Hacking Team is not the only cyberwar ‘arms dealer’ out there

It’s very interesting to watch the public undressing of a company like Hacking Team–especially when that undressing seems to prove that claims the company has made about its ethics are completely false. Based on the leaked data Hacking Team appears to have a long and distinguished list of less-than-savory nations as customers, but I highly doubt that Hacking Team is alone among security vendors in working with governments.

I wrote a post about why it’s a mistake to assume that Hacking Team is somehow unique in this:

What happens when the hackers get hacked? In the case of Hacking Team the results are not pretty. While the world watches the takedown of Hacking Team and sifts through 400GB of leaked data with morbid curiosity, though, executives at other security vendors are probably getting nervous. What if they’re next to get the “Sony treatment”?

Hacking Team Hacked

Hacking Team specializes in surveillance software—software designed to enable a corporation or government to surreptitiously monitor and collect data. The catalyst for the breach of Hacking Team data is probably related to which nations or governments Hacking Team is working with. The Enemies of Internet project lists Hacking Team as an offender due to alleged ties with countries known for human rights violations, but Hacking Team has publicly denied working with such repressive governments. The leaked data seems to prove The Enemies of Internet right.

Steve Ragan has been covering every detail of the unfolding events in a sort ofliveblog-esque pair of posts he has been updating frequently. In one update Ragan notes, “Christopher Soghoian says that based on the Torrent’s file listing, Hacking Team’s customers include South Korea, Kazakhstan, Saudi Arabia, Oman, Lebanon, and Mongolia. Yet, the company maintains that it does not do business with oppressive governments.”

Later Ragan provides a more detailed lists of countries Hacking Team has allegedly worked with or is still working with, including Egypt, Ethiopia, Morocco, Nigeria, Sudan, Chile, Colombia, Ecuador, Honduras, Mexico, Panama, United States, Azerbaijan, Kazakhstan, Malaysia, Mongolia, Singapore, South Korea, Thailand, Uzbekistan, Vietnam, Australia, Cyprus, Czech Republic, Germany, Hungary, Italy, Luxemburg, Poland, Russia, Spain, Switzerland, Bahrain, Oman, Saudi Arabia, and UAE. He points out that the list of clients and invoices for large sums seem to invalidate Hacking Team’s claims that it doesn’t do business with abusive governments.

Hacking Team Is Not Alone

This is all very interesting in a schadenfreude / train-wreck sort of way. It’s similar to the way Sony executives were dragged through the mud like tabloid cover stories when its data was leaked to the public. Instead of thinking, “Wow. Hacking Team is a really deceptive and evil company,” though, you should be thinking, “I wonder which other security vendors are working with which other governments?”

You can read the full story on Forbes: Don’t Assume Hacking Team Is Unique Among Security Vendors.

Tony Bradley: I have a passion for technology and gadgets--with a focus on Microsoft and security--and a desire to help others understand how technology can affect or improve their lives. I also love spending time with my wife, 7 kids, 4 dogs, 7 cats, a pot-bellied pig, and sulcata tortoise, and I like to think I enjoy reading and golf even though I never find time for either. You can contact me directly at tony@xpective.net. For more from me, you can follow me on Threads, Facebook, Instagram and LinkedIn.
Related Post