The Italian government has stripped controversial cyber security company Hacking Team of its licence to export outside the EU amid growing scrutiny of its sales of surveillance software to repressive regimes such as Egypt, The Financial Times reports:
The move coincides with a sharp rise in diplomatic tensions between Italy and Egypt over the brutal murder of Giulio Regeni, a 28-year old Italian researcher in Cairo.
Italy’s ministry of economic development said the decision to revoke the licence was necessary due to “changed political circumstances” in a number of markets where Milan-based Hacking Team had been doing business. Although no specific country was mentioned, the company sold its products to Egypt, Brazil, Kazakhstan, Lebanon, Thailand and Vietnam in 2015, according to one Italian official.
“Hacking Team was already in the spotlight but my sense is that the media and political pressure of the Regeni case might have accelerated the analysis and the decision-making around it,” said Paolo Boccardelli, director of the business school at Luiss University in Rome. “It certainly didn’t help the company to be providing this kind of technology to a government with which there is diplomatic tension,” he added.
In February this year, Privacy International released the results of an investigation into Egypt’s Technical Research Department, a shadowy government agency charged with acquiring surveillance technologies, who had also acquired Hacking Team’s technology, IFEX adds.
A hacker recently leaked documents demonstrating that the company sold surveillance tools to several countries cited for human rights abuses, including Egypt, Bahrain, Morocco, Russia, and Uganda, among others.
Phineas Fisher, the hacker who claimed responsibility for breaching Hacking Team last year has published an explainer guide detailing his process in executing the attack, SC Magazine reports:
The hacker’s how-to post on PasteBin stated that he found MongoDB databases without authentication, a common flaw that many companies, including Verizon Enterprise and multiple voter groups, failed to secure. ….The hacker, who was also known as FinFisher, located the admin password and through the password gained access to Hacking Team’s email. He then used Windows Powershell to save copies of emails as he proceeded since “with each step I take there’s a chance of being detected”.