Italian prosecutors are looking into whether six former employees of the Milan-based Hacking Team leaked a trove of data earlier this month.
Six former employees of the Italian cybersecurity firm Hacking Team are being investigated in connection with the disclosure of a vast amount of confidential company data that was purportedly stolen earlier this summer, according to a report.
Reuters reported Friday that prosecutors in Milan had opened an investigation against the six employees who were accused in May by the company’s chief executive David Vincenzetti of revealing some of the source code related to a number of the company’s software. Reuters said its information came from “investigative sources,” which the news outlet did not identify by name.
Earlier this month, Hacking Team confirmed it was the victim of a cyber intrusion after a large cache of e-mails, documents, software and other data appeared on file-sharing websites. That data included the source code for one of the company’s trademarked products called “Remote Control System,” a tool sold to law enforcement agencies and governments around the world.
Remote Control System, the company says, allows police and other government officials to surreptitiously surveil people through their computers and mobile devices. Documentation leaked online indicated Hacking Team had managed to compromise many of the world’s leading phone and computer brands — including Apple’s Mac and iOS, Microsoft’s Windows, Google’s Android and BlackBerry’s operating systems — through previously-unknown exploits.
Some of those exploits were patched within days of the leak, including a widely publicized bug affecting users of Adobe’s Flash software. That bug prompted renewed calls for Internet users to stop using Flash and provoked Mozilla to turn Flash off for all users of its popular Firefox browser (that decision has since been reversed).
The documents also called into question some of Hacking Team’s business dealings with governments thought to be using the product for unsavory reasons, including targeting journalists and activists. Accusations put forth by the watchdog Citizen Lab in a 2014 news article were proven correct after e-mails surfaced in the leaked documents that indicated the company had sold its remote hacking tool to government officials in Ethiopia, Sudan, Egypt and other countries with questionable human rights records.
Shortly after the compromised data appeared online, Hacking Team executives contacted their government clients with a request to stop using their cloud-based hacking tools, including the Remote Control System. A few days later, Vincenzetti released a statement confirming the attack, calling it a “reckless and vicious crime.”
“We have reported it to Italian authorities who are investigating, and we expect the authorities of other nations to be involved as well,”
In an e-mail sent to TheBlot Magazine, spokesperson Eric Rabe said Hacking Team was willing to work with any company whose software or hardware had been targeted by its hacking tools.
“I don’t know of anyone who has called us to help,” Rabe said in a July 9 e-mail. “They may be doing just fine, but if someone needs something they should give us a call.”
But that goodwill won’t come at the expense of ordinary business, and Vincenzetti has all but vowed that the company will forge ahead with its hacking tools. In the statement released July 13, the chief executive said Hacking Team was already hard at work on another version of the Remote Control System that would serve as a “total replacement” for the one exposed by hackers. He also said “important elements” of the company’s source code “were not compromised” in the attack earlier this summer.
“We at Hacking Team are now dedicated to restoring the ability of law enforcement to fight crime hidden in the new encrypted digital world,” he wrote. “We have already isolated our internal systems so that additional data cannot be exfiltrated outside Hacking Team. A totally new internal infrastructure is being build (sic) at this moment to keep our data safe.”
Immediately after the Milan-based company became aware of the compromise, it contacted law enforcement in Italy who launched an investigation into the origins of the attack. Reuters now reports that the investigation into the compromise has been “combined” with an earlier probe into the leaking of source code by the six former employees of Hacking Team.
Rabe told TheBlot by e-mail that Hacking Team had no comment on the investigation.