Hacking Team, the Italian company which sells spying software to law enforcement agencies around the world, says there is no evidence in a huge trove of leaked data which indicates it broke any laws or acted in an unethical manner.
Speaking to IBTimes UK in the wake of a devastating cyberattack and data leak, spokesman Eric Rabe defended his company's actions in the face of widespread criticism from privacy advocates and activists.
"We don't have anything to hide about what we are doing and we don't think that there is any evidence in this 400GB of data that we have violated any laws and I would even go so far as to argue that there is no evidence that we have behaved in anything but a completely ethical way," he said.
Since the files were leaked online on Sunday evening (5 July), researchers and journalist have been sifting through the emails, invoices, and source code to find incriminating evidence against a company which has sold powerful spying tools to everyone from the FBI to governments in countries such as Saudi Arabia, Russia and Sudan.
Indeed it is the discovery of an invoice to the Sudanese government which has been highlighted by many as the most incriminating piece of evidence against the company. Sudan is on the UN blacklist and Hacking Team told a UN investigation last year that it had "no business relationship" with the country.
When asked about the invoice, Rabe said: "We don't identify our clients," but he pointed out that the date on the invoice in question was 2012, which was before Sudan was on the UN blacklist. Privacy advocates however might argue that just because a country is not on the UN blacklist doesn't mean it is ethical to sell to them.
Rabe gave a similar answer when asked about evidence it had sold its cybertools to a Russian conglomerate violating EU sanctions.
Rabe said the company had contacted its customers immediately after they discovered the breach, and recommended that they stop using the company's software.
"The responsible thing to do is just suspend for a while until we can give them the go ahead to go back using the system so that's what we did," he said.
While Hacking Team has not given its customers a specific time and date for when they will be able to use the company's surveillance tools again, Rabe says it will be "sooner rather than later" as it has "a lot of people working hard to make sure that happens as fast as it can".
Who hacked Hacking Team?
When asked about the identity of the person or group who carried out the attack, Rabe indicated that he believed the attack was the work of a nation state or a criminal gang, and not the work of an activist as many have speculated:
"Doing our own forensics here, we think this was a very sophisticated attack, and certainly not the work of an amateur. The press seems to take the view that this was some sort of human rights activist but I think that is far from certain and it could easily have been criminal activity or some government activity," adding that "this is almost certainly an international crime".
When it was pointed out that if a government or criminal group was behind the attack then posting all the information online seems a strange move, Rabe said: "I am not sure why anybody would do that, but part of the effort here was to disrupt our operations as much as possible so I think that would be a motive for many different people."
When asked if this could be the work of one of Hacking Team's competitors such as UK-based Gamma International or Israeli NSO Group, Rabe said: "I think that is unlikely" though he admitted that just like everyone else he was speculating.
While some media reports have suggested the company is working with the Italian police to investigate the attack, Rabe says that all he will say is that the company is "working with law enforcement" reiterating that this was an international attack.
Human rights group Privacy International issued a statement following the attack, saying it welcomed the leak:
"[The] leak of materials reportedly shows how Hacking Team assisted some of the world's most repressive regimes – from Bahrain to Uzbekistan, Ethiopia to Sudan – to spy on their citizens. We know from investigations by Citizen Lab that these tools are used to target human rights activists and pro-democracy supporters at home and abroad. Surveillance companies like Hacking Team have shown they are incapable of responsibly regulating themselves, putting profit over ethics, time after time. Since surveillance companies continue to ignore their role in repression, democratic states must step in to halt their damaging business practices."