Former Hacking Team Members Are Now Spying on the Blockchain for Coinbase

Coinbase said it's aware of the Neutrino founders' controversial past, but their technology is the best the major exchange has encountered.

|
Feb 26 2019, 8:02pm

Image: Shutterstock

Last week, cryptocurrency industry giant Coinbase sparked outrage when it announced that it had purchased a small startup called Neutrino.

Normally, such an acquisition wouldn’t make many waves, but Neutrino isn’t your average startup. The company was founded by three former employees of Hacking Team, a controversial Italian surveillance vendor that was caught several times selling spyware to governments with dubious human rights records, such as Ethiopia, Saudi Arabia, and Sudan.

Neutrino develops technology for law enforcement and financial institutions to investigate and track transactions on the blockchain, the shared public ledger that tracks the movement of tokens in the ecosystem. Coinbase is one of the largest platforms for buying and selling cryptocurrencies in the world, so it sees a lot of transactions on its exchange.

The company claims to be able to monitor and track not just Bitcoin—a relatively straightforward endeavor—but also supposedly privacy-oriented (and harder to track) coins such as Monero. In 2017, the company was able to conclude that the North Korean hackers behind the destructive ransomware WannaCry cashed out their Bitcoin and turned it into Monero.

Got a tip? You can contact this reporter securely on Signal at +1 917 257 1382, OTR chat at lorenzofb@jabber.ccc.de, or email lorenzo@motherboard.tv

Marco Valleri, also known as “NaGa” in the hacking community, and Alberto Ornaghi, known as “ALoR,” are Neutrino’s chief research officer and chief technology officer, respectively. In the early 2000s, Valleri and Ornaghi developed Ettercap, the software that was the foundation of Hacking Team’s technology. Giancarlo Russo, Neutrino’s CEO, used to be Hacking Team’s chief operating officer.

Coinbase’s decision to partner with people who used to develop spyware for governments didn’t sit well with some blockchain industry players.

“When I said it would be great to have more infosec people involved in the ‘crypto’ space, I didn’t mean the largest US exchange should acquire an analysis tools company run by a former Hacking Team member, but here we are,” Amber Baldet, CEO of blockchain startup Clovyr and the former blockchain program lead at JPMorgan Chase, tweeted on Sunday.

Baldet told Motherboard in an online chat that “given the number of accounts Coinbase has opened, how they choose to implement compliance tools and their relationship with law enforcement will impact a lot of people.”

Francis Pouliot, the co-founder of Canadian company Bull Bitcoin, was a bit more blunt, saying in a tweet that Hacking Team was a “a pro-government mercenary hacker firm that gave Saudis tools/consulting to track/eliminate dissidents,” adding, “run!”

Read more: Hacking Team Hacker Phineas Fisher Has Gotten Away With It

In a statement to Motherboard, a Coinbase spokesperson said that the company “does not condone nor will it defend the actions of Hacking Team.”

“We are aware that Neutrino’s co-founders previously worked at Hacking Team, which we reviewed as part of our security, technical, and hiring diligence,” the spokesperson said.

But Neutrino’s technology was just too important for Coinbase to pass on, the spokesperson explained. Blockchain forensic analysis is a burgeoning industry, and Coinbase decided to bring that functionality in-house.

“Increasingly, third-party blockchain analysis companies are requesting customer data from cryptocurrency companies that they serve. It was important for Coinbase to bring this function in-house to fully control and protect our customers' data and Neutrino’s technology was the best we encountered in the space to achieve this goal,” the spokesperson said via email.

Neutrino’s co-founders did not immediately respond to a request for comment.

Developing and selling spyware like Hacking Team did is not, by itself, illegal, though it may be distasteful and even dangerous. The Moroccan government used Hacking Team software to spy on a citizen journalist website, called Mamfakinch. The independent news site subsequently shut down because contributors were scared that they’d become the targets of government surveillance, according to one of the site’s founders.

There’s a booming industry dedicated to providing governmental agencies with tools to hack and spy on computers and cellphones. Right now, this industry is very lightly regulated, which has opened the door to the proliferation of this kind of software in parts of the world where governments routinely target human rights activists and dissidents.

The founders of Neutrino, however, are not part of that industry anymore. Some people such as Baldet and Pouliot think we shouldn’t forget their past. But for Coinbase, what matters is the technology they developed since leaving the spyware industry.

Listen to CYBER, Motherboard’s new weekly podcast about hacking and cybersecurity.