After Cyber Attack, "Hacking Team" Founder Speaks Out
After a devastating leak and allegations of working with oppressive regimes, the Milan technology firm's founder responds to the critics.
MILAN — After weeks of silence, the day of truth has arrived. David Vincenzetti, the 47-year-old founder of the infamous Milanese technology firm Hacking Team, agreed to finally give his perspective on the devastating cyber attack on his company's servers.
Hacking Team rose to prominence by producing Galileo, a suite of surveillance technologies that allow governments to intercept and decrypt data. More than 40 countries in the world use the product to infiltrate and monitor the communications of terrorists, traffickers and criminals. But the firm has attracted controversy for dealing with non-democratic clients — the governments of Sudan, Libya and Ethiopia, for example — who use the technology to crack down on opposition.
The recent cyber attack — which came to light when Hacking Team's Twitter account was taken over on July 6 — stole millions of documents from the firm's servers, as well as parts of Galileo's source code itself. The 400 gigabytes worth of data wound up on Wikileaks and is also available for download via torrent. The scale of the leak has set cyber security experts and government agencies around the world scrambling to evaluate the scope of the damage.
The fateful morning
"It was 3:15 a.m. when I was alerted about the attack," Vincenzetti recalls. "We immediately shut down our main network and notified all our clients about the intrusion, and suggested that they suspend their usage of Galileo."
"From our preliminary evaluations we believe that parts of the Galileo source code were stolen, as well as documents and emails," he said. "Since then, we've dedicated ourselves to evaluating the damage and returning things to normality."
[rebelmouse-image 27089205 alt="""" original_size="489x287" expand=1]
Hacking Team's top brass play down the risks of the leak, but they acknowledge they took a tough hit. Some of the leaked documents and codes will allow targets of government surveillance to verify if their devices have been compromised, but not for very long.
A July 14 announcement on the company's website said an update had fixed the issue. Vincenzetti said that by the end of the year Hacking Team will release version 10, which "will completely solve the problem." Much like a regular antivirus program, Galileo can quickly become obsolete.
"This kind of cyber attack could only be carried out by government operatives. This wasn't spontaneous. The attack was planned months before with considerable resources. The extraction of the data took a very long time, " he says.
In addition to the Italian judicial inquiry, other investigations into the matter are underway. Vincenzetti declined to respond when asked if the U.S. authorities are also looking into the attack. When asked about the supposed "backdoors" in Galileo that would allow Hacking Team to monitor the program's use, the founder bursts out laughing.
"They're all lies," he says. "More than 40 countries and 50 agencies around the world use our product, and none of them would use it before analyzing every single line of code." Galileo also works under "customer isolation," meaning that Hacking Team may install the software and release updates, but it cannot know how the product is used.
"Yes, we did do business with Libya," Vincenzetti admits. "But we did it when it seemed the Libyans were becoming our best friends. We had no relationship with Syria, but we did with Egypt and Morocco." The situation with Ethiopia is a bit more complicated. "When we found out the Ethiopians used Galileo to spy on an opposition journalist we asked for an explanation, and at the end of 2014 we stopped supplying them," he explains.
But the most controversial of Hacking Team's former clients is Sudan, whose security services are notorious for their involvement in the war in Darfur. Vincenzetti admits working with Khartoum's intelligence services, but he maintains — despite evidence to the contrary in the leaked documents — that the sales occurred before the passage of laws banning "dual use," which forbade companies from selling surveillance technology to countries that could use it to intimidate the opposition.
"The geopolitical chessboard is constantly changing, and situations often evolve. But we are not arms dealers, we don't sell rifles that can be used for years," he says. After a few weeks without updates Galileo becomes useless, because new countermeasures to the program are released continuously.
Vincenzetti cites the hundreds of examples in which his firm's tools helped infiltrate terrorist sleeper cells, discover "lone wolves," resolve long-running criminal investigations and scour the deep web in search of images and information that would otherwise be unattainable.
"We also provide an artificial intelligence system that is able to make autonomous decisions," he says. "For example, if someone picks up a phone to reply to a call, the software takes a photo by accessing the phone's camera, revealing the identity of the person."
Crossing the line?
"I'm not scared. Even after what happened I'm leaving it all behind and moving forward," he says. "Since last year I've been a victim of many attacks. They sabotaged my car, connecting the battery to the gas tank. Six months earlier a group of people wearing Anonymous masks broke into our office, vandalizing and stealing from it. But I am indestructible."
He is confident that his company will recover. "The experiences I've been through have made me stronger," he adds.
Vincenzetti is proud to help countries fight crime even as his firm operates on the fringes of legality, in the grey area between state-sanctioned work and outright criminality. And even if several documents, organizations and activists suggest otherwise, he is convinced that his company has never crossed that line.
Despite all the criticism, David Vincenzetti says he's sure of one thing: "We are the good guys."