An arrest warrant issued by the Italian police has revealed that a hacker working inside Leonardo appeared to have targeted computers with details on aircraft made by the contractor that are used by law enforcement and the military, including the nEUROn UCAV technology demonstrator, which was jointly developed with Dassault, Saab and Airbus among other European contractors.
Reuters was able to see the 108-page arrest warrant, in which the judge leading the preliminary inquiry into the hacking cites evidence that one of the computers targeted by the hack belonged to a Leonardo technician who worked on the electronic system of the one-off nEUROn. The November-dated warrant also states that other targeted computers belonged to Leonardo employees involved in the production of the C-27J Spartan tactical cargo aircraft and ATR turboprop aircraft, used as civilian airliners and as a patrol aircraft by the Italian Air Force and the Customs Police among other users.
The inquiry began in 2017, after Leonardo reported to police an abnormal outflow of computer data from some of its computers. The Italian police’s Rome and Naples cybercrime divisions have been investigating the hack alongside Naples prosecutors, confirming to Reuters on 5 December, that at least 10 gigabytes of confidential data had been stolen between 2015 and 2017 through malware installed on targeted machines.
Italian police stated to Reuters on 5 December that Arturo D’Elia, an IT consultant at the time of the crime, and Antonio Rossi, former head of Leonardo’s Cyber Emergency Readiness Team, have been arrested for their alleged role in hacking 94 computers, with 33 of the computers located at Leonardo’s Pomigliano d’Arco plant. D’Elia is accused of installing malware on the computers to steal data, while Rossi is accused of attempting to throw the investigation off track by failing to report the real quantity and importance of the stolen data, as well as reformatting a computer containing evidence and data from the hack.
While the warrant does not say if the hacker was working independently or at the behest of others, the judge cited several possible reasons for the hack, including “the use of data for industrial and commercial purposes, blackmail and military espionage activities or simply the intention to damage the image of the company by demonstrating … its organisational and IT vulnerability.”
Nicola Naponiello, D’Elia’s lawyer, denied that his client had any “intent to spy”, saying that the hack was because his client wanted to “to show off his skills”, and that D’Elia would cooperate with the investigation and allow his hard disks and laptops to be investigated.
Rossi’s lawyer denied that his client had anything to do with D’Elia, saying that he had not damaged or destroyed any evidence of the alleged crimes. Both men have yet to be charged, although Italy’s Review Court has already rejected appeals against their arrests.
The warrant described the investigation into the hack as complicated, as both men had worked to cover up their actions. D’Elia was sent to the Pomigliano plant at the end of 2017 as an “incident handler” to help police while working with Leonardo’s cybersecurity team, giving him the chance to “to alter and conceal directly the evidence and traces of the crimes he had committed on the affected computers”.
In response to inquiries from Reuters, Leonardo denied that classified or strategic information was present on the targeted computers, or elsewhere at the Pomigliano plant. They added that they would continue to provide full cooperation with the police investigation.