Thousands of files STOLEN from NATO cybersecurity contractor, as arrests made in lengthy data theft scheme

Based in Rome, Leonardo specializes in aerospace and security. It’s one of the world’s largest contractors and boasts NATO among its customers when it comes to cybersecurity. Yet, its image suffered a heavy blow when it turned out that a former employee and a contractor managed to bypass the company’s cybersecurity defenses and steal sensitive data from right under its nose.

In a lengthy investigation, prosecutors from the Italian city of Naples found out that two hackers managed to get away with stealing the company’s secrets between 2015 and 2017. Both men were detained on Saturday. 

One of the suspects allegedly infected the company’s computers with a specially engineered Trojan virus through a USB device. The virus then spread to 94 machines belonging to IT departments of the company’s Aerostructures and Aircraft Divisions, including 33 located at a factory in the town of Pomigliano d’Arco, near Naples. 

Over two years, the hackers managed to steal some 10 gigabytes of data equaling some 100,000 files, including management and human resources records, information on procurement and distribution of capital goods as well as documents related to the design of civil and military aircraft. The virus also infected over 50 computers belonging to other companies and individuals that were active in the aerospace industry. 

The investigation was launched following a complaint filed by the company itself, Leonardo said in a statement, adding that the defense group “is obviously the injured party in this affair,” adding that it “has provided maximum cooperation” to the police and “will continue to do so to enable the investigators to clarify the incident.”

According to Italian media, the company alerted authorities in 2017 after it detected suspicious data flows coming from some of its computers. Leonardo also only identified the suspects as a “collaborator” and a “non-executive employee” of the company.

Italian La Repubblica newspaper reported that former consultant, Arturo D’Elia, was identified as the alleged hacker and placed into custody while company employee, Antonio Rossi, was put under house arrest. Some other reports also suggested that the head of the company’s Cyber Emergency Readiness Team (CERT) was suspected of attempts to obstruct the investigation by providing them with misleading data.

Think your friends would be interested? Share this story!

© 2020, paradox. All rights reserved.