WabiSabiLabi founder arrested in Italy

IDG News Service - A founder of security start-up WabiSabiLabi Ltd. was among those arrested by Milan police in connection with an ongoing spying scandal at Telecom Italia, according to published reports.

Roberto Preatoni was charged Monday with unauthorized access to computer systems and wiretapping, said the reports (in Italian). Sources confirmed he is the same Roberto Preatoni who is a founder and director of strategy at WabiSabiLabi. A representative of the security start-up declined to comment today. He said the company would send an e-mail statement later in the day.

Preatoni's company was launched in July, billing itself as an online marketplace for exploit code that could be used to hack into computer systems. Legitimate companies such as 3Com Corp. and VeriSign Inc. have paid for this type of code in the past, but WabiSabiLabi was the first open marketplace for such software. Preatoni, who spoke at Microsoft's Blue Hat security conference just weeks ago, billed his marketplace as a mechanism that would allow independent security researchers to get paid for their work.

Preatoni's work at WabiSabiLabi apparently has nothing to do with his arrest. The trouble reportedly started with his security consulting work as a penetration tester -- a security expert hired to test working networks for vulnerabilities.

According to the reports, Preatoni helped staff a 10-member "Tiger Team," ostensibly set up to test Telecom Italia's information security system. Members of this team are now charged with hacking and spying on Carla Cico, CEO of Brasil Telecom; Kroll Inc., an investigative agency; and journalists Fausto Carioti and David Giacalone of the newspaper Libero.

In January, four others were charged with spying in connection with the scandal. They included Fabio Ghioni, vice president and security chief technology officer at Telecom Italia, and Giuliano Tavaroli, the telecom's former head of security.

At the time of those arrests, Tiger Team members were charged with using a Trojan Horse program to steal sensitive data from the computer of Vittorio Colao, the former CEO of the Rizzoli Corriere della Sera publishing group.

The scandal has been front page news in Italy for months.

"It's a big deal, there's a lot of political pressure on this issue and on the general issue of wiretaps, and it's difficult to understand how big or how criminal were the deeds of the persons involved," said Stefano Zanero, a security consultant based in Milan, speaking via instant message. "It's a huge mess, and it engulfs everybody who's touched."

Telecom Italia's Ghioni and Preatoni were both known within the security research community. They gave a joint presentation at the Hack In The Box Security Conference in September 2006 titled "The Biggest Brother." They have also lectured on industrial espionage at the Chaos Communication Congress.

At Hack In The Box, they argued that many security measures put in place by governments after the Sept. 11, 2001, terror attacks have helped to strengthen control over their citizens and erode democratic freedoms. "The Internet allows you to do more effective things regarding controlling the population," Preatoni said.

"Before, we were just being spied on," Ghioni said, adding that governments are now using psychological operations and technology to prey upon their citizens' fears and extend their own power.

Sumner Lemon of the IDG News Service contributed to this story.