January 10, 2017
The Rome court ordered the detention of Giulio Occhionero, 45, and his sister Francesca Maria Occhionero, 48, for stealing state secrets and illegal hacking. Lawyers representing the two could not be immediately reached.
"There were tens of thousands of email accounts hacked, and among them were accounts belonging to bankers, businessmen and even several cardinals in the Vatican," Roberto Di Legami, head of the specialised police cyber unit that conducted the investigation.
Giulio Occhionero, a trained nuclear engineer and co-founder of investment firm Westland Securities, used a malware to infect the email accounts so that he could make "investments based on reserved information," Di Legami said.
Draghi's account at the Bank of Italy, where he was previously governor, and Renzi's personal Apple account that he used while he was prime minister were among those infected by the malware, according to the arrest warrant. Renzi's official email as prime minister was also targeted, Di Legami said.
However, Draghi's ECB account was not listed in the warrant as having been touched and a source close to the matter said there was no evidence of a successful hacking of an ECB account.
A spokesman for Renzi had no immediate comment. The ECB declined to comment. The Bank of Italy, whose former Director General Fabrizio Saccomanni was also a victim, also had no immediate comment.
Cyber crimes are in focus after U.S. intelligence agencies last week said Russia had conducted a cyber campaign aimed at discrediting Democrat Hillary Clinton and helping president-elect Donald Trump win the 2016 vote.
There was no evidence the Italian hackers were acting on behalf of foreign states, Di Legami said.
Occhionero was a high-ranking member of a Masonic lodge, which in Italy are shrouded in secrecy, and among those he monitored was the grand master of the country's biggest lodge, the arrest warrant said.
Occhionero, which means black-eye or seeing-one in Italian, used a customised malware called "EyePyramid", a reference to the all-seeing eye of God like the one depicted on the back of the U.S. dollar bill.
The stolen data was stored in servers in Prior Lake, Minnesota, and Salt Lake City, Utah, the court document showed.
The Federal Bureau of Investigation has seized the servers and will ship them to Italy, Di Legami said.
While most of the hacking appears to have been focused on the email accounts, there was evidence that he had managed to install a keylogger on some computers, allowing him to see every keystroke, the warrant showed.
The investigation began when an infected email was detected in April, 2016, though there is evidence the two had been using the malware to spy since 2010.
Investigations so far show some 18,000 accounts may have been hacked, and some 2,000 user passwords identified.
Email addresses at important corporate law firms, accounting companies, finance police officials, economy ministry officials, Vatican offices, labour unions, and even credit recovery groups were also put under surveillance, according to the warrant.