> Hacking Team maintains that it was a responsible gatekeeper for its products, and that the world is at risk now that Hacking Team no longer controls its surveillance tools
That's rich coming from a security vendor that just got pwned..
There is a common trend to blame the leaker/transmitter of information for the damage it causes instead of the creator. Being that this favors those in power who hide corruption, I cannot think this trend is organic.
I'm still deeply confused about the legality of Hacking Team and other similar vendors. In particular where is the line between the legitimate (I think) site selling 0-days and corporate surveillance tools and the recent hacker forums where a bunch of kids were arrested for making and selling Android malware.
Other than confirming my predictions, the takeaway to me for this article is that INFOSEC and OPSEC are hard sell even in a company full of hackers and wannabe spooks. Maybe they're just more stubborn than usual and it's not the norm. Yet, they're dealing with intelligence agencies, will be targeted by them, have already seen Gamma hit, and still have less security than a number of small to mid-sized firms.
They were asking for it in too many ways to count. Just like that other company that was shattered after pissing off hackers and bragging about how they cheated on compliance activities. Let these be a lesson to the next firms.
They failed to mention that Bahrain was a client of Hacking Team as well, although they were quite cautious this time around after having been burned by a previous experience (presumably FinFisher).
FTA
"Two years ago their software was found being widely used by governments in the Middle East, especially Bahrain, to hack and spy on the computers and phones of journalists and dissidents."
"I have hard proof they knew they were selling (and still are) to people using their software to attack Bahraini activists"
> PhineasFisher described how Gamma Group "had denied having anything to do with it, saying they only sell their hacking tools to 'good' governments. ... I have hard proof they knew they were selling (and still are) to people using their software to attack Bahraini activists, along with a whole lot of other stuff in that 40GB."
I find it funny that both Hacking Team and Gamma Group kept repeatedly claiming they do not sell to sanctioned governments, or governments with human rights issues, when they both clearly were behind the scenes. It's a pretty easy thing to prove as false. Why lie so blatantly when you know you'll probably get caught one day? Even if you don't get breached, one of the unethical governments you sell to will get breached or have some sort of leak, and your relationship with them will be uncovered.
I imagine they both do it because there just isn't enough money in having 8 or so customers that you sell 1-2 products to when you can have 30+ customers.
Why the hell does the US government not target this sort of shit. If you want to get rid of the problems in the Middle East, that's by far the best way. Through activism and journalism.
That's rich coming from a security vendor that just got pwned..