WabiSabiLabi, the eBay of security vulnerabilities, confirmed that its founder and strategy director has been arrested in connection with an ongoing spying investigation and remains custody in Milan.
Italian news media reported that Roberto Preatoni was arrested on Nov. 5 and charged with unauthorized access to computer systems and wiretapping.
WabiSabiLabi, which was launched in July, apparently doesn't know much more about Preatoni's troubles beyond what Italian journalists are reporting. From those articles, though, it appears that the charges have to do with work that predates WabiSabiLabi's founding.
"From newspaper reports we presume the arrest relates to events in 2003/04 when his former company was hired by Telecom Italia's Security division to safeguard Telecom Italias' interests and are unrelated to WabiSabiLabi in any way," according to the company's statement, which was released on Nov. 8. The statement said that WabiSabiLabi could not comment on the ongoing investigation or statements being made in the press.
WabiSabiLabi was founded with the premise that security researchers should receive a fair price for their findings, as opposed to giving away vulnerabilities for free or selling them to cyber-criminals.
According to news reports, Preatoni's problems stemmed from penetration-testing work on Telecom Italia's information security system that he was doing as a contractor. He was one of 10 staffers with a security firm called Tiger Team. Members of that team have been charged with intercepting communications and spying on Carla Cico—the Italian-born CEO of Brasil Telecom—the Kroll investigative agency, and journalists Fausto Carioti and David Giacalone of the newspaper Libero.
Four Tiger Team staffers had already been arrested in January for allegedly installing a Trojan in order to steal data from an Italian publisher, Rizzoli Corriere della Sera.
Those who know Preatoni are viewing the charges with extreme skepticism. Sunbelt Software President Alex Eckelberry, for one, stuck up for Preatoni in a posting on Nov. 6, saying that Preatoni is well-respected in security circles and that he's been a "staunch advocate of civil liberties in the post 9/11 world."
"I find Preatoni's alleged guilt quite hard to believe," Eckleberry wrote. "Preatoni might have been controversial at times, but I find it more than highly unlikely that he would have used his skills to hack illegally. The problem is that there is not an abundance of technology know-how in jurisprudence, and one can only hope that he gets treated fairly."
Check out eWEEK.com's Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK's Security Watch blog.