A brother-sister hacker duo has been arrested by Italian police for developing a customised malware and hacking into email accounts of Italy's elite. Giulio Occhionero, 45, a nuclear engineer, and his sister Francesca Maria Occhionero, 48, both of whom reside in Rome, have been charged with launching a massive cyberespionage campaign that targeted two former Italian prime ministers, a Vatican cardinal, the president of the European Central Bank and thousands of others, according to reports.
The hackers, who also have residency in the UK, but were believed to have been residing in Rome in the recent past, were charged with hacking and stealing state secrets. The siblings have been accused of hacking at least 18,000 email accounts, which belonged to Italian businessmen, bankers, and politicians, including former prime ministers Matteo Renzi and Mario Monti.
Authorities believe that the hacker duo also targeted Cardinal Gianfranco Ravasi, the Vatican's culture minister and former deputy chief of Italy's secret services, among others. Authorities believe that the hacked information was used by Occhionero to make investments based on confidential information, via Westland Securities, an investment firm he heads.
"We have evidence that the spying activity was going on since 2010 and possibly several years before that," said Roberto Di Legami, the director of the specialised cyber police unit that conducted the investigation, the Telegraph reported. "They attempted to infiltrate tens of thousands of accounts. The investigation has just started and there are thousands of encrypted files which we need to try to open."
Investigators determined that the duo used a customised malware dubbed EyePyramid to infect victims' computers. Occhionero, a former head of a Freemasons' lodge, is believed to have named the malware after the Masonic all-seeing eye symbol, which appears on the US one dollar bill. Reports also speculate that the malware's name may have been a subtle word-play on his own surname, which roughly translated, means "black eye" in Italian.
The hacked and stolen data has reportedly been stored on servers in the US, which the FBI is helping analyse and retrieve.
"We will know only after we receive the seized material from the US and at that point, through forensic activity, we will manage to put everything in place, to know who was spied on, for how long, what kind of data was stolen," Di Legami told the Guardian.
According to Di Legami, the investigation into the cyberespionage campaign was triggered after a security specialist raised concerns, after receiving a malware-laced email from a sender posing to be a lawyer. Di Legami noted that authorities are yet to uncover any evidence of the hacked data having been sold to a third party or having been used to blackmail victims.
Commenting on possible motives, Di Legami said: "If you ask me why he was doing it, in my experience, it would be that he was doing it for power."
The FBI said it had provided support to the Italian probe into the cyberespionage campaign that targeted victims in Europe and the US. The Italian police confirmed that US authorities would help determine how the hackers infiltrated systems and stole data. Police added that the data sought by the hackers had financial value.