back to article Hacking Team: We’ll be back in the spyware biz before you know it

Hacked snoopware maker Hacking Team says it will continue its operations as soon as possible – and claims the huge source-code leak it suffered didn’t get all of the company's crown jewels. "What happened earlier this summer in the attack on our company was a reckless and vicious crime," said CEO David Vincenzetti in the …

  1. Mephistro
    Pint

    "...claiming that foreign governments have a right to wiretap Americans inside their own homes without court oversight, a right that not even the U.S. government claims for itself..."

    True that, but the U.S. government has also given itself the right to wiretap other countries's citizens without any oversight whatsoever. This case is going to be really interesting. Where is the popcorn icon?

    1. Anonymous Coward
      Anonymous Coward

      I fear that will be how this plays out, that they become a symbol of Americans having to take it as much as the rest of us have to take it from them. Then people forget to hate them.

  2. Your alien overlord - fear me

    Am I missing something?

    "He went on to say that the hackers hadn't exposed "important elements of our source code," and that a protected sector had been set up to protect the company's assets."

    Business 101 - your clients are your biggest assets (they provide the money for the boss to keep as his assets). Are your clients details etc. secure? And why would you only protect the important elements?

    Perhaps it was lost in translation - will the real translation also appear on Wikileaks?

    1. asdf

      Re: Am I missing something?

      >Business 101 - your clients are your biggest assets

      Reminds me of that Dilbert cartoon where pointy hair says something like we have discovered employees are not our most important asset after all. Turns out money is. Clients come and go but if you have money in the bank even a company like BB can stay around. It gives you a chance to go find new clients.

  3. intlabs

    Netragard is interesting

    one of their founders also runs a pretty dodgy looking pay per click consultancy (JeremiahBaker.com) and according to linkedin: "Jeremiah is also the co-founder - President of Marketing & Sales of a software sales firm that sells PDF software to businesses world wide with clients in Belgium, United Kingdom, Canada, and the United States." Don't know what the companies called (odd that it's not promoted alongside his other ventures in the clear) but thats the last guy i would ever want a pdf reader or writer off...

    1. asdf

      Re: Netragard is interesting

      Yeah the dodgy smell is on them something fierce. The only thing missing is prior/current IDF contacts/employees but you may well be able to find those as well.

  4. Ole Juul

    lol

    . . . that this buyer maintained the same code of ethics as our own.

    1. dan1980

      Re: lol

      When your business strategy is to sell tools that allow organisations to illegally access the computers and data of other organisations and individuals, it does prompt the question of exactly what qualifies as "ethical" behaviour.

      1. Stoneshop
        Boffin

        "ethical" behaviour.

        Even when the temperature is below zero, it is still referred to as "degrees Celcius" (or Fahrenheit, as the case may be)

        1. Sir Runcible Spoon

          Re: "ethical" behaviour.

          New business case proposal:

          1. Buy zero day exploit for $x

          2. Sell zero day exploit for $x/10 to 11 customers (i.e. knock-down price)

          3. Expose zero day through puppet company to reduce value to zero.

          You make 10% to cover your running costs and you eventually eliminate all known exploits (or people stop buying them).

          Worth a go?

  5. dan1980

    Understood.

    It was our mutual understanding that this buyer maintained the same code of ethics as our own. Unfortunately we were very, very wrong," it said.

    Your understanding?

    Based on what information? How carefully did you vet them? Did you demand, in the contract of sale, that products developed with the provided information about the vulnerability would only be provided to governments approved by you? Presumably you specify that your clients can't provide the product or reveal the vulnerabilities to the developers of the software you are exploiting so one assumes you have crossed a few 'T's and dotted a few 'I's. Strange then that the criteria to not provide the product to repressive regimes is absent. Or maybe it's not that strange.

    And what is you "code of ethics", exactly?

    If it is that you don't provide your services and products to certain clients, what is the restriction. We know that you previously only sold to "US clients" but, beyond that, what was your criteria? Did you sell to any US clients? On the basis, perhaps, that they are all trustworthy and would never do anything that violated you "code of ethics"?

    So what is it that you consider to be ethical conduct?

    I mean, let's not beat around the bush here - your company actively researches vulnerabilities in software and, rather than informing the developers of that software - which would increase security for everyone - you keep it secret and develop code to exploit those vulnerabilities for the express purpose of gaining access to another person's private property and accessing their private data. You then sell that capability to other people - people whose motives and business practices you evidently don't investigate and vet sufficiently.

    You sell tools that allow one party to spy on another. What does a company have to do to be considered to operate outside of this code of ethics of yours? What the hell do you think they are doing with your products?

    But, let's assume that you really did have the best of intentions and truly did believe that 'Hacking Team' were your brothers from another mother. It's great that you've now decided to no longer sell to them (again, taking you at your word) but what measures will you put in place in the future to ensure that the vulnerabilities you discover and the exploits you create won't be used by or on-sold to unethical organisations/states?

    Which organisations and states will make that list, hmmm?

    1. Mark 85

      Re: Understood.

      Good points, Dan. With the crap flying back and forth between those two, I have wonder.. is the malware delivery tools, even the malware itself, coming from "ethical" companies such as these?

  6. This post has been deleted by its author

  7. This post has been deleted by its author

    1. Anonymous Coward
      Anonymous Coward

      That would make them accountants.

      But its much funnier that a company called 'Hacking Team' got hacked.

      1. This post has been deleted by its author

  8. Richard Taylor 2
    Facepalm

    Hacked snoopware maker Hacking Team says it will continue its operations as soon as possible – and claims the huge source-code leak it suffered didn’t get all of the company's crown jewels.

    Well he would say that wouldn't he (c/o C Keeler)

  9. Amphibious RawCod

    translation please

    Does ANYONE understand what this is supposed to mean?...

    "While it is true that criminals exposed some of our source code to internet users, it is also true that by now the exposed system elements because of universal ability to detect these system elements."

    1. Adrian 4

      Re: translation please

      I think he missed out some words. It should say '...by now the exposed system elements ARE WORTHLESS because of universal ability to detect..'

      1. Anonymous Coward
        Anonymous Coward

        Re: translation please

        He is arguing that they only stole worthless junk.

        Specifically because being stolen made it worthless junk.

        1. Sir Runcible Spoon
          Headmaster

          Re: translation please

          "Specifically because being stolen made it worthless junk."

          Or rather it being stolen and released publicly made it worthless junk.

  10. LucreLout

    Sadly, this....

    Exactly how many buyers the company will find remains to be seen – the fallout from the initial hack still hasn't finished landing yet. On Friday the head of the Cyprus Intelligence Service (KYP), Andreas Pentaras, resigned after the stolen trove detailed his department's use of the Hacking Team's products.

    ....is fairly trivial. Most competent customers would have errected a corporate firebreak between their real institutions, and any provider delivering anything so murky as this. Literally anyone that understands corporate structuring 101 could advise on methods for doing this, so I expect the only lesson learned by their customers will be in how to protect themselves from adverse PR.

  11. Anonymous Coward
    Anonymous Coward

    Yeah but....

    "In the meantime the firm is rebuilding its internal infrastructure prior to setting up operations."

    I wonder how much of a forgiving frame of mind clients - and suppliers for that matter - are going to be; I find it hard to believe they'll take a laid back view of having their dirty laundry aired in public.

  12. Pascal Monett Silver badge

    "a reckless and vicious crime"

    From what I've read around here, it was a rather complex and sophisticated hack, so the adjective "reckless" does not belong.

    As for vicious, well I can't really sympathize with scum for being out-scummed. Like a rapist getting rogered in a back alley. Gosh, so how does it feel now, guys ?

  13. vikihey

    I think this is a problem concerning about our privacy

    I think this is a problem concerning about our privacy. I have been monitored by my father using a Micro Keylogger installed on my computer. Now I can understand this, I know that they try to protect me from something bad. And I know that I am talking about something serious.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon