By Robert McMillan
IDG News Service
06 November 2007
A founder of security start-up WabiSabiLabi was among those arrested by
Milan police in connection with an ongoing spying scandal at Telecom
Italia, according to published reports.
Roberto Preatoni was charged Monday with unauthorised access to computer
systems and wiretapping, said the reports (in Italian). Sources
confirmed he is the same Roberto Preatoni who is a founder and director
of strategy with WabiSabiLabi. A representative at the security startup
declined to comment Tuesday. He said the company would email a statement
later in the day.
Preatoni's company was launched in July, billing itself as an online
marketplace for exploit code that could be used to hack into computer
systems. Legitimate companies such as 3Com and Verisign have paid for
this type of code in the past, but WabiSabiLabi was the first open
marketplace for such software.
Preatoni, who spoke at Microsoft's Blue Hat security conference just
weeks ago, billed his marketplace as a mechanism that would allow
independent security researchers to get paid for their work.
Preatoni's work at WabiSabiLabi apparently has nothing to do with his
arrest. The trouble reportedly started with his security consulting work
as a penetration tester - a security expert hired to test working
networks for vulnerabilities.
According to the reports, Preatoni helped staff a 10-member "Tiger
Team," ostensibly set up to test Telecom Italia's information security
system. Members of this team are now charged with hacking and spying on
Carla Cico, CEO of Brasil Telecom, the Kroll investigative agency, and
journalists Fausto Carioti and David Giacalone of the newspaper Libero.
In January, four others were charged with spying in connection with the
scandal. They included Fabio Ghioni, vice president and security CTO
(chief technology officer) at Telecom Italia, and Giuliano Tavaroli, the
telco's former head of security.
At the time of those arrests, Tiger Team members were charged with using
a Trojan Horse program to steal sensitive data from the computer of
Vittorio Colao, the former CEO of the Rizzoli Corriere della Sera
The scandal has been front page news in Italy for months now.
"It's a big deal, there's a lot of political pressure on this issue and
on the general issue of wiretaps, and it's difficult to understand how
big or how criminal were the deeds of the persons involved," said
Stefano Zanero, a security consultant based in Milan, speaking via
instant message. "It's a huge mess, and it engulfs everybody who's
Telecom Italia's Ghioni and Preatoni were both known within the security
research community. They gave a joint presentation at the Hack In The
Box Security Conference in September 2006 entitled "The Biggest
Brother." They have also lectured on industrial espionage at the Chaos
At Hack In The Box they argued that many security measures put in place
by governments after the September 11, 2001, terror attacks have helped
to strengthen control over their citizens and erode democratic freedoms.
"The Internet allows you to do more effective things regarding
controlling the population," Preatoni said.
"Before, we were just being spied on," Ghioni said, adding that
governments are now using psychological operations and technology to
prey upon their citizens' fears and extend their own power.
CSI 2007 is the only conference that delivers a business-focused
overview of enterprise security. It will convene 1,500+ delegates,
80 exhibitors and features 100+ sessions/seminars providing a
roadmap for integrating policies and procedures with new tools
and techniques. Register now for savings on conference fees
and/or free exhibits admission. - www.csiannual.com