"DAVID Vincenzetti isn't your typical arms dealer. He's never sold a machinegun, a grenade or a surface-to-air missile. But, make no mistake, he has access to a weapon so powerful it could bring a country to its knees. It's called RCS - Remote Control System - and it's a piece of computer software."
"Forget guns, missiles, tanks and fighter jets; the new arms race is in cyber weapons. The ability to access an enemy's computer system and surreptitiously alter its code - in a world where everything from financial institutions to power grids and government departments are dominated by computers - has, in recent years, taken on huge significance."
From last Sunday Telegraph, also available at http://www.smh.com.au/business/world-business/the-one-ring-to-rule-them-all-20111121-1nqx1.html , FYI,
The one ring to rule them all
November 22, 2011
The need for physical proximity, or even physical connections, in hacking is a thing of the past. Photo: Glenn Hunt
DAVID Vincenzetti isn't your typical arms dealer. He's never sold a machinegun, a grenade or a surface-to-air missile. But, make no mistake, he has access to a weapon so powerful it could bring a country to its knees. It's called RCS - Remote Control System - and it's a piece of computer software.
Developed by Vincenzetti and a team of former computer hackers, RCS is able to ''invade'' a digital device undetected, bypass the most sophisticated electronic defences so far devised and, if the user so desired, disrupt the running of anything from a railway signalling system to a nuclear power station.
Vincenzetti, it should be made clear, is a law-abiding businessman. The company he set up, Hacking Team, based in Milan, markets RCS as an ''investigative tool'' for law enforcement and security agencies engaged in counterterrorism and counter-espionage against ''high-value'' individuals.
The licences, which cost €200,000 ($A270,000) a year, are never sold to states that are under European Union or United Nations arms embargoes or to private companies or individuals. But the very fact that RCS exists shows what a team of computer whiz-kids can achieve and the damage they could do if they worked for an enemy of the West.
Forget guns, missiles, tanks and fighter jets; the new arms race is in cyber weapons. The ability to access an enemy's computer system and surreptitiously alter its code - in a world where everything from financial institutions to power grids and government departments are dominated by computers - has, in recent years, taken on huge significance.
In February, British Foreign Secretary William Hague revealed that the Foreign Office had repelled a cyber attack from ''a hostile state'', which, although not named by Hague, was taken to be China.
The country believed to be behind the most successful cyber attack ever is the US. In 2010, a sophisticated computer virus called Stuxnet was discovered ''wild'' on the internet by computer security experts. The program was designed to operate only when it came into contact with a very specific series of linked devices.
The only place where the right combination of hardware seemed to exist was in the Natanz uranium enrichment plant in Iran. Shortly after Stuxnet was discovered, parts of the plant were shut down; it is believed the virus crippled vital equipment there.
Back in Milan, Vincenzetti insists he follows strict ethical guidelines. A silver-haired computer security expert with more than 20 years of experience, he set up Hacking Team in 2003 and started out providing the sort of defensive cyber security that almost qualifies as traditional - testing companies' systems to see how resilient they were to hacking. He still makes much of his money from this and clients include Barclays, BT, Deutsche Bank and Gucci. But cyber attack was always on the agenda. RCS version 1.0 was released in 2003.
Vincenzetti and his business partner, Valeriano Bedeschi, built the core Hacking Team group from among people they knew. And still today everybody Vincenzetti hires to work on RCS is a trusted friend of somebody already working at the company. ''There are no strangers here,'' he says.
''Usually the background that's required is to think in an uncommon way,'' explains Daniele Milan, Hacking Team's senior security engineer. ''You don't have to have many years of experience because [it's unlikely] you [would] have done something like this in a previous job.''
The company also never employs anyone with a criminal record. This means the type of person Vincenzetti recruits is not found among the hacker groupings, such as Anonymous or Lulzsec, both of which hit the headlines this year after attacks on the websites of the British National Health Service, the CIA, and Sony and Nintendo.
Vincenzetti, 43, also retains the services of several lawyers who advise him to whom he can and cannot sell his products.
Hacking Team's contracts with its customers forbid it from divulging any information about its clients. (All Vincenzetti will say is that about 30 clients in 20 countries use RCS.)