back to article Hacking Team: We're the good guys, but SO misunderstood. Like Batman

The boss of Italian spy firm Hacking Team has spoken out for the first time about the recent massive hack of the company databases. This has exposed severe software security holes and gifted terrorists with zero-day exploits, among other things. David Vincenzetti, in an interview with La Stampa newspaper, claimed his firm …

Page:

  1. Camilla Smythe

    No Shit...

    I've only got a 200GB hard one and I think I might notice if someone was exfiltrating the data off of it given my porn download rates would take a dive.

    Perhaps next thing we know someone, some miscreant, will work out how to reverse engineer Galileo such that those who are using it get all their data slurped as well... assuming Hacking Team has delivered a 'clean product' without their own backdoors in place.

    After all if the originators fucked up 400GB that badly then you have to ask how many bullets the gun has in it.

    What's the EyeTalian for Numpties?

  2. Anonymous Coward
    Anonymous Coward

    @Hacking Team

    You lost the right to call yourselves good guys when you chose to hoard critical vulnerabilities and leave Rape Crisis centers open to attack.

  3. nsld
    Coat

    Maybe

    He should sell guns, after all, second hand Italian rifles have never been fired and only dropped once.....

    1. Anonymous Coward
      Anonymous Coward

      Re: Maybe

      Oh my god no, besides Beretta being an excellent handgun, remember Kennedy was shot with a Carcano rifle...

  4. Planetary Paul
    Coat

    Well, I'm not a crook.

    Whoops! Who's that lifting my wallet?

  5. Captain DaFt

    "We're the good guys."

    That phrase is only ever uttered by the good guys in cheesy action dramas.

    In the real world, actions speak louder than words, and if someone feels it's necessary to make that claim in the face of facts, only a fool would trust them.

    1. LaeMing

      Re: "We're the good guys."

      Makes me think of the end of "Falling Down" when the pro-antagonist realises 'I'm the bad guy?"

    2. Ole Juul

      Re: "We're the good guys."

      "uttered by the good guys in cheesy action dramas"

      Spaghetti Westerns, to be exact.

      1. Anonymous Coward
        Anonymous Coward

        Re: "We're the good guys."

        You sure? I don't recall Clint Eastwood ever saying a line of that sort in any of his three Sergio Leone movies.

        1. Ole Juul

          Re: "We're the good guys."

          "You sure? I don't recall Clint Eastwood ever saying a line of that sort in any of his three Sergio Leone movies."

          Fine, so let's call it Spaghetti Hacking.

        2. Sir Runcible Spoon

          Re: "We're the good guys."

          "I don't recall Clint Eastwood ever saying a line of that sort in any of his three Sergio Leone movies."

          He didn't need to, he was clearly labelled as such in one of the intro's. I'm also not sure those movies can be safely placed into the 'cheesy' category.

  6. Anonymous Coward
    Anonymous Coward

    Whatever your purpose.....good ..... bad:

    You not as "Good" as you thought, 'eh? PWND BITCHES!!! And now your criminal-ware is owned by all criminals - Governments and entrepreneurs.

    1. John Smith 19 Gold badge
      Unhappy

      "your criminal-ware is owned by all criminals - Governments and entrepreneurs."

      Is there a line between these groups?

      I'm having trouble telling one lot from the other.

  7. Anonymous Coward
    Anonymous Coward

    They're trying to make you believe it was a very capable adversary...

    .. but it could be simply an insider job, maybe some sort of revenge.

    Foreign government using their software, if not happy about some of the customers, would have had different ways to 'put a gentle pressure' on Hacking Team to make them stop those sales, instead of crippling their own investigation fully, and some of agencies they have to work with (unless one or more of those investigations were the actual target)

    Of course yelling 'NSA p0wned us' makes you look better than saying 'we didn't know someone working for us stole all our data'

    1. Lars Silver badge
      Happy

      Re: They're trying to make you believe it was a very capable adversary...

      Governments and large organizations do the same all the time, not that it couldn't be true but there is always this "mama he was bigger than me" feeling about it.

  8. Anonymous Coward
    Anonymous Coward

    "But we do not trade in weapons"

    Liar.

    1. Anonymous Coward
      Anonymous Coward

      Surveillance devices are not classified as weapons. I agree this kind of software, and many other surveillance devices sales should be restricted, but they are not yet.

      You can easily buy a lot of those devices online, have you ever seen the nice alarm clocks with a cam inside? Be careful, when you go to bed, especially if the one besides you is not your wife/husband, or if underage...

      1. Anonymous Coward
        Anonymous Coward

        Depends upon context. A hammer in the hands of a carpenter isn't necessarily a weapon; whereas one in the hands of a burglar is to be viewed with some suspicion.

        I'd say that selling surveillance software to dickbags like Libya, Sudan and Saudi Arabia definitely places it in the weapon class. Are they going to use it to be nice to people? Doubt it....

      2. Anonymous Coward
        Anonymous Coward

        Just being pedantic, but these weren't surveillance devices, they were hijack tools. One of the demonstrations was of how to plant child porn on someone's computer.

        1. Anonymous Coward
          Anonymous Coward

          Which, I agree, was a very stupid one, because it would turn any evidence gathering attempt into a useless one. Anyway, once you had modified a computer with a Trojan, evidences could be always be questioned. Often, surveillance is not for gathering evidences, just to collect data that could be used to identify which evidences to gather using other ways.

          I'm not saying it was a good surveillance device, I really believe they went too far - just, it's not the only surveillance device around - you could be surprised how many there are for sales, from toy-like to the sophisticated ones, it's just a matter of how much you're willingly to spend. Just go there, for example form a reputable photo gear seller, and choose your one:

          http://www.bhphotovideo.com/c/buy/Hidden-Cameras/ci/18682/N/4045021092

          And these are just the toys... you can easily find some more sophisticated ones. And think about drones...

          1. Anonymous Coward
            Anonymous Coward

            Anyway, once you had modified a computer with a Trojan.....

            These use unknown exploits, therefore how do you prove you have a trojan if nothing detects it?

    2. Anonymous Coward
      Anonymous Coward

      And beware, in the US if they are classified as some sort of weapons, they could even be protected by the Second Amendment... and everybody would have the right to own some, just like they do with guns and rifles...

      1. dan1980

        @AC

        . . . and F-15s?

        1. Anonymous Coward
          Anonymous Coward

          There are people that own defanged fighter jets, quite a few from the post-breakup Soviet Union. You just have to have a ton of money to pay your support people, certifications (airworthiness for example), and so forth. What's interesting is that if you are in the military, even reserve and/or enlisted, and own an aircraft, you can fly into and keep your plane on the airbase. Two of my fellow techs (married) had a Cessna given as a wedding present from the bride's father. It was parked about 150' from where we worked. If both were off-watch for a couple of days, they'd fly up to visit either of their families.

  9. cantankerous swineherd

    hardly likely the guy was going to hang his head in shame and admit to being a repulsive spiv.

  10. Mark 85 Silver badge

    Doubtful...

    In this case, judging from what I've read here and elsewhere... I doubt any government agency did this. If they had, I believe they would have kept it to themselves for the vulns or... maybe a bit of blackmail by threatening to release it.

    In the SONY case, the only reason a governmental player would have released it would be for the embarrassment factor and possibly the harassment of employees by miscreants.

    Reality.. it doesn't matter who hacked them, they're reputation is toast.

  11. Anonymous Coward
    Anonymous Coward

    Legal help

    If a person has child porn on his machine and can show that he had vulnerable software, could this now be a defense? 'The FBI planted the evidence!!!' Seriously this turns all of recent convictions of $BAD_GUY de jure into a big morass.

    1. Anonymous Coward
      Anonymous Coward

      Re: Legal help

      I'd say it will be inevitable now that this defence will be tried in court and will work at least once.

    2. Anonymous Coward
      Anonymous Coward

      Re: Legal help

      Those investigation usually don't rely on a single evidence - but multiple ones.

      1. Anonymous Coward
        Anonymous Coward

        Re: Legal help

        I admit you've lost me. You seem to be arguing that if the prosecution is planting evidence they'll only ever plant one piece of evidence. Care to re-word?

        1. FlatSpot
          Facepalm

          Re: Legal help

          Presumably referring to other forms of evidence such as router logs, dns lookups etc that would show the source of the data transfer

          1. Anonymous Coward
            Anonymous Coward

            Re: Legal help

            ... perhaps I wasn't clear. How do you prove that these files (router logs, dns records...) haven't been modified too?

  12. Anonymous Coward
    Anonymous Coward

    They are probably financed by the mafia. They are are always looking for new income streams but are still quite naive about data security. Honourable Italians are very hard to come by and I say this from 10 years personal experience.

    1. Anonymous Coward
      Anonymous Coward

      If they were really financed by the Mafia, if I were those publishing their data, I would be a little worried about finding myself in a concrete block one day or another <G>. Just mafias are not really known for selling surveillance devices to law enforcement agencies. Just, Hacking Team is not the only company selling this kind of software, and you can find plenty of them outside Italy as well. Last time I checked, there were a lot of greed people outside Italy as well.

  13. Evil Auditor
    FAIL

    an unnamed government or organisation with "considerable funds"

    A 15yo script kiddie? Just guessing.

    When you are, like Hacking Team, operating on this filthy side of business, you want to make damn sure that even an organisation with considerable funds will not get to your data. Not saying it's easy, but it is possible. And those idiots from Hacking Team were literally screaming: "pwn us!"

  14. Anonymous Coward
    WTF?

    Uh ?

    They are a bunch of rank amateur (digital) arms dealers that sell to the highest dodgy bidder and have had their trousers pulled down by professionals.

  15. Anonymous Coward
    Anonymous Coward

    Some country could have paid someone $300,000 to hack them and still save tons of money.

    Do the files show that they refused to sell to a country?

    1. Anonymous Coward
      Anonymous Coward

      "Do the files show that they refused to sell to a country?"

      I think they show that they would sell to anyone!

  16. Will Godfrey Silver badge
    Thumb Down

    Total Reality Detachment

    They hoard all these vulnerabilities knowing that millions of people are put at risk by them, then make a business of selling software using them - to just about anyone with the money, as is now revealed.

    They have the extreme arrogance to assume nobody else could have discovered the same issues, or maybe they simply don't care. They don't properly secure any of the information, and when the inevitable happens they (apparently) can't even see, let alone accept that they've been total shitbags.

    Anyone who knowingly and deliberately endangers people for the sake of money is, in my book, the absolute lowest form of slime.

  17. iLuddite

    fawlty assumptions

    My opinion describes reality, therefore your opinion is insane drivel.

    I am politically correct, therefore you are incorrect.

    We're the good guys, therefore anything we do is OK. If you disagree, you might be the bad guys.

    Etc.

  18. Six_Degrees

    You're not the good guys. You sell your goods and services to some of the most odious, repressive regimes on the planet, for the purpose of monitoring their citizenry and persecuting their opposition.

    And you certainly weren't hacked by some government agency - which would have simply remained quiet about the theft, rather than publishing it for all the world to see. Intelligence doesn't do the holder any good if they share it with the whole planet.

    You got hacked by a private organization, motivated by your loathsome business practices and clientele. Own it.

  19. jibanes

    Crime does not pay.

    1. Anonymous Coward
      Anonymous Coward

      It does pay, very well, so well we can't touch the Banks, Corporations and Politicians.

      But I get what you're saying, in the end there's hope some of them will be caught.

  20. Grikath
    Black Helicopters

    He may have a point..

    tinfoil hat conjecture time:

    Hacking Team have been trading "software solutions" to.. less than desireable customers... who are, if not under embargo, then at least under heavy scrutiny.

    It's not inconceivable that our dear vulnerability hoarders have had a nice request to ..reconsider.. some of their contracts in the past, and flat out ignored this. After all, it's a small world, and doing business with regimes that are ..not currently in favour.. will get you Looked At by some people with Opinions, and the clout to do something.

    Now officially [Agency X] can't shut a business down. But Accidents do happen, and there's a fairly long list of organisations who are quite capable of making such an accident happen, directly or by proxy. In the end the result is the same: Hacking Team is for all practical purposes dead in the water, the vectors they used will be plugged ( which may or may not be acceptable collateral damage) and the customers-who-are-not-in-favour will lose their spyholes. No actual victims, and a good chance the next set of negotiations with a dodgy "data solutions provider" will only need a nudge and a wink.

    It's almost ..Italian Style.... ;)

  21. dan1980

    You know all those people at risk because of this leak?

    Guess what? They were always at risk.

    Their line appears to be that they are the 'good guys' and that the 'good guys' should be allowed to hoard such vulnerabilities and exploits and then sell them to other 'good guys' so they can use them to do 'good things', but if 'bad guys' get their hands on it then they will use them to do 'bad things' and that will be bad.

    Now, I agree whole-heartedly with the second half: if malicious actors get their hands on these vulnerabilities then bad things will indeed happen and have happened. But surely that implies that you have a responsibility to protect this information and ENSURE that it doesn't fall into the wrong hands.

    I appreciate that preventing well-funded, technologically-capable and determined attacks is very difficult (and expensive) but this software is sold to Governments!!! If that's the level your are operating at then you HAVE to expect that there will be attacks that will be VERY well-funded - possibly even from other states.

    So it's no excuse to say that the attackers had "considerable funds" with one breath and then with another say just how dangerous the people are ('terrorists!') who are now making use of this and how much harm this will cause.

    You (Hacking Team) are admitting that the data you were hoarding was very dangerous and desirable to criminal and terrorist organisation and 'bad' countries/governments but yet evidently did not secure it against these threats.

    That is negligence; you actively pursued information that puts everyone at risk and, rather than help protect them from that risk, you exploited it to make money.

    The line that you "do not trade in weapons" is irrelevant. You trade in something that, by your own admission, would create an "extremely dangerous situation" and a "major threat" if it got into the 'wrong' hands. Thus, just like people who deal with "weapons", you have a responsibility to prevent this dangerous product from being accessed by those wrong hands.

    But you didn't, and so information you have hoarded and the tools you have created to exploit it are being used by exactly those people.

    Of course, this is all taking their rhetoric - that they are the 'good guys' and only sell to ethical "governments and government agencies" - at face value, which is something that I still find not good enough.

  22. Trevor_Pott Gold badge

    Dear Hacking Team,

    You are not the good guys. You are evil, sociopathic asshats. I hope you rot in prison for your crimes. Or, at least, that's the politically correct way of saying things. The truth is that I am much, much more hateful towards you. What you have done is evil. Worse, you not only show no remorse for your crimes, you seem to honestly believe that you have done nothing wrong.

    There is a part of me that believes you are entirely beyond redemption. There is a part of me that is truly hateful.

    Hacking Team: I hope you get cholera and shit yourselves to death.

    There, I've said it. It probably makes me a bad person...but if my "badness" comes in wishing ill upon those who have actively sought to help remove rights from the majority of people in the world, I'm oddly okay with my own incivility. May you reap in full everything you have sown.

    1. dan1980

      Y'know Trevor, there are times when I wonder whether you're actually my evil twin - me without my rage-to-keyboard filter.

      1. Trevor_Pott Gold badge

        Trevor, what do you do for a living?

        I say in public things others only say in private.

  23. John Smith 19 Gold badge
    Unhappy

    We live in an unsafe world. So they decided to help to make it *less* safe.

    No doubt they do not see things that way.

    It would take a pretty strong stomach to live with yourself if you did.

    But that's what they are and that's what they do.

    If you want to live like that you're infosec had better be airtight.Always.

    Otherwise sooner or later you will discover that Karma is a bitch.

  24. Fatman
    Joke

    :We're the Good Guys (tm)"

    In a word:

    BULLSHIT!!!!

    Says it all!

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021