Data Theft at Defense Firm Leonardo Targeted Details of Military Aircraft: Arrest Warrant

December 23, 2020 by

MILAN – An investigation into a data theft at Leonardo has found that a hacker working inside the Italian defense group appeared to target details of Europe’s biggest unmanned fighter jet program and aircraft used by the military and police, an arrest warrant shows.

The inquiry, which is ongoing, was undertaken by Italian police’s cybercrime divisions in Rome and Naples and Naples prosecutors. It began in January 2017 when Leonardo told police of an abnormal outflow of data from some of its computers.

Details of the parts of Leonardo’s business that the hacker allegedly targeted have not been reported before.

The warrant does not say whether the hacker was acting independently or at the behest of others, or the goal of the alleged activity.

In the 108-page warrant seen by Reuters, the judge leading the preliminary inquiry cites evidence that one of the computers which was hacked belonged to a Leonardo technician who worked on the electronic system of the nEUROn, an experimental unmanned military aircraft which was designed in 2012 under a European defense program led by France.

Other computers belonged to Leonardo workers involved in the production of C27J military transport aircraft and ATR commercial and military turbo-prop planes used by Italy’s tax police and coastguard, the November-dated document said.

Asked about the details in the court document, Leonardo repeated that classified, strategic information was not held on the computers that were violated. Leonardo does not store top secret military data at the group’s plant in Pomigliano d’Arco, near Naples.

Leonardo said on Dec. 5 that it was the injured party and that it had first reported the hacking, adding it would continue to cooperate fully with the police.

Data security is critical for the reputation of Leonardo, which as well as offering its own cyber security services, is involved in several European defense programs to produce military aircraft and equipment, defense sector analysts say.

Italian police said on Dec. 5 that at least 10 gigabytes of confidential data was stolen from Leonardo between 2015 and 2017 through malware installed on targeted machines.

The police also said on Dec. 5 they had arrested Arturo D’Elia and Antonio Rossi who had both worked at Leonardo, over their alleged role in hacking 94 computers, 33 of which were located at the group’s Pomigliano plant.

D’Elia is accused of having installed the malware on the computers to steal the data, while Rossi is accused of trying to throw the subsequent inquiry off track.

In the arrest warrant for preliminary investigations against the two men, the judge cited several possible reasons behind the hacking.

These included “the use of data for industrial and commercial purposes, blackmail and military espionage activities or simply the intention to damage the image of the company by demonstrating … its organizational and IT vulnerability.”

D’Elia did not have any “intent to spy,” his lawyer, Nicola Naponiello, told Reuters, adding that the aim of the hack was “to show off his skills” and that D’Elia would cooperate with police to allow them inspect his hard disks and laptops.

A lawyer for Rossi said he had nothing to do with D’Elia, adding also that his client, who is currently under house arrest, had not damaged or destroyed any evidence of the crime.

Italy’s Review Court on Friday rejected appeals by lawyers for D’Elia and Rossi against their arrests. The two men have not been charged.

The investigation was complicated because the two men had covered up their actions, the document said.

D’Elia, who at the time of the alleged crime was a consultant for a small IT company called Open eSSe, was sent to Pomigliano as an “incident handler” to help police at the end of 2017 while working with Leonardo’s cybersecurity team.

This gave D’Elia the opportunity “to alter and conceal directly the evidence and traces of the crimes he had committed on the affected computers,” the arrest warrant said.

Open eSSe did not immediately respond to an email from Reuters seeking comment.

Rossi, who served as head of Leonardo’s Cyber Emergency Readiness Team, is alleged to have covered up the crime by failing to report the real quantity and importance of the stolen data. He is also accused of reformatting a computer containing evidence and data from the cyber-attack.

(Reporting by Francesca Landini; editing by Alexander Smith)