NATO cybersecurity contractor gets 10 GB of data STOLEN from it, arrests made over YEARS-LONG data theft scheme
Two suspects have been arrested by the Italian police on charges of stealing sensitive data from the computers of an Italian defense group Leonardo for years. The company provides cybersecurity services to NATO.
Based in Rome, Leonardo specializes in aerospace and security, being one of the world's largest contractors that boasts having NATO among its customers when it comes to the field of cybersecurity. Yet, its image suffered a heavy blow when it turned out that its own former employee and a contractor managed to get past the company’s cybersecurity defenses and steal sensitive data from right under its nose.
Following a lengthy investigation, prosecutors from the Italian city of Naples have found out that two hackers managed to get away with stealing the company’s secrets between 2015 and 2017. Both men were detained on Saturday.
One of the suspects allegedly infected the company’s computers with a specially engineered Trojan virus through a USB device. The virus then spread to 94 machines belonging to IT departments of the company’s Aerostructures and Aircraft Divisions, including 33 located at a factory located in the town of Pomigliano d'Arco, near Naples.
Over two years, the hackers managed to steal some 10 gigabytes of data equaling some 100,000 files, including management and human resources records, information on procurement and distribution of capital goods as well as documents related to the design of civil and military aircraft. The virus also infected over 50 computers belonging to other companies and individuals that were active in the aerospace industry.
The investigation was launched following a complaint filed by the company itself, Leonardo said in a statement, adding that the defense group “is obviously the injured party in this affair,” adding that it “has provided maximum cooperation” to the police and “will continue to do so to enable the investigators to clarify the incident.”
According to the Italian media, the company alerted the law enforcement in 2017 after it detected suspicious data flows coming from some of its computers. Leonardo also only identified the suspects as a “collaborator” and a “non-executive employee” of the company.
Italian La Reppublica newspaper said that the company’s former consultant, Arturo D'Elia, was identified as the alleged hacker and placed into custody while the company’s employee, Antonio Rossi, was put under house arrest. Some other reports also suggested that the head of the company’s Cyber Emergency Readiness Team (CERT) was suspected of attempts to obstruct the investigation by providing them with misleading data.