Leonardo hack targeted military plane details, arrest warrant shows


An investigation into a data theft at Leonardo has found that a hacker working inside the Italian defence group appeared to target details of Europe’s biggest unmanned fighter jet programme and aircraft used by the military and police, an arrest warrant shows.

The inquiry, which is ongoing, was undertaken by Italian police’s cybercrime divisions in Rome and Naples and Naples prosecutors. It began in January 2017 when Leonardo told police of an abnormal outflow of data from some of its computers.

Details of the parts of Leonardo’s business that the hacker allegedly targeted have not been reported before.

The warrant does not say whether the hacker was acting independently or at the behest of others, or the goal of the alleged activity.

In the 108-page warrant seen by Reuters, the judge leading the preliminary inquiry cites evidence that one of the computers which was hacked belonged to a Leonardo technician who worked on the electronic system of the nEUROn, an experimental unmanned military aircraft which was designed in 2012 under a European defence programme led by France.

Other computers belonged to Leonardo workers involved in the production of C27J military transport aircraft and ATR commercial and military turbo-prop planes used by Italy’s tax police and coastguard, the November-dated document said.

Asked about the details in the court document, Leonardo repeated that classified, strategic information was not held on the computers that were violated. Leonardo does not store top secret military data at the group’s plant in Pomigliano d’Arco, near Naples.

Leonardo said on 5 December that it was the injured party and that it had first reported the hacking, adding it would continue to cooperate fully with the police.

Data security is critical for the reputation of Leonardo, which as well as offering its own cybersecurity services, is involved in several European defence programmes to produce military aircraft and equipment, defence sector analysts say.

Italian police said on 5 December that at least ten gigabytes of confidential data was stolen from Leonardo between 2015 and 2017through a malware installed on targeted machines.

The police also said on 5 December they had arrested Arturo D’Elia and Antonio Rossi who had both worked at Leonardo, over their alleged role in hacking 94 computers, 33 of which were located at the group’s Pomigliano plant.

D’Elia is accused of having installed the malware on the computers to steal the data, while Rossi is accused of trying to throw the subsequent inquiry off track.

In the arrest warrant for preliminary investigations against the two men, the judge cited several possible reasons behind the hacking.

These included “the use of data for industrial and commercial purposes, blackmail and military espionage activities or simply the intention to damage the image of the company by demonstrating … its organisational and IT vulnerability.”

D’Elia did not have any “intent to spy”, his lawyer, Nicola Naponiello, told Reuters, adding that the aim of the hack was “to show off his skills” and that D’Elia would cooperate with police to allow them inspect his hard disks and laptops.

A lawyer for Rossi said he had nothing to do with D’Elia, adding also that his client, who is currently under house arrest, had not damaged or destroyed any evidence of the crime.

Italy’s Review Court on 4 December rejected appeals by lawyers for D’Elia and Rossi against their arrests. The two men have not been charged.

The investigation was complicated because the two men had covered up their actions, the document said.

D’Elia, who at the time of the alleged crime was a consultant for a small IT company called Open eSSe, was sent to Pomigliano as an “incident handler” to help police at the end of 2017 while working with Leonardo’s cybersecurity team.

This gave D’Elia the opportunity “to alter and conceal directly the evidence and traces of the crimes he had committed on the affected computers”, the arrest warrant said.

Open eSSe did not immediately respond to an email from Reuters seeking comment.

Rossi, who served as head of Leonardo’s Cyber EmergencyReadiness Team, is alleged to have covered up the crime by failing to report the real quantity and importance of the stolen data. He is also accused of reformatting a computer containing evidence and data from the cyber-attack.