Brother and Sister Charged With Hacking Prominent Italians
JAN. 11, 2017
By GAIA PIANIGIANI and ELISABETTA POVOLEDO
An Italian police investigation called Eye Pyramid led to the arrest of a brother and sister on charges of hacking into thousands of phones and computers. Credit Italian State Police, via European Pressphoto Agency
On Wednesday, the brother and sister, Giulio Occhionero, 45, and Francesca Maria Occhionero, 49, appeared before a judge here. They are accused of illegally accessing classified information, and breaching and intercepting information technology systems and data communications.
The police said the charges described an unprecedented cyberattack on prominent Italian institutions and individuals.
Information gleaned from the breaches was stored on servers in the United States, police officials said, and inquiries continue with the assistance of the F.B.I.’s cyberdivision.
The police here said their investigation began when a public official alerted them after receiving a suspicious email.
Lawyers for the siblings, who moved between residences in London and Rome and were arrested on Tuesday, dismissed the accusations as unfounded.
But even as details of the investigation — called Eye Pyramid after the name of the malware used to hack into thousands of accounts — were revealed by the Italian news media, the motives remained murky, while criticism mounted over the relative ease with which confidential accounts were breached.
“There is no doubt that this case shows how the country’s cybersecurity system is still lagging behind,” Antonello Soro, president of the Italian Data Protection Authority, told an Italian radio station on Wednesday. The breach “is the tip of the iceberg of the fragility of the system,” he said. Security measures have not kept up with the increasing risks, he said, adding that “cyberattacks have been growing by 30 percent a year.”
Investigators said in a statement that the Occhioneros had managed to infiltrate the accounts of more than 18,000 individuals, “allowing the massive theft of contents.”
The accounts belonged to “a galaxy of individuals” including politicians, in current and past governments, and other people “of national importance,” the statement said. It is unclear whether any money was stolen in the cyberattacks.
The Occhioneros used a data network based in the United States as “a way to hide the origins and lose track of the delinquent activities,” said Ivano Gabrielli, an official with the Italian cyberpolice unit that investigated the case. He noted that Ms. Occhionero had dual citizenship and had lived in the United States.
An Italian request to examine the servers in the United States has been formally submitted, he said, adding that new developments were likely to emerge once the data was made available.
The Italian police have focused their investigation on the brother and sister, who were well known in the country’s financial circles for their work on computer-based investment tools. For now, Mr. Gabrielli said, “there is no evidence of the involvement of other people.”
But cybercrime analysts noted that whatever information the Occhioneros were gathering had to be interesting to someone to have any value.