Attack that revealed data exposing deals with dictatorships was on a ‘governmental level’ and ‘planned for months’, says David Vincenzetti in first statement
David Vincenzetti, 47, founder of the Milan-based company, told
Vincenzetti said: “This is not an impromptu initiative: the attack was planned for months, with significant resources, the extraction of data took a long time.” But he did not explain how Hacking Team apparently failed to notice the attack while it was taking place.
•
In response to concerns that Hacking Team supplied tools to repressive states which could be used to hack into and spy on almost anyone, Vincenzetti said: “We did [sell tools to Libya] when suddenly it seemed that the Libyans had become our best friends.” He also admitted providing tools to Egypt, Ethiopia, Morocco and Sudan, as exposed by the company’s email archive, though denied dealing with Syria.
But Vincenzetti said: “The geopolitical changes rapidly, and sometimes situations evolve. But we do not trade in weapons, we do not sell guns that can be used for years.” He said that without regular updates its tools are rapidly blocked by cyber security countermeasures.
In the case of the Ethiopian government, which used Hacking Team tools to spy on journalists and activists, Vincenzetti said: “We’re the good guys … when we heard that Galileo had been used to spy on a journalist in opposition of the government, we asked about this, and finally decided to stop supplying them in 2014.”
Meanwhile, the impact of the Hacking Team data dump continues to affect wider cubersecurity. A further two vulnerabilities within Adobe’s Flash plugin have been exposed and are actively being exploited as a result of the attack,