Despite getting hacked and losing more than 400 gigabytes of internal data, including the source code of its marquee product—and finding about the breach only when its own Twitter account, taken over by the hacker, announced it to the whole world—the embattled surveillance company Hacking Team hasn't lost a drop of its usual bravado.
In a message sent to a mailing list made of potential and current customers, CEO David Vincenzetti bashed the media, "desperate for sensational stories," for covering the "self-promoting essay" of the hacker who claims to have broke into his company.
It's unclear whom in particular Vincenzetti was referring to. On Friday, Motherboard first reported the news that a hacker had published a long and detailed writeup explaining how he broke in and exfiltrated all the data from Hacking Team's servers. The hacker, only known as Phineas Fisher, had previously claimed responsibility for the hack on the company. News of the hacker's writeup was widely covered by other media outlets, all over the world.
"The worst of today's news media continue their unfair and inaccurate vilification of Hacking Team," Vincenzetti wrote in the email, which was later posted on the company's website.
Vincenzetti went on to attack the hacker too, saying "inaccuracies in his story only go to show he is not really as smart as he thinks he is," and that Hacking Team hopes "the vigilante's barging about his work will lead to his swift arrest and prosecution."
"We hope that the vigilante's barging about his work will lead to his swift arrest and prosecution."
Hacking Team, which is an Italian company that sells spy tools to governments all around the world, did not publicly respond to the new hacker's claims, but in the email, Vincenzetti directly refers to them. Interestingly, some of the language in the message is starkly different from the company's initial reaction to the hack. At the time, Hacking Team said the breach had been carried out by multiple people "with a lot of expertise," and was likely not "the work of just some random guy," but perhaps a criminal group or even a government.
Now, Vincenzetti referred to the hacker as a "vigilante," and he didn't mention the fact that the company has been privately pushing for an alternate theory for months, accusing a group of former employees of being behind the attack.
"Fortunately, multiple law enforcement investigations are underway in several countries," he added, before claiming that all is well at Hacking Team—without any mention of the fact that the company is actually struggling to get new customers, and recently lost its global license from the Italian government, which allowed it to freely export spyware around the world. (Hacking Team will now need individual licenses for each sale outside of the European Union.)
A spokesperson for the company confirmed that Vincenzetti sent the email on Monday, but did not respond to a request for further comments.
For his part, Phineas Fisher, who previously defined himself as an "anarchist revolutionary," reacted to Hacking Team's email with sarcasm.
"It's interesting to see Vincenzetti becoming more anticapitalist over time," the hacker told me, referring to Vincenzetti's writing style full of caps, such as in this old email where he was commenting on the sentencing of Ross Ulbricht, the founder of the dark web market Silk Road. "His earlier writing was like 'An EXEMPLARY punishment. This is JUST. This IS the Justice we need…the DARKNET,' but now he's writing normally."
Here's a copy of Vincenzetti's whole email.
Good morning gents!
The worst of today's news media continue their unfair and inaccurate vilification of Hacking Team. The latest comes in the wake of a self-promoting essay by someone who claims responsibility for last summer's attack on this company. The essay writer claims to explain how he executed the attack, but inaccuracies in his story only go to show he is not really as smart as he thinks he is.
Desperate for sensational stories, some publications routinely ignore two plain facts: Criminals and terrorists today routinely use Internet secrecy and end-to-end encryption to rob, kill and terrorize whole populations. Hacking Team provides a valuable tool that law enforcement and security agencies around the world use to keep citizens safe.
Instead of reporting this inconvenient truth, these websites and papers celebrate as some sort of victory the work of this vigilante who broke in to the company and stole documents and software. Their motives are the same as those of sensationalist writers of 150 years ago — get readers and let the truth be damed [sic].
Fortunately, multiple law enforcement investigations are underway in several countries. We hope that the vigilante's barging about his work will lead to his swift arrest and prosecution.
In the meantime, despite the best guess of some security experts who wrote that Hacking Team could never recover from the attack and despite the hopes of others, in fact, Hacking Team has restored our lawful surveillance product and developed new cutting-edge tools. At the same time, the company has overhauled and secured internal computer networks.
Hacking Team will continue to produce and provide world-leading software to help law enforcement authorities keep us all safe.
Have a great day,
This article has been updated to reflect that Vincenzetti's email was also posted as a press release on Hacking Team's official website.