WabiSabiLabi founder arrested in Italy
Charges against Preatoni involve spying scandal at Telecom Italia
IDG News Service - A founder of security start-up WabiSabiLabi Ltd. was among those arrested by Milan police in connection with an ongoing spying scandal at Telecom Italia, according to published reports.
Roberto Preatoni was charged Monday with unauthorized access to computer systems and wiretapping, said the reports (in Italian). Sources confirmed he is the same Roberto Preatoni who is a founder and director of strategy at WabiSabiLabi. A representative of the security start-up declined to comment today. He said the company would send an e-mail statement later in the day.
Preatoni's company was launched in July, billing itself as an online marketplace for exploit code that could be used to hack into computer systems. Legitimate companies such as 3Com Corp. and VeriSign Inc. have paid for this type of code in the past, but WabiSabiLabi was the first open marketplace for such software. Preatoni, who spoke at Microsoft's Blue Hat security conference just weeks ago, billed his marketplace as a mechanism that would allow independent security researchers to get paid for their work.
Preatoni's work at WabiSabiLabi apparently has nothing to do with his arrest. The trouble reportedly started with his security consulting work as a penetration tester -- a security expert hired to test working networks for vulnerabilities.
According to the reports, Preatoni helped staff a 10-member "Tiger Team," ostensibly set up to test Telecom Italia's information security system. Members of this team are now charged with hacking and spying on Carla Cico, CEO of Brasil Telecom; Kroll Inc., an investigative agency; and journalists Fausto Carioti and David Giacalone of the newspaper Libero.
In January, four others were charged with spying in connection with the scandal. They included Fabio Ghioni, vice president and security chief technology officer at Telecom Italia, and Giuliano Tavaroli, the telecom's former head of security.
At the time of those arrests, Tiger Team members were charged with using a Trojan Horse program to steal sensitive data from the computer of Vittorio Colao, the former CEO of the Rizzoli Corriere della Sera publishing group.
The scandal has been front page news in Italy for months.
"It's a big deal, there's a lot of political pressure on this issue and on the general issue of wiretaps, and it's difficult to understand how big or how criminal were the deeds of the persons involved," said Stefano Zanero, a security consultant based in Milan, speaking via instant message. "It's a huge mess, and it engulfs everybody who's touched."
Telecom Italia's Ghioni and Preatoni were both known within the security research community. They gave a joint presentation at the Hack In The Box Security Conference in September 2006 titled "The Biggest Brother." They have also lectured on industrial espionage at the Chaos Communication Congress.
At Hack In The Box, they argued that many security measures put in place by governments after the Sept. 11, 2001, terror attacks have helped to strengthen control over their citizens and erode democratic freedoms. "The Internet allows you to do more effective things regarding controlling the population," Preatoni said.
"Before, we were just being spied on," Ghioni said, adding that governments are now using psychological operations and technology to prey upon their citizens' fears and extend their own power.
Sumner Lemon of the IDG News Service contributed to this story.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts