[ISN] After Arrest, Founder of Bug-selling Company to Stay

From: InfoSec News (alerts@private)
Date: Fri Apr 11 2008 - 01:11:57 PDT


http://www.pcworld.com/article/id,144412-c,companynews/article.html

By Robert McMillan
IDG News Service
April 10, 2008 

Five months after being arrested by Italian authorities on hacking and 
wiretapping charges, the founder of a controversial company that sells 
unpatched computer vulnerabilities says he'll remain on board.

Roberto Preatoni was arrested in November for his role in an ongoing 
scandal at Italy's largest telecommunications company, Telecom Italia, 
that has been front-page news in Italy for the past year. After 
remaining out of the public eye since his arrest, he suddenly reappeared 
Thursday, posting a note to his company's blog and saying that he'd 
decided to continue to work for the company he founded.

"The questions I kept asking myself in the last months were: What will 
happen to [WabiSabiLabi] if I will stay?" he wrote."Will my private life 
and troubles effect negatively the project? Should I keep representing 
publicly the project?"

After talking to fellow security researchers, he decided to stay.

"I will stay and continue to put pressure to security lobbies. Things 
must change, researchers and their discoveries should be considered 
beneficial to the whole security cycle," he wrote.

Preatoni's trouble reportedly started with his previous security 
consulting work as a penetration tester -- a security expert hired to 
test working networks for vulnerabilities.

According to news reports, Preatoni helped staff a 10-member "Tiger 
Team," ostensibly set up to test Telecom Italia's information security 
system. Members of this team are now charged with hacking and spying on 
Carla Cico, CEO of Brasil Telecom; Kroll Inc., an investigative agency; 
and journalists Fausto Carioti and David Giacalone of the newspaper 
Libero.

In January 2007, four others were charged with spying in connection with 
the scandal. They included Fabio Ghioni, vice president and security 
chief technology officer at Telecom Italia, and Giuliano Tavaroli, the 
telecom's former head of security.

At the time of those arrests, Tiger Team members were charged with using 
a Trojan Horse program to steal sensitive data from the computer of 
Vittorio Colao, former CEO of the Rizzoli Corriere della Sera publishing 
group.

Preatoni's company has been the subject of controversy since it was 
launched in July 2007. The company sells information on unpatched 
software bugs using an eBay-style marketplace that is hosted on its Web 
site.

While the company argued that its vulnerability auction business simply 
helped researchers establish a fair market value for their work, others 
in the industry argued that it would put computer users at risk by 
selling bugs to people who might misuse them in attacks.

Security researchers say that an unpatched software vulnerability can 
earn them $50,000 in the underground marketplace.

Preatoni said he was working on a "surprise" partnership that would be 
announced soon. His next public appearance on behalf of WabiSabiLabi 
will be at the Web Security Summit next month in Johannesburg.

He was released from custody on Nov. 28. In an e-mail, he declined to 
comment further on the matter because the case is still open.

As Preatoni tells it, the case reads like the jacket notes from a John 
le Carre novel: "Probably, nobody will ever be able to picture it 
completely right," he wrote, "as it's a case involving a hundred of 
arrested people, the Italian Secret Services, the US Secret Services, 
some Italian corrupted police and financial police officers, some 
Italian and US investigation companies, a multi-billionaire struggle 
between Telecom Italia and Brasil Telecom, an extraordinary rendition 
(kidnapping) of a presumed Islamic terrorist, and last but not least, 
the suicide (but many say murder) of a Telecom Italia Security top 
manager."


___________________________________________________      
Subscribe to InfoSec News
http://www.infosecnews.org/mailman/listinfo/isn 



This archive was generated by hypermail 2.1.3 : Fri Apr 11 2008 - 01:32:48 PDT