Hacking Team Loses Its Global License To Sell Spyware

Hacking Team is in the news again - never a good thing for a company that’s supposed to be all about stealth and discretion.

The Italy-based Hacking Team, which sells surveillance and hacking tools to governments, suffered an embarrassing hack of its own in July 2015, when 500-GB of internal files, emails and its product source code were dumped online for all the world to see.

In recent months Hacking Team stayed mostly below the radar as it worked to rebuild its business. But the company was just dealt a major setback by the Italian Ministry of Economic Development (MISE), which regulates “dual-use” technologies, so-called because they can be used for both civilian and military purposes.

As first reported recently by the Italian newspaper Il Fatto Quotidiano, the ministry has revoked “with immediate effect” Hacking Team’s “global authorization” to sell its Remote Control System (RCS) spyware suite to a list of 46 countries, mostly outside of the European Union.

The Italian government’s ruling means Hacking Team will need an “individual license” to sell to any of those countries (only some of which are past or current Hacking Team customers), according to a report from Motherboard.

Eric Rabe, Hacking Team’s spokesperson, confirmed in a statement to Motherboard that the company’s global license had been revoked, but that Hacking Team still has a license to sell within the EU and “expects to be given approvals for sales to countries outside the EU.”

MISE told Motherboard that it was aware that in 2015 Hacking Team had exported its products to Malaysia, Egypt, Thailand, Kazakhstan, Vietnam, Lebanon and Brazil.

The ministry explained that “in light of changed political situations” in “one of” those countries, MISE and the Italian Foreign Affairs, Interior and Defense ministries decided Hacking Team would require “specific individual authorization.”

Hacking Team maintains that it does not sell its spyware to governments or government agencies where there is “objective evidence or credible concerns” of human rights violations.

The company also says it is fully compliant with export restrictions under the Wassenaar Arrangement – an international agreement regarding dual-use technologies – and it “reserves the right” to “suspend support” if customers violate the terms of their contracts.

In a report issued after last year’s Hacking Team breach, Privacy International said Hacking Team’s self-regulation is “not enough to ensure that their products are not used for human rights violations,” and recommended stronger export control regulations.

The Italian government revoking Hacking Team’s global license to sell spyware anywhere in the world, and requiring special authorization to deal with certain countries, appears to be a big step in that direction.

Naked Security: http://bit.ly/1VfSPSK

« The First Ghost Ship In The US Robotic Navy
German Police Catch Suspect in Global Cyber Crime Operation »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Coalfire

Coalfire

Coalfire specialises in cyber risk management and compliance. Our services span the cybersecurity lifecycle from advisory and compliance, to testing and engineering, monitoring and optimization.

Thycotic

Thycotic

Thycotic prevents cyber attacks by securing passwords, protecting endpoints and controlling application access.

DNV

DNV

DNV are the independent expert in assurance and risk management. We deliver world-renowned testing, certification and technical advisory services.

DeuZert

DeuZert

DeuZert is an accredited German certification body in accordance with ISO/IEC 27001 (Information Security Management).

Partnership for Conflict, Crime and Security Research (PaCCS)

Partnership for Conflict, Crime and Security Research (PaCCS)

PaCCS delivers high quality and cutting edge research to improve our understanding of current and future global security challenges in areas including cybersecurity.

Nova Leah

Nova Leah

Nova Leah helps connected medical device manufacturers meet cybersecurity compliance requirements throughout the entire product lifecycle.

Findcourses.co.uk

Findcourses.co.uk

Findcourses is a dedicated education search engine designed to make it easy for our learners to search and find exactly what they need from our community of trusted training providers.

SurePassID

SurePassID

SurePassID is a provider of highly secure, highly extensible multi-factor authentication (MFA) solutions.

apiiro

apiiro

apiiro invented the industry-first Code Risk Platform™ that uses developers and code behavior analysis to accelerate delivery and automatically remediate product risk.

Cythereal

Cythereal

Cythereal is the leader in predicting and preventing advanced malware attacks. Security Automation for the Overwhelmed Administrator.

Cybots

Cybots

Cybots is a multinational cyber defence brand founded in Singapore in 2018 to help organizations stay ahead of increasingly sophisticated threats from cyber criminals.

Systal Technology Solutions

Systal Technology Solutions

Systal is a global managed network and security service and transformation specialist. We help enterprise-level businesses maximise the security and business value of their complex IT infrastructure.

Keyrus

Keyrus

Keyrus is a global consultancy that develops data and digital solutions for performance management.

Scalarr

Scalarr

Scalarr is an innovative, next-generation cyber security firm focused on automation and AI to detect and prevent threats in mobile and Edge/IoT infrastructures.

InterSources

InterSources

InterSources is a trusted partner, leading the way in Cloud Security, Cybersecurity, PLG Consulting, Digital Transformation, and Professional Services.

Konsulko Group

Konsulko Group

Konsulko Group offers embedded Linux software and hardware development and Yocto Project services.