Hacking Team, the security software company that provided governments worldwide with covert hacking and surveillance tools, has come out fighting in a statement defending the company.
Hacking Team was hit with an avalanche of bad publicity after it was hacked almost three weeks ago and, according to the hackers, almost the entire data on the company’s network was dumped on the internet.
Since then, coders, security specialists and privacy activists have been poring over the half-a-terabyte data dump, which includes source code, in a bid to find out the company’s secrets. On top of that, Adobe, Microsoft and Oracle have all rushed out patches to secure flaws that the company used in its software.
But the company has attacked the media coverage of the attack claiming that it has been portrayed as the offender, while the hackers have got off scot-free.
“The single fact not generally covered by news media is this: there is only one violation of law in this entire episode, and that one is the criminal attack on Hacking Team. The truth is that the company itself has operated within the law and all regulation at all times,” it claimed.
It continued: “Commentators dislike the fact that strong tools are needed to fight crime and terrorism, and Hacking Team provides them. So the company is being treated as the offender, and the criminals who attacked the company are not. Had a media company been attacked as Hacking Team has been, the press would be outraged.”
Indeed, the company claims that it has complied “100 per cent” with all relevant laws and regulation. However, it’s carefully worded statement also indicates that it was only from 2014 that the company’s technology was classified as a “weapon” and covered under certain legislation and treaties.
“Hacking Team has been accused of selling technology to various countries at a time that such sales were banned. This is not true. In the case of every sale, Hacking Team has complied with regulations in effect at the time of the sales. Today the company complies with new regulation developed in 2014 and enacted in January 2015. Under this new regulation, Italy reviews all sales of Hacking Team technology in accordance with European Union and Wassenaar Arrangement requirements.
“The sale of “weapons” have been banned to certain countries. Hacking Team technology has never been categorised as a weapon. At the time of the company’s only sale to Sudan in 2012, the Hacking Team technology was not classified as a weapon, arms or even dual use.
“In fact, it is only recently that has Hacking Team technology been categorised under the Wassenaar Arrangement as a ‘dual use technology’ that could be used for both civil and military purposes. Dual use technologies are regulated separately from weapon technologies.”
The company also suggested that the leak of its product source code in the attack was not as serious as reports have suggested. “The criminals exposed some of our source code to Internet users, but by now the exposed system code is obsolete because of universal ability to detect it. However, important elements of our source code were not compromised in this attack, and remain undisclosed and protected.”
The company also denied that its software contained any backdoors enabling it to surveil its own customers. “Clients have been permitted to examine the source code to reassure themselves of this fact,” it said.
Hacking Team also denied reports that it has been involved in any programmes to use drones – although emails did indicate interest from Boeing in mounting one of the company’s products on a drone in a bid to remotely crack Wi-Fi networks. However, the emails also indicate that Boeing’s enquiries did not lead to a firm agreement between the two companies.