Former Hacking Team developer reportedly in contact with a terrorist group

Disgruntled employees deny planning to sell an antidote to the company's surveillance software

An individual who did work for Hacking Team was in contact with hackers working for a terrorist organization, and disgruntled employees -- who deny the charge -- were planning to sell an antidote to the spyware vendor's surveillance software, an Italian newspaper reported Friday.

A general in the Italian foreign intelligence service (AISE), identified as "G" in internal emails published by WikiLeaks three weeks ago, told Hacking Team CEO David Vincenzetti that "an ex-collaborator of Hacking Team is working with foreign hackers who collaborate with terrorist organizations," according to Il Fatto Quotidiano.

Hacking Team, a Milan-based company that sold surveillance software to law enforcement agencies around the world and was criticized for helping oppressive regimes crack down on their political opponents, suffered a disastrous security breach at the beginning of July, with 400 GB of confidential information eventually dumped online.

Two employees had left the company and were suspected of planning to market their own antidote to HT's "Galileo" Remote Control System, which exploited zero day vulnerabilities to monitor the devices of targeted individuals, the paper said. Among potential customers for the anti-HT technology were two Pakistani businessmen, who were prepared to invest US $500,000 in the venture, it said.

Il Fatto identified the two former employees and said both were recently questioned by Milan public prosecutor Alessandro Gobbis, at their own request, and both have denied any plans to sell tools to counter HT's spyware.

In one email Vincenzetti describes one as a senior Windows developer and "capable of creating a small software able to detect our backdoor in the Windows environment". The person suspected of terrorist links was one of the most senior developers for Android. If the two were to collaborate, Vincenzetti wrote, "the antidote could be effective for the two most widely used operating systems in the world."

Another secret service officer, a colonel identified in the emails as "C", asked Vincenzetti for a detailed account of the suspects' activities while at HT, to provide him with "a summary description of the damage that the two might cause to Hacking Team."

Public exposure of Hacking Team's activities has interfered with Italian police anti-terrorism investigations, in one case forcing authorities to bring forward planned arrests, the head of the police, Alessandro Pansa, told a parliamentary committee responsible for secret service oversight, on Thursday.

Police were using HT software to monitor the computers of Lassad Briki, a Tunisian, and Muhammad Waqase, from Pakistan, who were arrested July 22 on suspicion of planning a terrorist attack on a joint U.S.-Italian military air base at Ghedi in northern Italy. Those arrests were brought forward because of the public exposure of HT's spyware, Pansa told the committee.

Some suspects activated anti-virus protection after learning of Hacking Team's law enforcement activities, and surveillance operations were suspended out of concern that suspects, aware they were being monitored, would disseminate false leads, Pansa said.

HT surveillance technology was also being used to target corruption in the civil service and organized crime, the police chief said. It had been in use by the Italian police since 2004.

Attempts to obtain comment from Hacking Team on Friday evening were unsuccessful.

Join the CSO newsletter!

Error: Please check your email address.

Tags securityHacking Team

More about AlessandroGalileo

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Philip Willan

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts