Hacking Team lost its license to sell surveillance malware outside Europe

Oh man, what a shame, Italy’s Hacking Team had its global export license revoked, and now it can’t sell its spyware outside of Europe without getting special approval.

It hasn’t even been a year since the Hacking Team became the Hacked Team, but after being owned, the company apparently didn’t crawl off and die. The Hacking Team’s newest woes, which were first reported by the Italian newspaper Il Fatto Quotidiano, means the company can’t easily conduct business as usual by selling its Remote Control Software to just anyone who wants it.

The Italian newspaper reported that the Hacking Team can’t sell outside the EU without jumping legal hoops for the following 46 countries: Australia, Azerbaijan, Bangladesh, Bahrain, Bolivia, Brazil, Canada, Switzerland, Chile, Colombia, Cyprus, Dominican Republic, Ecuador, Egypt, Ethiopia, Guatemala, Honduras, Indonesia, Israel, India, Iraqi Kurdistan, Jordan, Japan, South Korea, Kuwait, Kazakhstan, Lebanon, Morocco, Mongolia, Mexico, Malaysia, Nigeria, Oman, Peru, the Philippines, Paraguay, Qatar, Saudi Arabia, Singapore, South Africa, Thailand, Turkey, United Arab Emirates, the United States, Uzbekistan and Vietnam.

Help Net Security reported that sources within the Italian Ministry of Economic Development (MISE) claimed the Hacking Team had previously been granted authorization on April 3, 2015, to sell to those countries after “an evaluation by the Advisory Committee for the Export of Dual-use Goods deemed the list of countries ‘consistent with the public interest at that time.’”

The same committee now revoked the authorization – two years before it would expire, on April 30, 2018 – by offering the following explanation: “The authorization is not in the public interest anymore.”

Hacking Team CEO David Vincenzetti, who is reportedly “under investigation for some of the deals he has made on foreign soil,” told Il Fatto Quotidiano that not all of the 46 countries listed in the document are really its trading partners, yet he wouldn’t provide a list of countries that are buyers of its surveillance malware.

Sadly, Hacking Team spokesperson Eric Rabe doesn’t foresee any problems obtaining permission on a country-by-country basis. He told Forbes, “The global license has been suspended by MISE but Hacking Team still has approvals for all countries within the EU, and the company expects to be given approvals for sales to countries outside the EU as well as needed. The investigation regarding David Vincenzetti seems to be a review of past sales, all of which were conducted in accordance with laws and regulations in place when the sales were made.”

The Hacking Team refers to their products such as Galileo as “lawful intercept” technology sold to government and law enforcement agencies. The company claimed that it didn’t sell to blacklisted countries or those that “facilitate gross human rights abuses.” Really? Reporters without Borders has labeled the Hacking Team as an enemy of the Internet, and Citizenlab “mapped the Hacking Team’s untraceable spyware.” It sure did look like Hacking Team sold their spyware to repressive regimes.