Lorenzo Franceschi-Bicchierai (Mashable): Can you confirm or deny that Hacking eam sold !
C" to any of these #$ countries% Eric Rabe: We do not identify clients or entities that are not clients. To do so could jeopardize the confidentiality necessary for effective law enforcement and intelligence investigations. However !itizens "ab appears to be using research based on old technology and the list they have produced is not an accurate list of nations where Hac#ing Team clients are located. Follo&-u': Can you be a little more s'ecific% (re all the nations inaccurate) or *ust some% +f so) ho& many% elling me the number &on,t re-eal &hich ones are not clients. $%o answer& /: 0ithout any s'ecifics) can you confirm that Hacking eam sets u' their !C" infrastructure &ith 'ro1y ser-ers like it,s described in the re'ort% ER: Hac#ing Team uses a variety of techni'ues to assure that current clients cannot be identified. These techni'ues are effective. Follo&-u': Ho& can they be effecti-e if Citizen Lab has found a list of countries (e-en if list is not $223 accurate%) Can you clarify on the 'ro1y ser-ers% 4o you or do you not use them% ER: This is one area ( cannot go into because it deals with how the software wor#s and is obviously sensitive. )o no comment here. /: 0hat can you tell me about Hacking eam,s relationshi' &ith 5u'en% Ha-e you e-er bought e1'loits from them% ER: Hac#ing Team has no special business relationship with *upen. When our software is deployed against a target that is done by the investigating agency. These agencies have a number of techni'ues they can deploy including use of e+ploits from *upen or elsewhere or they may be able to get physical access to a subject,s devices. /: Can you tell me more about the -etting 'rocess that ha''ens before e-ery sale% 6ou ha-e claimed in the 'ast that there,s an e1ternal 'anel that re-ie&s e-ery sale) &ho is on this 'anel% Ho& does the 'rocess actually &ork% ER: We cannot identify members of our vetting panel nor can we specifically describe in detail its wor#. However in our pre-sale negotiations we loo# for red flags that might indicate a ris# that our product might be used improperly either in activities that could violate the law or simply due to sloppy deployment that might e+pose our software. .fter a sale should we discover abuse or misuse of our products we can suspend support which renders the software liable for detection and therefore ma#es it useless. We rely on our own due diligence published reports international blac# lists and conversations with potential clients to assure ourselves to the e+tent possible that our software will be used legally and responsibly.
�Follo&-u': Can you gi-e me an e1am'le &here based on your due-diligence) you turned do&n a 'otential client% Has it e-er ha''ened% $%o answer& Follo&-u': Ha-e you e-er sus'ended su''ort for any 're-ious client% ((gain no need to tell me &hich) ER: We have both suspended support and refused to do business in the first place with clients or potential clients we believed had or might abuse the software. ( am not able to identify them or describe the circumstances. These are internal business decisions. However this does happen and is generally the result of information coming to our attention from either internal or e+ternal sources that leads us to believe our software is not being used properly. Follo&-u': heoretical 7uestion: based on your due-diligence) &ould you e-er sell to) say) 8thio'ia or 9zbekistan% ER: .gain ( cannot identify specific clients or non-clients.
Before !abe,s last email) &hen sent us three more ans&ers to our follo& u's) he offered some additional comment. ER: )orry that (,ve been tied up today but ( thin# you have what we can give you from my comments and the lin# to our !ustomer /olicy page. (n fairness ( don,t thin# anyone else in our industry would have given you anything li#e that much of a response. ( trust you,ll ma#e note of the need for tools such as Hac#ing Team provides given the easy and facile use of (nternet computer and mobile technologies by criminals of all #inds from various scam artists to drug smugglers to child abusers.
