Hacking Team vendor calls breach a ‘blessing in disguise’

In the aftermath of the Hacking Team incident, Netragard, a security firm in Acton, MA, called it a blessing in disguise after emails between the two companies were indexed and published by WikiLeaks.

The Netragard core service is anti-hacking services, but they are perhaps better known for their Exploit Acquisition Program (EAP). Netragard, with their EAP, acts as a middleman for developers and researchers that want to be paid for their exploit work.

In an email archived by WikiLeaks, Netragard CEO Adriel Desautels and Hacking Team’s Giancarlo Russo discussed the sale of a Flash exploit that worked against Internet Explorer, Firefox, and Chrome, on all supported versions of Windows.

At one point Desautels asked: “Do you have PGP by the way? We really do need to encrypt these emails.”

As it turns out, the request for PGP was somewhat prophetic. However, Netragard doesn’t see the email leak or the Hacking Team incident as a bad thing.

Quite the opposite, as the tone of a recent blog post by the company makes it look as if they’re pleased it happened.

In a blog post that starts by stating that the EAP was founded with ethics in mind, Netragard says that their rules for only dealing with buyers in the U.S. were altered to include Hacking Team.

“In mid 2014 we modified those controls and made an exception when Hacking Team was introduced to us by a trusted US based partner. It was our mutual understanding that this buyer maintained the same code of ethics as our own. Unfortunately we were very, very wrong.

“The breach of Hacking Team is a blessing in disguise. The breach exposed their customer list which contained a variety of questionable countries known for human rights violations.

“Their customers are the very same customers that we’ve worked so hard to avoid. It goes without saying that our relationship with them is over and we’ve tightened our vendor vetting process.

“The breach also exposed the one exploit that we sold them (as is evidenced by their leaked emails). Interestingly enough, that exposure makes us quite happy because it means that the exploit useless to Hacking Team’s questionable customers.”

The post goes on to leverage the Hacking Team incident for political and business points, citing it as a perfect example for regulating the exploit marketplace. Though, in their own way, they do make a valid point:

“…regulations should provide a framework for the legitimate sale of 0-day exploits…”

Netragard is just one vendor in the email cache published by WikiLeaks, which now extends to more than one million Hacking Team communications.

However, they’re the first vendor – or customer for that matter – to express glee in the incident and publicly distance themselves from the company.

Perhaps more will follow?

The full Hacking Team archive published by WikiLeaks is available on their website.