WabiSabiLabi founder arrested for alleged spying

A founder of security start-up WabiSabiLabi was among those arrested by Milan police in connection with an ongoing spying scandal at Telecom Italia, according to published reports.

Roberto Preatoni was charged Monday with unauthorised access to computer systems and wiretapping, said the reports (in Italian). Sources confirmed he is the same Roberto Preatoni who is a founder and director of strategy with WabiSabiLabi. A representative at the security startup declined to comment Tuesday. He said the company would email a statement later in the day.

Preatoni's company was launched in July, billing itself as an online marketplace for exploit code that could be used to hack into computer systems. Legitimate companies such as 3Com and Verisign have paid for this type of code in the past, but WabiSabiLabi was the first open marketplace for such software.

Preatoni, who spoke at Microsoft's Blue Hat security conference just weeks ago, billed his marketplace as a mechanism that would allow independent security researchers to get paid for their work.

Preatoni's work at WabiSabiLabi apparently has nothing to do with his arrest. The trouble reportedly started with his security consulting work as a penetration tester - a security expert hired to test working networks for vulnerabilities.

According to the reports, Preatoni helped staff a 10-member "Tiger Team," ostensibly set up to test Telecom Italia's information security system. Members of this team are now charged with hacking and spying on Carla Cico, CEO of Brasil Telecom, the Kroll investigative agency, and journalists Fausto Carioti and David Giacalone of the newspaper Libero.

In January, four others were charged with spying in connection with the scandal. They included Fabio Ghioni, vice president and security CTO (chief technology officer) at Telecom Italia, and Giuliano Tavaroli, the telco's former head of security.

At the time of those arrests, Tiger Team members were charged with using a Trojan Horse program to steal sensitive data from the computer of Vittorio Colao, the former CEO of the Rizzoli Corriere della Sera publishing group.

The scandal has been front page news in Italy for months now.

"It's a big deal, there's a lot of political pressure on this issue and on the general issue of wiretaps, and it's difficult to understand how big or how criminal were the deeds of the persons involved," said Stefano Zanero, a security consultant based in Milan, speaking via instant message. "It's a huge mess, and it engulfs everybody who's touched."

Telecom Italia's Ghioni and Preatoni were both known within the security research community. They gave a joint presentation at the Hack In The Box Security Conference in September 2006 entitled "The Biggest Brother." They have also lectured on industrial espionage at the Chaos Communication Congress.

At Hack In The Box they argued that many security measures put in place by governments after the September 11, 2001, terror attacks have helped to strengthen control over their citizens and erode democratic freedoms. "The Internet allows you to do more effective things regarding controlling the population," Preatoni said.

"Before, we were just being spied on," Ghioni said, adding that governments are now using psychological operations and technology to prey upon their citizens' fears and extend their own power.