Hacking Team Loses Its Global License To Sell Spyware

Hacking Team is in the news again - never a good thing for a company that’s supposed to be all about stealth and discretion.

The Italy-based Hacking Team, which sells surveillance and hacking tools to governments, suffered an embarrassing hack of its own in July 2015, when 500-GB of internal files, emails and its product source code were dumped online for all the world to see.

In recent months Hacking Team stayed mostly below the radar as it worked to rebuild its business. But the company was just dealt a major setback by the Italian Ministry of Economic Development (MISE), which regulates “dual-use” technologies, so-called because they can be used for both civilian and military purposes.

As first reported recently by the Italian newspaper Il Fatto Quotidiano, the ministry has revoked “with immediate effect” Hacking Team’s “global authorization” to sell its Remote Control System (RCS) spyware suite to a list of 46 countries, mostly outside of the European Union.

The Italian government’s ruling means Hacking Team will need an “individual license” to sell to any of those countries (only some of which are past or current Hacking Team customers), according to a report from Motherboard.

Eric Rabe, Hacking Team’s spokesperson, confirmed in a statement to Motherboard that the company’s global license had been revoked, but that Hacking Team still has a license to sell within the EU and “expects to be given approvals for sales to countries outside the EU.”

MISE told Motherboard that it was aware that in 2015 Hacking Team had exported its products to Malaysia, Egypt, Thailand, Kazakhstan, Vietnam, Lebanon and Brazil.

The ministry explained that “in light of changed political situations” in “one of” those countries, MISE and the Italian Foreign Affairs, Interior and Defense ministries decided Hacking Team would require “specific individual authorization.”

Hacking Team maintains that it does not sell its spyware to governments or government agencies where there is “objective evidence or credible concerns” of human rights violations.

The company also says it is fully compliant with export restrictions under the Wassenaar Arrangement – an international agreement regarding dual-use technologies – and it “reserves the right” to “suspend support” if customers violate the terms of their contracts.

In a report issued after last year’s Hacking Team breach, Privacy International said Hacking Team’s self-regulation is “not enough to ensure that their products are not used for human rights violations,” and recommended stronger export control regulations.

The Italian government revoking Hacking Team’s global license to sell spyware anywhere in the world, and requiring special authorization to deal with certain countries, appears to be a big step in that direction.

Naked Security: http://bit.ly/1VfSPSK

« The First Ghost Ship In The US Robotic Navy
German Police Catch Suspect in Global Cyber Crime Operation »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Maryman & Associates

Maryman & Associates

Maryman & Associates are specialists in computer forensic investigations, incident response and e-discovery services.

Assured Information Security (AIS)

Assured Information Security (AIS)

AIS is committed to providing our customers with critical information security products, services, and training. We support diverse needs throughout business and industry.

ThreatMark

ThreatMark

ThreatMark provides fraud detection solutions for digital banking and payments.

Idaho National Laboratory (INL)

Idaho National Laboratory (INL)

INL is an applied engineering laboratory dedicated to supporting the US Dept of Energy's missions in energy research, nuclear science and national defense including critical infrastructure protection.

Digital Innovation Hub Slovenia (DIH)

Digital Innovation Hub Slovenia (DIH)

DIH Slovenia is a central hub providing services to grow digital competencies in areas including robotics, IoT, cyberphysical systems and cybersecurity.

Digi International

Digi International

Digi is a leading global provider of mission-critical and business-critical machine-to-machine (M2M) and Internet of Things (IoT) connectivity products and services.

DigiByte (DGB)

DigiByte (DGB)

DigiByte (DGB) is a rapidly growing global blockchain with a focus on cybersecurity for digital payments & decentralized applications.

Infopercept Consulting

Infopercept Consulting

Infopercept is a leading cybersecurity company in India, providing a critical layer of security to protect business information, infrastructure & assets across the organization.

CISO Global

CISO Global

CISO Global (formerly Cerberus Sentinel) are on a mission to demystify and accelerate our clients’ journey to cyber resilience, empowering organizations to securely grow, operate, and innovate.

Arcturus Security

Arcturus Security

Arcturus is a CREST-approved cyber security consultancy created by experts in the field.

Ridge Security

Ridge Security

Ridge Security enables enterprise and web application teams, ISVs, governments, education, DevOps, anyone responsible for ensuring software security to affordably and efficiently test their systems.

Esprinet

Esprinet

The Esprinet Group is an enabler of the technology ecosystem: a team of people who promote access to technology through an extensive network of professional resellers.

Index Engines

Index Engines

Index Engines is the world’s leading AI-powered analytics engine to detect data corruption due to ransomware.

OrbiSky Systems

OrbiSky Systems

OrbiSky Systems is a British tech startup specializing in data management and cybersecurity solutions.

Ipseity Security

Ipseity Security

Ipseity Security provide security-centric advisory and consulting services for organizations to secure their perimeter-less digital transformation to meet business and security requirements.

Black Duck Software

Black Duck Software

Black Duck (formerly the Synopsys Software Integrity Group) is the market leader in application security testing (AST).