human rights records using this software to facilitate the persecution of journalists and human rights defenders,” said Smari McCarthy, an Icelandic information activist and the chief technology officer for the Organized Crime and Corruption Reporting Project.

Given that dozens of governments have turned to Hacking Team for help going after persons of interest, however, he said that an attack of this caliber having been suffered by a so-called security firm says much about the current state of affairs.

“It is a testament to how severely broken all computer security is that a self-professed computer security firm could get so severely violated,” he added. “Their security was deplorable, from what I’ve seen, but the bad news is that most people have even worse security.”

Following the Hacking Team breach, anti-secrecy group WikiLeaks published a searchable database of pilfered emails containing sensitive correspondence between the likes of its CEO and international clients.

New details contained in the disclosure about the firm’s relationship with the DEA raised questions regarding contracts with the U.S. government, and Sen. Chuck Grassley, Iowa Republican, wrote the FBI, saying it was “troubling that the leaked documents also revealed Hacking Team’s business relationships with a number of repressive regimes around the world, including Sudan.”

“While it is vital that U.S. law enforcement and our military have the technological tools needed to investigate terrorists and criminals in order to keep the public safe, it is also important that we acquire those tools from responsible, ethical sources who are acting in accordance with the law,” Mr. Grassley said.