- ‘American Dirt’ controversy inspires meme about Latinx stereotypes in literature Wednesday 9:02 PM
- What is the TikTok ‘flex challenge’? Wednesday 8:03 PM
- GoFundMe to send ‘Target Tori’ on vacation raises more than $30K Wednesday 6:54 PM
- Furries stop domestic assault in viral video Wednesday 6:10 PM
- Gritty under police investigation for allegedly punching a teen fan Wednesday 6:04 PM
- Twitter users throw animal parties with emoji in new meme Wednesday 5:21 PM
- Woman who went viral supporting Soleimani killing exposed as Libyan militia lobbyist Wednesday 5:01 PM
- Jeff Bezos subtweets Saudi prince following phone hack report Wednesday 3:29 PM
- ‘Yeah, good. OK’ Bernie Sanders meme is a new way to dismiss people Wednesday 3:10 PM
- ‘Vanderpump Rules’ recap: Petty displays of affection Wednesday 2:12 PM
- Makeup artist transforms into Timothée Chalamet on TikTok Wednesday 1:54 PM
- Iguanas are falling from trees—and people are selling them online for food Wednesday 1:02 PM
- 75,000 sign petition to fire Wendy Williams after ‘cleft lip’ comment about Joaquin Phoenix Wednesday 12:30 PM
- Kim Kardashian says Kylie Jenner’s setting spray is ‘cheap sh*t’ Wednesday 11:59 AM
- Trump continues to demand Apple unlock iPhones for the government Wednesday 11:46 AM
Hacking Team CEO: From cypherpunk to cyberweapons dealer
David Vincenzetti once rolled in the same circles as Julian Assange. Not anymore.
Today, David Vincenzetti is a cyberarms dealer who does business with some of the world’s most repressive regimes.
Twenty years ago, he was on the other side of the fight. Vincenzetti was a cypherpunk who built tools to beat hackers and lived in the same nascent online world as Julian Assange, journalist and hacker Jacob Appelbaum, and a group of Internet revolutionaries who continue to change our world today.
The journey that brought Vincenzetti from early cybersecurity activist to millionaire mercenary is an odd tale, one that’s earned him the red-hot ire of his peers.
“What you need is a way to bypass encryption, collect relevant data out of any device, and keep monitoring your targets wherever they are.”
Vincenzetti, now 47 years old, is the CEO of Hacking Team, an Italian technology company notorious for selling aggressive cyberweapons to many governments, including those that target journalists, human rights activists, and ordinary citizens.
Hacking Team was itself hacked on Sunday night, and the resulting leaks have laid bare the close business ties Vincenzetti keeps with repressive governments around the world, such as Russia and Sudan, despite international sanctions and moral outcry. The U.S. government is also a customer of Vincenzetti’s along with three dozen other governmental clients, according to documents allegedly obtained from Hacking Team’s systems.
Almost the whole Hacking Team operation—Vincenzetti recently joked that it included “the evilest technology on Earth”—has been exposed for the world to see. Sympathy for Vincenzetti is in short supply as his cybersecurity colleagues have called out the company’s perceived lack of ethics. More than a few hackers hope Vincenzetti “burns in hell.“
Hold up a mirror to Vincenzetti’s actions today—building tools for governments to break into civilians’ computers—and you’ll see a strange opposing symmetry to the online community in which he grew up.
In 1992, while working at a pair of computer-science programs in two Milan universities, a 24-year-old Vincenzetti coded a “file tampering detector” to kick out “intruders” who might install backdoors defeat all security in a target’s computer. He casually asked for help from security experts on Usenet forums before the final product was released a few months later.
“It is a program to make file tampering and nasty-hacking uneffective,” Vincenzetti explained in one Usenet post archived by Google.
The irony is rich, of course, in that a younger Vincenzetti might as well have been coding a program to beat out his older self.
Vincenzetti promoted, hosted, and used PGP encryption over two decades ago, when the technology was new and so powerful that it was potentially on the road to being outlawed. This week, Vincenzetti’s purportedly hacked data shows that he hardly encrypted anything at all.
Vincenzetti was a cypherpunk, one of a group of techno-activists around the early 1990s who built and expanded strong cryptography as a tool to change the world. He participated in the same mailing lists and forums as people like Julian Assange, the founder of WikiLeaks, and John Gilmore, cofounder of the Electronic Frontier Foundation (EFF).
Today, Vincenzetti has refused to put into writing what he really thinks of EFF and “its affiliates,” according to a leaked email. Judging by the reaction of EFF staffers to the hack of Hacking Team, the feeling is apparently mutual. Assange, meanwhile, is a world-famous advocate for government and corporate transparency, who spent Monday spreading the leaked data from Hacking Team to anyone willing to download it.
While Vincenzetti spent some time writing defensive software, he’s been building offensive tools even longer. In 1991, the Italian hacker wrote phishing spyware so that “I can steal the root password on most unixes in hours, or even minutes,” Vincenzetti explained on a Usenet forum.
Vincenzetti cofounded Hacking Team in 2003 in Milan, which has become a hot spot for technology companies. The firm earned much of its early income by providing defensive tools (software that protects its users against hackers) to big banks and brands, but offensive tools meant to give staggering firepower to the highest bidders have always been on offer.
Vincenzetti’s Remote Control System, released in 2003 with the launch of Hacking Team, invades and takes over targeted devices so effectively that dozens of countries have licensed and used the tool for prices that can rise above 1 million euros.
Vincenzetti has repeatedly insisted that his company is ethically sound despite being declared an “enemy of the Internet” by Reporters Without Borders, a journalism watchdog group.
“You cannot stop your targets from moving,” a Hacking Team brochure reads. “How can you keep chasing them? What you need is a way to bypass encryption, collect relevant data out of any device, and keep monitoring your targets wherever they are, even outside your monitoring domain. Remote Control System does exactly that.” It continues:
Take control of your targets and monitor them regardless of encryption and mobility. It doesn’t matter if you are after an Android phone or a Windows computer: you can monitor all the devices. Remote Control System is invisible to the user, evades antivirus and firewalls, and doesn’t [affect] the devices’ performance or battery life.
Hack into your targets with the most advanced infection vectors available. Enter his wireless network and tackle tactical operations with ad-hoc equipment designed to operate while on the move. Keep an eye on all your targets and manage them remotely, all from a single screen. Be alerted on incoming relevant data and have meaningful events automatically highlighted. Remote Control System: the hacking suite for governmental interception. Right at your fingertips.
In his 20s, Vincenzetti watched from afar as security colleagues became big-time businessmen who traded with the world’s top banks, a path he’d eventually follow. Since the beginning, he’s been fascinated with and hosted exploits that allowed attackers to break the security of popular software, as well as government tactics against encryption.
In the 12 years of Hacking Team’s existence, Vincenzetti has become a minor Italian tech icon worthy of big interviews in one of Italy’s most popular news magazines, L’espresso.
Although it seems a long walk from the old cypherpunk mailing list of the 1990s toward national fame, it’s a journey that dozens of cypherpunks have made—but none of them did it quite like Vincenzetti.
Illustration by Jason Reed
Patrick Howell O'Neill is a notable cybersecurity reporter whose work has focused on the dark net, national security, and law enforcement. A former senior writer at the Daily Dot, O'Neill joined CyberScoop in October 2016. I am a cybersecurity journalist at CyberScoop. I cover the security industry, national security and law enforcement.