Hacker siblings arrested for targeting Italian elite – infecting 20k emails

Two London-based hackers namely 45-year old Giulio Occhionero and 48-year old Francesca Maria Occhionero have been arrested by Italian police for attempting to hack the communications of Italian elite including former Prime Minister Matteo Renzi and economist Mario Monti.

The hackers, who happen to be siblings, not only tried to hack communications of Italian PM but also targeted other senior executives and business tycoons. It is being reported that the siblings were running a cyber-spying campaign to get sensitive financial and political information.

Other targets of the hackers include the head of the European Central Bank (ECB) Mario Draghi, the conclave member Cardinal Gianfranco Ravasi who elected Pope Francis and top-slot officials of Italian tax police. The hackers also targeted politicians from both chambers of the Italian parliament and also the Bank of Italy, according to a report in The Telegraph.

A recent picture of Francesca Maria Occhionero / Image Source: Corriere.it

According to the documents presented in the court, the hacker duo allegedly infiltrated Renzi’s account on at least two occasions in 2015, on 12th and 30th June respectively. On the other hand, Draghi’s account was infiltrated once on the date of Brexit, that is when the UK voted to leave the EU (European Union) on 23rd June. It was also noted that the hackers were residing in London but Giulio was born in Italy and Francesca in the United States while both had domiciles of Rome.

Both the arrested hackers have been assigned, lawyers. The defense lawyer for Giulio Occhionero maintains that his client hasn’t committed the crime and was not involved in any illegal activities. As per the lawyer, Giulio only owned servers in the US because he ran a business there.

Around 20,000 email accounts were infected during the hacking campaign and 2,000 passwords were also compromised.

The investigation and subsequent arrests were made by the specialized cyber police unit of Italy. The unit’s director Roberto Di Legami stated that the magnitude of the alleged attacks has not yet been affirmed but investigations are underway and soon everything will come to light.

“We have evidence that the spying activity was going on since 2010 and possibly several years before that. They attempted to infiltrate tens of thousands of accounts.The investigation has just started and there are thousands of encrypted files which we need to try to open,” noted De Legami.

A forensic analysis of the data is also being carried out by investigators after the servers owned by the suspects were seized by investigators in Rome and the US.

Di Legami told the Guardian that through forensic analysis the department will come to know “who was spied on, for how long, what kind of data was stolen.” At the moment, the police only know that the accounts of Renzi and others were attacked more than once.

The law enforcement authorities were alerted about the alleged hacking spree after a security researcher received an email from a supposed lawyer that contained malware. He immediately informed the Italian police after which the officials investigated this matter for eight months. This investigation resulted in identification and seizure of the servers and the suspected “drop zones” (virtual databases for storing information) that were spread across the US. It was discovered that the siblings developed malware and they infected email accounts of famous personalities through the malware to spy on them. Around 20,000 email accounts were infected during the hacking campaign and 2,000 passwords were also compromised.

Di Legami further noted that the police currently have no evidence regarding the hackers selling off the acquired information to third parties or if they tried to blackmail their targets. However, Di Legami states that Giulio, a nuclear engineer, did use the financial information to make monetary gains. The FBI’s cyber division aided the Italian law enforcement in making the arrests and is also collaborating in the investigations.

The hackers were arrested on charges of accessing computer systems illegally, obtaining information about state security and unlawfully intercepting private communications and telecommunications of high-profile personalities. Investigations further revealed that the hackers established a company in London in 2001 with the name Westlands Securities but it was dissolved in 2014. The company provided financial consultation to banks and associated institutions and went on to cover real estate and private equity too. They also had links with several companies based in the US state Delaware and in Malta. 

Related Posts