A brother and sister team of Italian hackers has been arrested on suspicion of hacking 20,000 email accounts. Among the accounts that were allegedly penetrated were private accounts belonging to: former Italian prime ministers Matteo Renzi and Mario Monti; the head of the European Central Bank, Mario Draghi; and Cardinal Gianfranco Ravasi (a member of the conclave that elected Pope Francis). In addition, a number top officials in Italy’s tax police allegedly had their accounts penetrated.
The unlikely Italian hackers are known in the financial sector because of their London-based firm, Westlands Securities. That firm, which was founded in 2001 and dissolved in 2014, provided advice to banking institutions, real estate investors, and private equity.
The siblings are called Giulio Occhionero and Francesca Maria Occhionero, and are thought to have been part-time residents of both London and Rome. As well as their UK-based business, the high-profile hackers have ties to companies registered in Malta and the US state of Delaware. At the moment, little is known about the exact nature of those firms.
FBI Cyber Division Involved
The Italian businessman and woman were arrested by Italian police after receiving help from the FBI’s cyber division. Court filings made by Italian prosecution lawyers show that they attempted to hack Renzi’s account twice last year: on 12 June and 30 June. In addition, Draghi was targeted on 23 June, the day the UK voted in favor of Brexit.
Roberto Di Legami, who led the Italian cyber police investigation that brought down the wily pair, has said that the extent of the crimes committed by the hackers is unclear at present. For the time being, the investigation is focussing on servers seized by the FBI within the US, where the siblings had been storing the important stolen documents:
“We will know only after we receive the seized material from the US and at that point, through forensic activity, we will manage to put everything in place, to know who was spied on, for how long, what kind of data was stolen.”
Likelihood of Insider Trading
Taking into consideration the Italian hackers’ involvement in providing financial advice through their UK firm Westlands Securities, it seems likely that the pair were hacking for financial gain. This is a suspicion that has been backed-up by Italian police officials, who said there was strong evidence that the hacked information had been used by Giulio Occhionero and his sister to make fraudulent earnings.
Investigators have disclosed that the hackers were well known in the world of high finance. Furthermore, the evidence appears to show evidence of a carefully implemented cyber-espionage ring that had been running for around six years. In that time, the alleged ring targeted public administrations, professionals, institutions, politicians and entrepreneurs of “national importance,” according to police. It remains to be seen, however, if evidence will emerge that implicates others in the willing or accidental use of hacked data for the purpose of corruption or insider trading.
According to the information so far released, the pair hacked their high profile victims (including the Bank of Italy and politicians from both chambers of Italy’s parliament), using malware written by Giulio Occhionero himself.
The highly intelligent man, who is a trained nuclear physicist, is believed to have delivered that malware onto targeted machines using phishing-type emails and social engineering. This involves making emails look legitimate so that they are opened by the desired victims. All things considered, due to their high-level involvement in the financial sector, this was probably an easy feat for the Italian hackers.
The case that led to the hackers’ arrest began when a cybersecurity expert became suspicious after discovering an email from an individual claiming to be a lawyer. That email contained malware and alerted the security specialist to a probable hacking scheme. That expert handed over his findings to Italian police, who began their eight-month investigation. That inquiry culminated in the seizure of US-based servers and what Di Legami referred to as virtual “drop zones,” where the data was stored.
The FBI has also confirmed that the high-profile hackers allegedly procured information pertaining to state security by accessing computer systems unlawfully. The FBI will be helping the Italian police to determine what financial information was taken and how it may have been used to make financial gains. Although no connection has been made yet, it is known that the siblings invested millions of euros with their UK firm.