Hacking Team

You are here: Home » Latest News

Latest News

News Release

July 30, 2015

 

Hacking Team Systems Critical for Law Enforcement

 

 

This article appeared on the International Business Times UK on July 29th. Click here for the orginal article.

 

When a company operating legally and providing a valuable service is wantonly attacked, its proprietary information stolen and its intellectual property destroyed, law abiding people everywhere should be shocked.

 

But in the Internet age, if the company is a provider of surveillance tools to law enforcement called Hacking Team, it is the company that is pilloried.

 

Let’s look at the facts:

 

  • Hacking Team’s technology has always been sold under the law.  HT’s surveillance tool has been provided only for the use of law enforcement, intelligence services and other government agencies, and never available to private individuals and businesses.
  • Hacking Team does not conduct surveillance of suspects of crime, terrorism or other wrongdoing.  That is the job of law enforcement.
  • The attack on Hacking Team sometime before July 6 exposed much internal company data.  However, since the data from investigations conducted by HT’s law enforcement clients is stored on client computer systems, this surveillance data was not exposed in the attack.
  • Today criminals can and do operate anonymously using encrypted digital tools such as modern email, mobile phones and portable computers.  Every day criminals use these encrypted systems to sell drugs and sex, plot terrorist acts or even offer murder for hire.
  • Law enforcement’s ability to follow criminal activity is as important as ever, but today the job is enormously more complicated because of one simple reality:  the secrecy of today’s digital communications implemented in the name of privacy.

 

Of course, privacy is a value we all share; it is important.  But so is security.

 

Recognizing the need for privacy protections, Hacking Team several years ago established standards for behavior by its surveillance technology customers.  The company has made a publicly available statement of what is expected of customers.  Hacking Team is the only company providing surveillance software to do so.

 

For several years, laws and regulations have been developing for managing surveillance technology.  Without exception, Hacking Team has complied with existing law and regulation.  When the European Union and Italy adopted the latest regulations in January, 2015, Hacking Team stepped up and was immediately in full compliance.

 

Furthermore, Hacking Team clients are required to affirm in their contracts that they will not use the technology for military or unlawful purposes.  In many countries, the software can only be used under supervision of a court.

 

The company has rejected potential clients who seemed unlikely to abide by requirements to use Hacking Team technology as intended, to fight crime.  The company has also discontinued doing business with countries when misuse was alleged or occurred.

 

That is true of sales some years ago to Ethiopia, Sudan and Russia — now much criticized in hindsight.  Ignored is the fact that as the company’s thinking about public policy developed and as situations changed in these three countries, Hacking Team of its own volition ended these business relationships.

 

All of this has been done not under the demand of legal authority, but by the company acting responsibly.  In recent years, HT has been the most engaged of any company in our industry in working with those developing regulation through regular comment and discussion at industry conferences and elsewhere.

 

But recognizing the need for security, Hacking Team is committed to providing law enforcement a way to do what it has always done, that is to track criminals and prevent or prosecute crime.  With the development of global terrorists and especially the ‘lone wolf’ terrorist, the ability of law enforcement to track them is critical.

 

So Hacking Team provides a powerful tool that allows investigators, working under the law, to track criminals and terrorists.  Technologically advanced and easy to use, HT software has become the leading digital surveillance tool available.  Since the attack on Hacking Team disclosed details of the technology, a number of writers have commented on the sophistication of the HT software.

 

Where do we go from here?

 

It is the commitment of Hacking Team to develop new and better tools for use by law enforcement.  Our software engineers are already at work to create the systems of the future.

In the weeks since the attack, Hacking Team has made other important progress.

 

We now know that the attack on Hacking Team was conducted by sophisticated criminals with the time and the resources to evade protections that were in place.

 

It was never the case that Hacking Team had some secret method of observing or blocking the use of our software by clients.  When the attack was discovered, the company relied on quick work by clients to disable their own systems.

 

Our clients have supported Hacking Team and we are grateful.  Virtually all have agreed to stand by while HT prepares updates and ultimately a new system for surveillance of criminal and terrorist communications.

 

The company is cooperating with law enforcement efforts to apprehend those responsible for the attack.  What happened to Hacking Team could happen to any business or individual using the Internet if their opponents are determined to disrupt their work.

 

Hacking Team will restore the capabilities of law enforcement clients. Until this work is complete, criminals and terrorists in countries around the world will have a lot less to worry about from the law.

 


David Vincenzetti

CEO

Hacking Team

 

# # #

For further information:

Eric Rabe, Chief Marketing and Communications Officer, +39 337 1143876

This e-mail address is being protected from spambots. You need JavaScript enabled to view it

 

 

 


 

News Release

July 22, 2015

 

Statement from Hacking Team

The single fact not generally covered by news media is this: there is only one violation of law in this entire episode, and that one is the criminal attack on Hacking Team. The truth is that the company itself has operated within the law and all regulation at all times.  
However, commentators dislike the fact that strong tools are needed to fight crime and terrorism, and Hacking Team provides them.  So the company is being treated as the offender, and the criminals who attacked the company are not.  Had a media company been attacked as Hacking Team has been, the press would be outraged.

Here are the facts:

  • Hacking Team was the victim of a criminal act or acts sometime before July 6.  The attackers stole and then exposed via the Internet company proprietary information as well as personal information of our employees and even some information about our clients. 
  • Data from investigations conducted by Hacking Team clients was not exposed during the attack.  Such information is only maintained on the systems of clients, and cannot be accessed by Hacking Team.
  • The criminals exposed some of our source code to Internet users, but by now the exposed system code is obsolete because of universal ability to detect it. However, important elements of our source code were not compromised in this attack, and remain undisclosed and protected. 
  • The company has always sold strictly within the law and regulation as it applied at the time any sale was made.  That is true of reported sales to Ethiopia, Sudan, Russia, South Korea and all other countries. 
  • There have been reports that our software contained some sort of “backdoor” that permitted Hacking Team insight into the operations of our clients or the ability to disable their software.  This is not true.  No such backdoors were ever present, and clients have been permitted to examine the source code to reassure themselves of this fact.
  • Hacking Team has not been involved in any program to use airborne drones as has been reported.


100% Compliance with laws and regulations

Hacking Team has been accused of selling technology to various countries at a time that such sales were banned.  This is not true.  In the case of every sale, Hacking Team has complied with regulations in effect at the time of the sales.  Today the company complies with new regulation developed in 2014 and enacted in January 2015.  Under this new regulation, Italy reviews all sales of Hacking Team technology in accordance with European Union and Wassenaar Arrangement requirements.

The sale of “weapons” have been banned to certain countries.  Hacking Team technology has never been categorized as a weapon.  At the time of the company’s only sale to Sudan in 2012, the HT technology was not classified as a weapon, arms or even dual use.

In fact, it is only recently that has Hacking Team technology been categorized under the Wassenaar Arrangement as a “dual use technology” that could be used for both civil and military purposes.  Dual use technologies are regulated separately from weapon technologies.

 

# # #

For further information:

Eric Rabe, Chief Marketing and Communications Officer, +39 337 1143876

This e-mail address is being protected from spambots. You need JavaScript enabled to view it

 

 



 

News Release

July 14, 2015

For the Italian translation: medium.com


Statement from the CEO of Hacking Team, David Vincenzetti


The lawful surveillance system that Hacking Team has provided to law enforcement for more than a decade is critical to the work of preventing and investigating crime and terrorism.  Indeed, because of the increasing encryption of data transmitted over mobile devices and the Internet, this work has never been more critical than it is today.  Today’s Internet is a safe harbor for criminals such as those who attacked Hacking Team, but also for terrorists, sex traffickers, murderers, narcotics dealers and other wrong-doers.


No other company has ever produced a lawful surveillance capability nearly as comprehensive, as easy to use, or as powerful as ours.  Because of that, we have always sold this system exclusively to government agencies, and today export of the system is controlled by the Italian government under the Wassenaar Arrangement.  Our technology has always been sold lawfully, and, when circumstances have changed, we have ended relationships with clients such as Sudan, Ethiopia and Russia.


Make no mistake about it, what happened earlier this summer in the attack on our company was a reckless and vicious crime.  We have reported it to Italian authorities who are investigating, and we expect the authorities of other nations to be involved as well.


While it is true that the criminals exposed some of our source code to Internet users, it is also true that by now the exposed system elements are obsolete because of universal ability to detect these system elements.  Today we believe it is extremely unlikely that this obsolete code can be used to surveil cell phones, mobile devices or computer communications.


However, important elements of our source code were not compromised in this attack, and remain undisclosed and protected.  


We at Hacking Team are now dedicated to restoring the ability of law enforcement to fight crime hidden in the new encrypted digital world.


We have already isolated our internal systems so that additional data cannot be exfiltrated outside Hacking Team.  A totally new internal infrastructure is being build at this moment to keep our data safe.


Of course, our top priority here has been to develop an update to allow our clients to quickly secure their current surveillance infrastructure.  We expect to deliver this update immediately.  This update will secure once again the “Galileo” version of Remote Control System.


And because we have always been committed to being the leading technology company in our field, for months Hacking Team has been building a complete revision of our system.  Remote Control System, version 10, will be released in the fall.  This is a total replacement for the existing “Galileo” system, not simply an update.  Of course, it will include new elements to protect systems and data considering the impact of the attack against Hacking Team.


We appreciate the patience and support of our clients as we work though the process and we believe that we will emerge with new and better tools for law enforcement and more committed than ever to assuring the safety and security of us all.


David Vincenzetti
CEO
Hacking Team 

 

# # #

For further information:

Eric Rabe, Chief Marketing and Communications Officer, +39 337 1143876

This e-mail address is being protected from spambots. You need JavaScript enabled to view it

 

 



 

News Release

July 8, 2015

 Information related to the attacks on HackingTeam on July 6, 2015

Revised July 8, 2015

It is now apparent that a major threat exists because of the posting by cyber criminals of HackingTeam proprietary software on the Internet the night of July 6. HackingTeam's investigation has determined that sufficient code was released to permit anyone to deploy the software against any target of their choice.

Before the attack, HackingTeam could control who had access to the technology which was sold exclusively to governments and government agencies. Now, because of the work of criminals, that ability to control who uses the technology has been lost. Terrorists, extortionists and others can deploy this technology at will if they have the technical ability to do so.

We believe this is an extremely dangerous situation.

HackingTeam is evaluating if it is possibile to mitigate the danger. We expect too that anti-virus companies are upgrading their programs to detect the compromised RCS.

# # #

HackingTeam engineers are working around the clock to provide an update to the Remote Control System that will allow clients to resume criminal and intelligence investigations.

In response to HackingTeam's request, virtually all clients have suspended use of the system that was compromised in the attack.

This is an important step to protect on-going police and intelligence investigations.

There have been reports that HackingTeam has 'backdoors' in its systems that would allow us to control the systems remotely. This is simply not true. Clients operate our technology on their own computer systems, and so it is clients who must take action to suspend operations.

# # #

For further information:

Eric Rabe, Chief Marketing and Communications Officer, +39 337 1143876

This e-mail address is being protected from spambots. You need JavaScript enabled to view it

 


 

News Release
March 10, 2015

HackingTeam Response to Citizen Lab Report of March 9, 2015

Citizen Lab, at the University of Toronto has published a report attempting to link Hacking Team technology to what the report alleges have been efforts by the government of Ethiopia to target journalists.  Citizen Lab released a similar report in February of 2014.

We cannot identify our clients since to do so could jeopardize ongoing law enforcement investigations. Obviously, clients require this confidentiality in order to conduct legitimate legal surveillance of suspects in cases of crime, terrorism or other illegal activity.

At any time that we become aware of allegations of abuse of our software, we investigate. Sometimes we find that our technology is not involved as alleged. Other times we may find that circumstances exist that cannot be disclosed or known to the person or agency making the allegations. In other cases we may find a use of our software that violates our agreement with clients.

We take appropriate action depending on what we can determine.  In cases where we find that an agency is misusing our technology, we can take a variety of actions up to and including suspending support for the system.

Of course, we take precautions with every client to assure that none abuses our system.

We have described the obligations we expect customers to abide by in our Customer Policy. We do our own evaluation before we agree to accept a client, and we consider the pubic record of a client at that time. In the past, we have declined to do business when we thought there was likely to be misuse our technology.  Should questions arise after we contract with a client, we then reevaluate the situation.  We take action when we believe it is warranted.

Our contracts include provisions consistent with our Customer Policy. Furthermore, the laws of the countries of our clients govern the use of our technology, and the Italian Economics Ministry under the Wassenaar protocols governs our sale of this technology.

We do not report the results of our investigation to the press or other groups, because we consider this to be an internal business matter.  Of course, we rely on the International community to enforce its standards for human rights protection.

We believe HackingTeam has gone further than any other company to address the concerns of human rights organizations and Citizen Lab not only through our own policies but also by complying with international standards including the Wassenaar Arrangement protocols.  No other company has agreed to this level of oversight for surveillance technologies.

 

For further information:

Eric Rabe
Chief Marketing and Communications Officer
Hacking Team
215-839-6639
This e-mail address is being protected from spambots. You need JavaScript enabled to view it

 

 


 

News Release
Feb. 25, 2015

 

HackingTeam Complies With Wassenaar Arrangement
Export Controls on Surveillance and Law Enforcement/
Intelligence Gathering Tools

 

Milan, Italy (Feb. 25, 2015)  Hacking Team, the world leader in providing state-of-the-art software tools for surveillance to law enforcement and intelligence agencies, said today it is complying fully with the export controls called for in the nineteenth Plenary meeting of the Wassenaar Arrangement.  No other company in the lawful surveillance industry has made this commitment.

These export controls are designed to assure that only appropriate governments or government agencies are able to use surveillance software and that the use of the software in no way threatens international or regional security or stability.

On January 1, 2015 , the European Union (E.U.) implemented the Wassenaar guidance and applicable dual use legislation.  Hacking Team instituted the new procedures immediately.

“We designed our system to be used to fight crime and terrorism and we want it to be used for that purpose,” said David Vincenzetti, CEO of Hacking Team.  “Criminals and terrorists around the world routinely use mobile phones, mobile devices, computers, and the Internet to commit horrific crimes and terrorism.  Without HT technology law enforcement is blind to this activity.”

“We are now the first in our industry to comply with these latest international laws, and we are doing so because we are committed to assuring that our products are not misused,” Vincenzetti said.

Under the procedures agreed to by Hacking Team and the Italian Ministry of Economic Development, HT will request from the Italian Government export authorization for its technologies.

Previous to this regulation, the company had already instituted internal controls and procedures to assure its software is not abused.  The Wassenaar protocols add additional insurance that Hacking Team technologies are only provided to and used by appropriate agencies and governments.

Since its founding, Hacking Team has recognized the power of its tools that allow law enforcement agencies to monitor computer traffic, mobile phone and other similar communications.  The company voluntarily instituted a customer policy published on the hackingteam.com website to assure that its tools were not abused.

Hacking Team has also committed to abiding by international black lists and other guidelines so that its surveillance system is not sold to states or state agencies that might abuse it.

For further information:

Eric Rabe
Chief Marketing and Communications Officer
Hacking Team
215-839-6639
This e-mail address is being protected from spambots. You need JavaScript enabled to view it

 



 

About us

Here in HackingTeam we believe that fighting crime should be easy: we provide effective, easy-to-use offensive technology to the worldwide law enforcement and intelligence communities. Technology must empower, not hinder.

 

Exclusively focused on offensive security, HackingTeam was founded in 2003. In 2004, we were the first to propose an offensive solution for cyber investigations, with such a strong reception that in 2007 we were venture backed. All the development is made in Milan, by a team of 50+ professionals focusing on all the aspects of offensive security, Our technology is used daily to fight crime in six continents.