[ad_1]
AGI: not just any hacker attack. Because it is not a common company and because the people involved are not unknown figures who acted protected by the anonymity of the network. The protagonists of a story reminiscent of both a TV series such as ‘Robot’ and the most intriguing spy story scripts are Italy’s largest arms manufacturer (and one of the world’s largest) and two of its employees – A former cybersecurity chief and executive. They were arrested on charges of having stolen gigabytes of data from Leonardo Spa’s aerostructures and aircraft division and then concealing the seriousness of the events.
The formal accusations do not convey the real scope of the case: the unauthorized access to the computer system, the illegal interception of electronic communications and the illicit processing of personal data are the crimes against the former employee, now a prisoner; while for the manager, under house arrest, the diversion.
The investigation is born from a january 2017 episode, when the Leonardo Spa cybersecurity structure reported anomalous network traffic coming out of the Pomigliano d’Arco plant workstations generated by software unknown to the Company’s antivirus systems: cftmon.exe. The traffic went to the website www.fuijamaaltervista.org, so today the preventive seizure was ordered.
The company’s complaint was limited to a small number of workstations and reported data exfiltration not considered significant, underlines a note from the prosecutor directed by Giovanni Melillo. But investigations by the Postal Police have rebuilt a more complex scenario.
For almost two years, according to the researchers, between May 2011 and January 2017, the computer facilities of the Leonardo spa were hit by a persistent and targeted attack, carried out with the installation in the target systems, networks and machines of a malware that had to create and maintain adequate communication channels electronically and silently delete large amounts of classified data and information as of significant corporate value.
According to Neapolitan prosecutors the attack was carried out by a former IT security manager from the same company, Arturo D’Elia, arrested. Using a trivial USB key, the former employee would have inoculated a Trojan on the spy PCs so that the spying function would be activated automatically on each opening of the operating system. It is not an isolated event: over time it would also have installed more advanced versions of the malware.
The stolen data of 94 jobs targeted by the attack, of which 33 were in Pomigliano D’Arco, were discarded on the website www.fuijamaaltervista.org. These are workstations used by employees who also have management functions production of strategic goods and services for security and defense from the country.
In total, 10 gigabytes of data were extracted, that is, about 100,000 files., administrative and accounting management, use of human resources, acquisition and distribution of capital goods, as well as design of components of civil aircraft and military aircraft destined for the Italian and international market. Also collect credentials to access personal information of Leonardo spa employees.
It also infected 13 Alcatel group stations and 48 in use by people or companies that operate in the aerospace manufacturing sector. The material author of the attack is currently employed by another company in the computer electronics industry. The head of the Leonardo spa cyber-emergency team Antimo Rossi is under house arrest because he gave a misleading representation of the facts the nature of the effects of the cyber attack in obstructing investigations.
D’Elia was so proud of his computer skills that he also included on his resume episodes for which he had been convicted, including a breach of the computer system of an Italian NATO base. Investigators probably have other responsibilities in this exfiltration of sensitive data, in addition to those of the two suspects.
Prosecutors Mariasofia Cozza and Claudio Orazio Onorati, coordinated by Deputy Vincenzo Piscitelli, are trying to understand what the purpose of the attack was. The malware created by the former employee was hard to find because antivirus doesn’t know it also for a company structured for cyber defense like Leonardo. D’Elia also supported the investigators at the beginning of the investigation, but they identified him as a possible suspect and proceeded to hide items from him and disguise the activities they carried out.
