[ad_1]
Pomigliano d’arco
twelve, December 5, 2020 – 10:52 am
The security officer accused of diversion was also discovered and arrested in handcuffs
from Felice naddeo
With a “cyberattack” organized from inside the plant on numerous company computers, an employee-hacker of Leonardo di Pomigliano d’Arco – the company that deals with security and aerospace and that has the Ministry of Economy as main shareholder – for two years it took possession of “top secret” data and projects. Some of which, according to the Naples prosecutor who coordinated the investigations, are strategic for the defense of Italy. The hacker inserted malware into dozens of computers that were transferring data to an external server. Discovered thanks to the investigations of the computer crimes group of the Naples Public Prosecutor’s Office, he was arrested and is under investigation for abusive access to the computer system, illegal interception of electronic communications and illicit processing of personal data. Also handcuffed is the head of the Cert (Cyber Emergency Readiness Team) of Leonardo Spa, the body responsible for managing cyberattacks suffered by the company, accused of diversion.
The US military server was also affected
Arturo D’Elia, the detained employee, had also managed to attack a US NATO base on Italian territory with a cyberattack. And, even, the computer scientist had included the cyber attack – for which he had already been convicted – on his resume. Despite this crime, D’Elia worked for the computer security of the Leonardo spa. For researchers, hacking activity, even if carried out from inside the plant, can be classified as a cyberwar threat or, in any case, an act of high espionage. D’Elia’s ability is such that it managed to create a Trojan to steal data that is difficult to identify even for Leonardo’s high-level IT security systems. Security systems that are also typical of a company that deals with projects aimed at developing security systems not only for the defense of Italy.
The first failure in the security system.
The first network failure of Leonaro’s security system came to light in January 2017, when the internal cybersecurity structure reported anomalous network traffic coming out of some workstations at the Pomigliano d’Arco plant. The attack was generated by an artifact software called “cftmon.exe”, unknown to Leonardo’s antivirus systems. The Trojan inserted into the computers was able to transfer data to a web page later seized by the researchers: “www.fujinama.altervista.org”. Since Leonardo’s first complaint, the anomalous data flow would have been minor and limited to a small number of stations. Investigations, however, found that the attack by hackers had been much more extensive and significant. In total, 10 gig of data was subtracted, which is equivalent to about 100,000 files, related to administrative and accounting management, the use of human resources, the acquisition and distribution of capital goods, from the 33 target machines in Pomigliano d ‘Arc. as well as the design of components for civil aircraft and military aircraft for the national and international market.
Hack for two years
The hack lasted almost two years, between May 2015 and January 2017, with a targeted and persistent cyberattack, known as “Advanced Persistent Threat” or “Apt”, since it was carried out with installation on systems, networks and machines. of destiny. of a malware. The software was inserted into computers via USB sticks. And it allowed to intercept what was typed on the keyboard of the infected stations and capture the frames of what was shown on the screens. The cyber attack, according to the reconstruction carried out by the Communications Police, is classified as very serious since the hacking surface affected 94 jobs of the industrial group, of which 33 were located at the company’s plant in Pomigliano d ‘Arc. In these workstations, multiple user profiles were configured in use by the employees, even with managerial functions, dedicated to business activities aimed at producing goods and services of a strategic nature for the country’s security and defense.
Alcatel group companies are also targeted
In addition to the computer stations of the Pomigliano d’Arco plant, 13 stations of an Alcatel group company were infected, to which another 48 were added, both in use by individuals and by companies operating in the aerospace productive sector. Subsequent investigations revealed diversion activity by the head of Leonardo Cert, arrested and placed under house arrest, who allegedly gave a false and misleading representation of the nature and effects of the cyberattack to hamper investigations.
December 5, 2020 | 10:52
© REPRODUCTION RESERVED
[ad_2]
