Leonardo hacking targeted Europe’s fighter jet program

An investigation into a data theft at Leonardo has found that a hacker working inside the Italian defense group appeared to target details of Europe’s biggest unmanned fighter jet program and aircraft used by the military and police, Reuters reported.
Leonardo IT investmentTommaso Profeta is the managing director of Leonardo’s cyber security division since September 2020.

From 2014 to 2020 he was SVP chief security officer of Leonardo on the entire perimeter of the area of Business Security and Cyber Security and Security Officer responsible for Principal Secretariat of Security NATO-UE/Secret. He served in the National Police in Rome, Palermo, Naples and Washington, DC (USA).

Italian police’s cybercrime divisions in Rome and Naples and Naples prosecutors started the inquiry in January 2017 when Leonardo told police of an abnormal outflow of data from some of its computers.

The warrant does not say whether the hacker was acting independently or at the behest of others, or the goal of the alleged activity.

The judge leading the preliminary inquiry cites evidence that one of the computers which was hacked belonged to a Leonardo technician who worked on the electronic system of the nEUROn, an experimental unmanned military aircraft which was designed in 2012 under a European defense program led by France.

Other computers belonged to Leonardo workers involved in the production of C27J military transport aircraft and ATR commercial and military turbo-prop planes used by Italy’s tax police and coastguard, the November-dated document said.

Leonardo repeated that classified, strategic information was not held on the computers that were violated. Leonardo does not store top secret military data at the group’s plant in Pomigliano d’Arco, near Naples.

Leonardo said on Dec. 5 that it was the injured party and that it had first reported the hacking, adding it would continue to cooperate fully with the police.

Data security is critical for the reputation of Leonardo, which as well as offering its own cybersecurity services, is involved in several European defense programs to produce military aircraft and equipment, defense sector analysts say.

Italian police said on Dec. 5 that at least 10 gigabytes of confidential data was stolen from Leonardo between 2015 and 2017through a malware installed on targeted machines.

The police said on Dec. 5 they arrested Arturo D’Elia and Antonio Rossi who had both worked at Leonardo, over their alleged role in hacking 94 computers, 33 of which were located at the group’s Pomigliano plant.

D’Elia is accused of having installed the malware on the computers to steal the data, while Rossi is accused of trying to throw the subsequent inquiry off track.

In the arrest warrant for preliminary investigations against the two men, the judge cited several possible reasons behind the hacking.

These included “the use of data for industrial and commercial purposes, blackmail and military espionage activities or simply the intention to damage the image of the company by demonstrating … its organizational and IT vulnerability.”

D’Elia did not have any “intent to spy”, his lawyer, Nicola Naponiello, told Reuters, adding that the aim of the hack was “to show off his skills” and that D’Elia would cooperate with police to allow them inspect his hard disks and laptops.

A lawyer for Rossi said he had nothing to do with D’Elia, adding also that his client, who is currently under house arrest, had not damaged or destroyed any evidence of the crime.

Italy’s Review Court on Friday rejected appeals by lawyers for D’Elia and Rossi against their arrests. The two men have not been charged.

The investigation was complicated because the two men had covered up their actions, the document said.

D’Elia, who at the time of the alleged crime was a consultant for a small IT company called Open eSSe, was sent to Pomigliano as an “incident handler” to help police at the end of 2017 while working with Leonardo’s cybersecurity team.

This gave D’Elia the opportunity “to alter and conceal directly the evidence and traces of the crimes he had committed on the affected computers”, the arrest warrant said.

Rossi, who served as head of Leonardo’s Cyber Emergency Readiness Team, is alleged to have covered up the crime by failing to report the real quantity and importance of the stolen data. He is also accused of reformatting a computer containing evidence and data from the cyber-attack.