Hacking Team's export licence revoked by Italian government

Licence to print money terminated

Hacking Team's licence to print money by selling surveillance software and malware to governments, police and secret services across the world has been curtailed after the Italian government revoked its global licence to sell its software outside of Europe.

The move means that the company - which gained notoriety after its own security was breached, with corporate emails and details of all its clients spilled on the internet - will need to gain approval to export its wares on a case-by-case basis.

Many of the countries that Hacking Team has sold its software to in the past have been accused of human rights abuses, and it is suspected that Hacking Team's software was used to target dissidents, and opposition leaders and activists.

According to the Italian newspaper Il Fatto Quotidiano, the company's export licence was revoked this week, with immediate effect. The move is believed to have been provoked by the unresolved death in custody in Egypt of Giulio Regeni, an Italian national and Cambridge University student believed to have been tortured and murdered by the authorities under President al-Sisi.

A total of 46 countries will be affected by the licence withdrawal, including Egypt, Qatar, Saudi Arabia, Uzbekistan, Azerbaijan, Bangladesh and Ethiopia. The company will now need to apply for a special licence to export its wares anywhere outside the European Union.

Hacking Team was co-founded by David Vincenzetti, who was once an idealistic young hacker in favour of encryption to protect the privacy of ordinary people. Hacking Team flourished by developing software - effectively, malware - that exploited flaws in widely used applications to enable users to surreptitiously plant surveillance software on targets' PCs.

The company is widely suspected to have purchased exploits in order to monopolise unknown, zero-day security flaws, although it isn't the only company in the market for such information. It also, according to the leaks, wanted to make drones that could be used to inject spyware into public Wi-Fi networks.

Ironically, Hacking Team itself was hacked in part due to lackadaisical security practices by the company, such as the managing director's use of a weak password to secure his email.

The company surreptitiously restarted just months after the hack brought its activities to a sudden halt, with security researchers finding malware bearing the hallmarks of the company in March 2016.

Security is one of the enterprise issues that will be covered in Computing's forthcoming Internet of Things Business Summit 2016 in May. Places are free to qualifying end users and going fast.