Politicians, institutions and entrepreneurs, but also public administrations and professional firms. They had all ended up in the network of a cyberespionage center that has been collecting confidential data and information for years and which was dismantled by the Postal Police, at the height of an investigation coordinated by the Rome prosecutor's office. Among the victims of cybercrime there would also be the former Prime Minister Matteo Renzi and the president of the ECB Mario Draghi as well as former prime minister Mario Monti.
Two arrests: a nuclear engineer Giulio Occhionero and his sister Francesca Maria, resident in London but domiciled in Rome. The two are accused of procuring information concerning state security, illegal access to an aggravated computer system and illicit interception of computer and telematic communications. Both were well known in the world of high finance.
Among the names spied on are also the former Governor of the Bank of Italy Fabrizio Saccomanni, the former general commander of the Guardia di Finanza, Saverio Capolupo. And again Piero Fassino, Paolo Bonaiuti, Mario Canzio, Vincenzo Fortunato, Fabrizio Cicchitto, Ignazio La Russa and Cardinal Gianfranco Ravasi. In a word, the elite of the Italian establishment. They would also have managed to hack former Prime Minister Matteo Renzi's Apple account.
According to what was ascertained by the investigators of Cnaipic, the National Anti-Crime Center of the Postal Police, the two brothers managed a network of computers infected with a malware called "Eyepyramid', which allowed them to acquire sensitive data from various people, mostly linked to the environments of the finance. Collectively, the two brothers maintained a database that contained a list of 18.327 usernames.
Among the portals object of the activity of the two also that of the Bank of Italy, the Chamber and the Senate. Also "compromised" are two computers used by collaborators of Cardinal Gianfranco Ravasi, president of the Pontifical Council for Culture since 2007, of the Pontifical Commission for Sacred Archeology and of the coordination council between pontifical academies.
The investigation started from a report dated March 2016, XNUMX by Francesco Di Maio, head of security at Enav Spa (air traffic control) who found that he had received an email with a malicious attachment. Analyzed by the company Mentat Solutions srl, the e-mail was found to come from an Aruba-owned mail server with an IP address belonging to an exit node of the TOR anonymisation network, an IT ploy which effectively prevents the identification of the actual user.
(updated 19:00)
