London-Based Italian Siblings Accused of Huge Elite Hacking Campaign
Years-long campaign of a brother-and-sister team suspected of carrying out cyber-spying campaign to get sensitive financial and political information targeting some of the leading political and business figures in Italy finally came to an end on Tuesday when they were arrested by the Italian police.
The brother-sister due targeted the accounts of nearly 18,000 victims, including European Central Bank President Mario Draghi, former Italian Prime Minister Matteo Renzi, Cardinal Gianfranco Ravasi, a member of the conclave that elected Pope Francis, and top officials in Italy’s tax police.
According to the court documents, the hacker duo allegedly infiltrated Renzi’s account on at least two occasions in 2015, on 12th and 30th June respectively. On the other hand, Draghi’s account was penetrated once on the date of Brexit, that is when the UK voted to leave the EU (European Union) on 23rd June.
“In the eight months we have been investigating, we haven’t registered any evidence of extortion activity, or attempts to (use hacked data) to obtain influence,” told Roberto Di Legami, who directs the Italian national police division that specializes in fighting internet and other communications network crimes.
The Italian police with assistance from the FBI helped cracked the “cyberespionage headquarters” that led to the arrests of Giulio Occhionero, 45, and his 49-year-old sister Francesca Maria Occhionero and were detained over hacking and espionage charges related to the EyePyramid campaign, Reuters reports. They are being kept in seclusion in two different jails in Rome, police said. Apparently, Giulio and Francesca Maria are well known in the city’s financial community. They also have a legal residence in London, where at one point they registered a securities company, Di Legami said.
While the magnitude of the alleged attacks was not yet fully known, it is expected to become clear soon, Di Legami said. “We have evidence that the spying activity was going on since 2010 and possibly several years before that. They attempted to infiltrate tens of thousands of accounts. The investigation has just started and there are thousands of encrypted files which we need to try to open,” noted De Legami.
Investigators are carrying out a forensic probe of the data after law enforcement officials in the US and Rome seized servers that were allegedly used by the suspects.
The “stolen data was stored in servers in Prior Lake, Minnesota, and Salt Lake City, Utah,” according to a court document seen by Reuters.
“We will know only after we receive the seized material from the US and at that point, through forensic activity, we will manage to put everything in place, to know who was spied on, for how long, what kind of data was stolen,” Di Legami told the Guardian.
The FBI has seized the servers and will ship them to Italy, the head of Italy’s cybercrime unit
According to Di Legami, Giulio used malware to infect thousands of email accounts belonging to bankers, businessmen and several Vatican cardinals so he could make “investments based on reserved information.”
However, Giulio Occhionero’s lawyer Stefano Parretta said his client denies being involved in espionage. As per the lawyer, Giulio only owned servers in the US because he ran a business there.
The alleged hackers acted “with the aim of making a profit for themselves or for others,” according to court documents.
The hacking operation came to the attention of investigators when an infected email was sent to an administrator at ENAV, the Italian company in charge of air traffic control. The company’s report to Italy’s National Center for Cyber Crime led to the arrest of the siblings.
Prosecutors want the brother-sister duo to be charged with illegally obtaining information related to state security, illegally accessing computer systems and illegal interception of online messages.
Data they collected was allegedly classified under two broad categories: BROS for snippets concerning individuals who were members of masonic orders, and POBU for politicians and business figures.