Four people have been charged and dozens more are being investigated in an Italian hacking scandal that included a multi-year breach of a national security database and exposed the personal data of Italian President Sergio Mattarella and former Prime Minister Matteo Renzi – as well as the data of potentially hundreds of thousands of people.
Victims have allegedly included some of Italy’s most prominent citizens – and another is under investigation in the case.
Prosecutors say the hackers gained access to the sensitive data “by bribing police officers,” planting remote access trojans (RATs) on servers “and infiltrating the personnel charged with the maintenance of the interior ministry’s computer system,” the Times of London reported.
The operation ran for at least five years, according to reports.
The Company Behind the Italian Hacking Scandal
The breach was allegedly masterminded by a private investigations company called Equalize, run by “former top police officer Carmine Gallo under the auspices of Enrico Pazzali,” president of Italian trade conference firm Fondazione Fiera Milano, Politico EU reported.
Gallo was one of the four charged, along with Nunzio Samuele Calamucci, “who previously boasted of penetrating the Pentagon with the Anonymous hacktivist collective” and who “led a squadron of young software engineers in creating and maintaining databases for the Interior Ministry as part of a remote team,” Politico EU said, citing wiretaps in the case.
Others charged include private investigator Massimiliano Camponovo and Giulio Cornelli, who own a technology and security firm. All have been placed under house arrest.
The Times reported that targets of the operation have included former Milan Mayor Letizia Moratti, AC Milan Chairman Paolo Scaroni, journalists at three top newspapers, the pop singer Alex Britti, and many more.
The data was sold to clients or used to blackmail victims from at least 2019 until March 2024, Politico EU said, citing a judicial document. The hackers have raised more than €3.1 million from the operation, the publication reported.
15TB of Data on 800,000 People Allegedly Exposed
Calamucci was allegedly caught on wiretap boasting to Gallo of possessing 800,000 files and 15TB of data from the police databases. One of the compromised databases recorded suspicious financial activity, a second traced private bank transactions, and a third contained police investigations.
Gallo, whom the Times said is known for “courageous investigations into the Calabrian mafia and his success in rescuing kidnap victims,” allegedly claimed on one recording “to have pornographic videos showing the late Silvio Berlusconi with Karima el-Mahroug, a dancer nicknamed ‘Ruby the Heartstealer’ whom the former prime minister first met when she was 17,” the Times said.
Also allegedly under investigation is Leonardo Maria Del Vecchio, an heir to the Luxottica eyewear fortune, and former Lehman Brothers banker Matteo Arpe, both of whom have denied wrongdoing in the case.
Del Vecchio is “alleged to have asked Equalize to monitor his elder brother, Claudio, and an assistant to one of his sisters, Paola Del Vecchio,” as part of a dispute over the family fortune, the Times said.
“Prosecutors said Equalize drew up a fake New York police report dated 2018 linking Claudio to a convicted sex offender,” the Times report said.
Through their blackmail and extortion campaigns, Judge Fabrizio Filice wrote in the arrest warrant for the four suspects that they “had the whole country in its hands”.
Several political leaders in the country have called for an investigation into the Interior Ministry’s lax security, and cleanup operations and task forces have also been launched. Regardless of the success of near-term incidence response and cleanup efforts, it will likely be some time before the cybersecurity and legal investigations run their course.
