The founder of Hacking Team, the Italian surveillance software company, which suffered a 400 GB data breach last week reassures clients that its anti-terrorism work has not been jeopardised.
David Vincenzetti, Hacking Team, CEO, said,”If the client has followed our instructions there are no problems for security. Only a part of the source code has been stolen.
“We have provided clients with instructions which will enable them to restore complete security with the next update,” he added.
The CEO said the hack, which resulted in the theft of 400GB of data and the publication of around 1 million company emails on the WikiLeaks website, had not compromised its most innovative products, which were “capable of combatting the phenomenon of terrorism and appreciated by all Western governments.”
The reassurances stand in contrast to the more alarmist account published by Hacking Team in the immediate aftermath of the breach. The company said then it had lost control of its controversial surveillance software, which human rights groups say has been sold to undemocratic regimes for use against journalists and dissidents.
“Terrorists, extortionists and others can use it as they like, if they have the technical ability to do so,” Hacking Team said in its earlier statement.
Italian law enforcement institutions were Hacking Team’s second largest client after those in Mexico, a country ravaged by narcotics-related violence. The data breach has been a source of embarrassment for the Italian government, which appears to have helped to promote the company’s services, and for AISE, the Italian foreign intelligence agency, which used its products.
Secret information including the identity of AISE sources and foreign secret service agents has leaked as a result of the hack, Italian newspaper Corriere della Sera reported recently.
“There are references to members of AISE whose identity is covered by official secrecy in the stolen files,” said Giacomo Stucchi, the senator who heads the parliamentary committee responsible for secret service oversight. “That’s a problem. It’s illegal to publish those names.”
The intelligence garnered using Hacking Team’s spyware was not known to the Milan company and therefore should not have been compromised, Stucchi said in a telephone interview. “When you entrust a private company with such a delicate role you have to be sure they can be trusted. Unfortunately in this case Hacking Team suffered a failure, which is unacceptable. Clearly we will have to be more careful in the future.”
Hacking Team even appears to have offered its Remote Control System, codenamed Galileo, to the Vatican Gendarmerie, a police force tasked with protecting the pope and maintaining order, alongside the Swiss Guard, in Vatican City.
It is still unclear who was behind Hacking Team’s disastrous hack, with Vincenzetti himself suggesting it could be the work of a well-financed and patient intelligence service or of disgruntled former employees.
An unnamed former colleague told the publication Lettera43.it that the operation must have been a skilled and painstaking one. “I worked in that team and they really are the best,” he said. Presenting the hack as though it had been easy was “another slap to damage the reputation of the company even more”.
Stucchi, of the parliamentary committee, said it would be up to the Milan prosecutor to determine the source of the cyberattack. “I was briefed a quarter of an hour ago and there is still no indication as to the source of the hack,” he said. “We are relying on the prosecutor, although a global environment like the Web doesn’t make it easy.”