News Leonardo hacked by its own employees, files on nEUROn stolen

Test7

Experienced member
Staff member
Administrator
Messages
4,781
Reactions
17 19,905
Nation of residence
United States of America
Nation of origin
Turkey
GG_N19A3031r-1-600x4001.jpg


An investigation into a data theft at Leonardo has found that a hacker working inside the Italian defence group appeared to target details of Europe's biggest unmanned fighter jet programme and aircraft used by the military and police, an arrest warrant shows.

The inquiry, which is ongoing, was undertaken by Italian police's cybercrime divisions in Rome and Naples and Naples prosecutors. It began in January 2017 when Leonardo told police of an abnormal outflow of data from some of its computers.

Details of the parts of Leonardo's business that the hacker allegedly targeted have not been reported before.

The warrant does not say whether the hacker was acting independently or at the behest of others, or the goal of the alleged activity.

In the 108-page warrant seen by Reuters, the judge leadingthe preliminary inquiry cites evidence that one of the computerswhich was hacked belonged to a Leonardo technician who worked on the electronic system of the nEUROn, an experimental unmanned military aircraft which was designed in 2012 under a European defence programme led by France.

Other computers belonged to Leonardo workers involved in theproduction of C27J military transport aircraft and ATR commercial and military turbo-prop planes used by Italy's taxpolice and coastguard, the November-dated document said.

Asked about the details in the court document, Leonardo repeated that classified, strategic information was notheld on the computers that were violated. Leonardo does notstore top secret military data at the group's plant in Pomigliano d'Arco, near Naples.

Leonardo said on Dec. 5 that it was the injured party andthat it had first reported the hacking, adding it would continueto cooperate fully with the police.

Data security is critical for the reputation of Leonardo, which as well as offering its own cybersecurity services, is involved in several European defence programmes to produce military aircraft and equipment, defence sector analysts say.

Italian police said on Dec. 5 that at least 10 gigabytes ofconfidential data was stolen from Leonardo between 2015 and 2017through a malware installed on targeted machines.

The police also said on Dec. 5 they had arrested Arturo D'Elia and Antonio Rossi who had both worked at Leonardo, over their alleged role in hacking 94 computers, 33 of which were located at the group's Pomigliano plant.

D'Elia is accused of having installed the malware on thecomputers to steal the data, while Rossi is accused of trying tothrow the subsequent inquiry off track.

In the arrest warrant for preliminary investigations against the two men, the judge cited several possible reasons behind the hacking.

These included "the use of data for industrial andcommercial purposes, blackmail and military espionage activitiesor simply the intention to damage the image of the company bydemonstrating ... its organisational and IT vulnerability."

D'Elia did not have any "intent to spy", his lawyer, Nicola Naponiello, told Reuters, adding that the aim of the hack was "to show off his skills" and that D'Elia would cooperate with police to allow them inspect his hard disks and laptops.

A lawyer for Rossi said he had nothing to do with D'Elia, adding also that his client, who is currently under house arrest, had not damaged or destroyed any evidence of the crime.

Italy's Review Court on Friday rejected appeals by lawyersfor D'Elia and Rossi against their arrests. The two men havenot been charged.

The investigation was complicated because the two men hadcovered up their actions, the document said.

D'Elia, who at the time of the alleged crime was aconsultant for a small IT company called Open eSSe, was sent to Pomigliano as an "incident handler" to help police at the endof 2017 while working with Leonardo's cybersecurity team.

This gave D'Elia the opportunity "to alter and conceal directly the evidence and traces of the crimes he had committed on the affected computers", the arrest warrant said.

Open eSSe did not immediately respond to an email from Reuters seeking comment.

Rossi, who served as head of Leonardo's Cyber EmergencyReadiness Team, is alleged to have covered up the crime byfailing to report the real quantity and importance of the stolendata. He is also accused of reformatting a computer containingevidence and data from the cyber-attack.

(Reporting by Francesca Landini; Editing by Alexander Smith)

 

ANGMAR

Committed member
Moderator
Egypt Moderator
Messages
236
Reactions
526
Nation of residence
Egypt
Nation of origin
Egypt
D'Elia did not have any "intent to spy", his lawyer, Nicola Naponiello, told Reuters, adding that the aim of the hack was "to show off his skills" and that D'Elia would cooperate with police to allow them inspect his hard disks and laptops.
:unsure:
 

trishna_amrta

Experienced member
Messages
1,606
Reactions
1,925
Nation of residence
Indonesia
Nation of origin
Indonesia
GG_N19A3031r-1-600x4001.jpg


The warrant does not say whether the hacker was acting independently or at the behest of others, or the goal of the alleged activity.
It's the RUSSIAN!. And if its doesn't work than it's got to be CHINA!

the preliminary inquiry cites evidence that one of the computerswhich was hacked belonged to a Leonardo technician who worked on the electronic system of the nEUROn, an experimental unmanned military aircraft which was designed in 2012 under a European defence programme led by France.

Other computers belonged to Leonardo workers involved in theproduction of C27J military transport aircraft and ATR commercial and military turbo-prop planes used by Italy's taxpolice and coastguard, the November-dated document said.
Outside this particular case, the most likely HOW breach of this scale to happen is similar to this (extremely common) ;


The investigation was complicated because the two men hadcovered up their actions, the document said.

D'Elia, who at the time of the alleged crime was aconsultant for a small IT company called Open eSSe, was sent to Pomigliano as an "incident handler" to help police at the endof 2017 while working with Leonardo's cybersecurity team.

This gave D'Elia the opportunity "to alter and conceal directly the evidence and traces of the crimes he had committed on the affected computers", the arrest warrant said.

Open eSSe did not immediately respond to an email from Reuters seeking comment.

Rossi, who served as head of Leonardo's Cyber EmergencyReadiness Team, is alleged to have covered up the crime byfailing to report the real quantity and importance of the stolendata. He is also accused of reformatting a computer containingevidence and data from the cyber-attack.
In the context of cybersecurity, there are only 3 vectors of attack, there are ;
  • Men in the Middle. This is extremely rare, because generally this kind of attack require more dedicated, and typically more advanced equipments
  • Insider. The most common of all IT breach. No matter how hardened the system as a whole, it will always get breached by insider either deliberately or by accident (the latter being far more common)
  • Supply line. This vector basically put spyware inside brand-new fresh from the factory peripherals. Pretty sure we all know which party capable to pull this kind of stunt.
 

morningstar

Experienced member
Messages
2,053
Reactions
3 1,351
Nation of residence
Indonesia
Nation of origin
Indonesia
Supply line. This vector basically put spyware inside brand-new fresh from the factory peripherals. Pretty sure we all know which party capable to pull this kind of stunt.
It's the way how the Russian do it's hacking to SolarWinds hacking. So you all know that app sometimes need to be updated, so that thousands of lines of codes that intended for spying were 'planted' on the app updates.

US Federal Government use SolarWinds app in lot of their office. Boom!!!. Isn't that intelligence gold mine there?.
 
Last edited:

Anmdt

Experienced member
Naval Specialist
Professional
Messages
5,111
Solutions
2
Reactions
95 22,764
Nation of residence
Turkey
Nation of origin
Turkey
It is not a simple Hack or maybe not even hacking too, the guy who has done probably realized a backdoor in the system which allows him to transfer files or just had a friend in IT team to grant access temporarily for access and transfer of the files: I even doubt if these people are guilty, the hacker is definitely someone from IT.

In such facilities the staff is usually simple users whom only can access read and write files, all stored in servers which restricts whom can access, read, write files or moreover run commands. Most computers are connected to WWW through e-mail servers which only e-mails are allowed, sometimes without an attachment and sometimes to be reviewed by IT if comes with an attachment.

To be honest i worked in several places, including abroad and in none, i worked on a computer, which had access to project files and in the same time allowed me to install anything, everything was installed/managed by IT.

Most of storage servers in such companies uses filesystem which logs who has accessed of modified which file (up to a certain point of history), there is no way of being authorized to transfer files out or in to those servers except through authorized personnel which is again IT, and an experienced IT expert definitely knows the ways of hiding his trail.
 

Follow us on social media

Top Bottom