A 24-year-old hacker broke into the computer systems of the Italian Ministry of Justice and attacked the computer systems of the Finance Guard. This is what was discovered in an investigation coordinated by the National Anti-Mafia Directorate. The hacker, an IT employee, was arrested in Rome this week while actively caught red-handed on the job.
This investigation was described as a “a work of nerves”, because it was necessary to “hold back from intervening” even though there was “the fear that the hacker could block the entire justice system”. The hacker had obtained sufficient user rights credentials to be able to deny access to anybody. But the priority was to be able to “intervene when the hacker was with his fingers on the keyboard to enter his server”. The prosecutor of Naples Nicola Gratteri explained the painful and delicate investigation in this way.
The investigation and coordination was managed in a joint effort by the national anti-mafia prosecutor’s office, which brought together the Ministry of Justice, an association of universities that study computer systems, and the national cybersecurity agency
The objective was to enter the hacker’s servers and understand what had been “stolen,” but this was apparently only possible by intervening while the hacker was physically at work. “In this way, tonight,” Gratteri added, “we were able to acquire thousands and thousands of documents. We have proof that he entered the Tim system, that he tried to attack the Guardia di Finanza system.”
Giovanni Melillo, head of the DNA stated:
“the threats to national cybersecurity are of two types”: on one side there are external attacks, namely hackers, on the other side there are “internal threats, namely the abuse of access to information systems, and this is a very serious problem that goes beyond” the Striano-Laudati case.
“The investigations of the Italian district prosecutors and our efforts to coordinate their action move on both sides. And both sides,” Melillo concluded, “converge to form a gigantic market of confidential information.”
Be it State or Private organisations, and no matter what the size, there is an exponential growing threat of data theft world-wide.
“The issue is not to catch the thief but to prevent a thief from ever entering and gaining access to corporate data. To do that one has to apply the right tools for the job and apply them to a corporate policy”, says Christopher Shelton-Agar, Director at Data Rover.
The issue is not to catch the thief but to prevent a thief from ever entering and gaining access to corporate data. To do that one has to apply the right tools for the job and apply them to a corporate policy.
