On 5 January 2017, the Court of Rome, as reported in the news, issued a precautionary custody order against Giulio Occhionero and Francesca Maria Occhionero, a nuclear engineer and his sister, resident in London but domiciled in Rome. The two brothers were arrested and charged with illegal access to computer system aggravated and unlawful interception of IT and telematic communications.
The motive is still unclear, but reading the curriculum vitae of the two, it is presumable that the final purpose of their illicit activity was simply to take advantage of the information confidential information intercepted through the violation of e-mail accounts belonging to leading personalities from the world of finance, but also from politics and public administration. Not surprisingly, the company they had founded, the Westlands Securitiesworked in the field ofinvestment banking, initially dedicated to the development of quantitative tools for financial and banking consultancy and subsequently curator of projects in the private equity and asset management sector.
But how did they violate mailboxes, computer networks and physical computers of important people with a key role in the Italian economy and politics, even going so far as to try to get their hands on the accounts of the devices used by Prime Minister Matteo Renzi , by ECB President Mario Draghi and former Prime Minister Mario Monti? It will seem strange, but the attack took place with one of the most banal digital viral infection systems: the computer virus. Not a sophisticated algorithm with incomprehensible code, but a homemade malicious software, absolutely harmless without the help of the victim.
Occhionero had called his "malware" Eye pyramid with a clear reference to the Masonic pyramid and the eye of providence (Giulio was a member of the lodge of the Grand Orient of Italy). This virus came as an email attachment and was disguised as a simple SOCIAL ENGINEERING which led the recipient to believe it was a harmless file, at most a text document, while instead it concealed within it a program capable of laying the foundations for the creation of a botnet, or a network of zombie computers from which to start attacks on the real victims of the violation.
On the other hand, it is no wonder that well-crafted intrusions are indirect, just draw a parallel with bank robberies or bombings. Usually, criminals prefer to steal a car or truck first and then proceed to robbery or terrorist attack. So Occhionero concentrated on the weak links in the chain of computer security, i.e. the average, listless users, with poor computer culture and then hit the network administrators, to exploit their privileges and finally the designated victims.
It must be said that i USEFULL of the really affected subjects go resized. In the 46 pages of the ordinance, in fact, there is talk of “a list of 18.327 unique usernames” of which though only 1.793 they are “password-accompanied”. In all other cases, these are "infection attempts, more or less successful". It is therefore not said that all accounts have actually been hacked. Even those matched by a password may simply be "most likely guesses," but not necessarily the "right combination." Or again, those passwords might not be enough, especially if the account owner has turned on thetwo-step authentication with tracking and identification of the access device.
What is certain is that malware, once inoculated, allows much more than the violation of an e-mail account because, through a mechanism that is at least as old as the Internet is old, it is possible to operate in the RAT mode, or the "remote administration tool" for which a part of the code is located on the victim's computer (the virus) and works as a "server” and the other is in the hands of whoever is interested in controlling that machine and operates as “client“. In this way it is even possible to install a “keylogger” or a system that will send every single mouse action, keystroke on the keyboard, system activity and screenshots (images of monitor screens) to this or that account chosen as a “blockhead”. And Occhionero had created many accounts of this type, even if he had made the mistake of reusing them several times for similar activities (see involvement in the investigation for the so-called "P4").
But then, who were the weak links that allowed the infection to spread and the consequent creation of the botnet which then did the dirty work and which kept Occhionero safe from a rapid connection with its business? One of these was, for example, someone's mailbox law firm, protected by security measures such as antivirus and antispam, but which could do nothing in the face of social engineering techniques and "thieving” (exploitation of the minimum protection measures adopted by users for their devices).
Fortunately, however, the emails sent from the law firm and which at that time aimed at infecting the computer systems of theENAV collided with the attention, reflection and meticulousness of the security officer of the same entity which, instead of viewing and downloading the attachment to the email, conveniently sent it to an IT security company for technical analysis. In short, the whole matter came to light due to an unwanted e-mail message, one of those we usually classify as "spam” and we continue with the reading of the messages.
What remains of this case (which is actually still open)? What are the real ones defenses that we can implement in order not to fall into these traps? After previous with Yahoo, we have confirmation that it is a cultural problem. We must give value to information technology as a daily tool to protect our data and our confidential information. We can no longer afford the indolence of treating cybersecurity measures as if they weren't comparable to our house keys or our ATM PIN. Computers are part of our lives today more than ever and we must have the humility to understand their mechanisms, their logic, also because it is the same logic of people, because people still create them.
Paradoxically, we have to reject the evolution of information technology if it goes in the direction of hiding what's underneath, if it doesn't always give us the possibility to choose, to know and understand how it works. We need to reject the idea of the computer as a household appliance which may seem like an idea born of progress, but is nothing more than the abandonment of freedom and knowledge, in the illusion that it is no longer necessary to stop and read the instructions, concentrate and learn, before using complex tools such as computers and computer networks.
