Has Italy awakened in cyber-space?

(To Ciro Metuarata)
26/02/17

"Silence the enemy listens to you", warned a manifesto created at the time of the last world war. The need was to raise awareness among soldiers and the population about the importance of not divulging information that could somehow benefit the enemy in battle. Since then many things have changed but that imperative still retains all its importance indeed, in the so-called information era we are experiencing, it takes on an even greater value. Of course, fortunately our country is not engaged in any war conflict, so it has no "enemy" that "listens". However, compared to the time of the aforementioned manifesto, the situation from this point of view has only improved in appearance and our Authorities have realized it: among countries, even Allies, in competition with our nation in the economic, commercial field, scientific, technological and military and between non-state threats such as criminal organizations and terrorist organizations, it is clear that if Italy does not have an enemy, it certainly has many fearful "adversaries" who "listen" to it. And it has been noticed that these adversaries, in order to compete, resort to the national cybernetic space in a casual way to find valuable information. In this context, Italy seemed until recently to "surf" in cyber-space in calm waters. But the apparently calm has been abruptly interrupted with the new year due to two events that rose dramatically to the honor of the Italian chronicles: the episode of the alleged case of cyber-espionage imputed to the Occhionero brothers and the cyber attack on the Ministry's systems of Foreign Affairs and International Cooperation. Two events that, if nothing else, have "broken through" the impenetrable curtain that until then seemed to separate the world of cyber security experts from the ordinary citizen and its rulers and those responsible for the security apparatus.

At the center of the first case there are two unsuspected brothers arrested last January 10: a nuclear engineer, among other things, founder of a computer security company and a chemist who became a manager. The two are accused of having set up an intelligence station which, thanks to a particular malware spread using social engineering techniques, gathered information exchanged via e-mail from professionals in the economic legal sector, from political authorities and from high military officials who have a role of strategic importance for the nation. The investigations are still ongoing and will take time due to the considerable amount of data already seized from the two brothers in Italy to be analyzed and for the bureaucratic delays that are necessary to gain access to those still kept on servers abroad. Therefore, to understand whether it is 2.0 Freemasonry, international espionage or a crime case, it will take time but at least a couple of considerations can already be made. The first: a single diligent user is more effective than many expensive security systems. The second: cyber-espionage is now available to almost everyone. The diligent user is a manager of ENAV (National Agency for Flight Assistance) who, having received a suspicious e-mail, did the right thing: he did not open the attachment (which actually contained the malware used by the Occhionero) and reported the case to the authorities. The e-mail was then passed to the CNAIPIC (National Anti-crime Informatics Center for the Protection of Critical Infrastructures) of the State Police which conducted the investigations (to which at least one Italian specialized company contributed) which subsequently brought at the arrest of the two brothers. We are faced with a textbook case but unfortunately, judging by the large number of users that the couple would have been able to spy on, it was a more unique than rare event. It is however the demonstration that the human factor can make the difference in a cyber attack. Second consideration: two non-IT experts have been able to recover malware that has been around for years, to modify it for their own needs and to use it to launch attacks. Shocking? No, unfortunately it is the sad reality: how this can be done is well explained on the net, in case of need you can still ask someone for help paying reasonable amounts and for now no antivirus is able to recognize a "homemade" malware, if not after he has hit and been discovered (and he returns to the first consideration).

Of the second case we learned about it thanks to a foreign newspaper (The Guardian) last February 10: a cyber attack would hit the Foreign Ministry's e-mail system last year, allowing it to spy on all e-mail communications for a few months. The Ministry, in this regard, was quick to clarify that confidential communications were not compromised in any way. On the other hand, while confirming that an investigation into the incident was initiated by the competent authorities, the Ministry did not confirm the alleged origin of the attacks indicated by the newspaper: the Russian government. In any case, it should now be even clearer that our country is in the "cyber-target" of someone able to plan and conduct very sophisticated attacks that require huge resources. A reflection also on this case: it is possible to affirm with certainty that every employee of the Ministry spied has correctly used the electronic mail system affected by the attack, that is, that he has not used it to exchange confidential information even if not "labeled" as such or anyway of strategic value? Also in this case the role of the user was crucial. A further lesson learned: in the event of a cyber attack the difference is above all the ability to react effectively and promptly. Having ready, tested emergency plans, known by managers, employees and technical personnel, which are subject to periodic exercises is nowadays fundamental. On the other hand, it is said that there are only two types of computer systems: those that have already been "hacked" and those that sooner or later will be. Communication with the media should also be part of the emergency plans because it may not have pleased Italian citizens to have learned the news in question from a foreign site.

In short, has Italy finally been aroused in cyber-space after years of experts scrambling to warn of the risks they were taking? It seems so: last Friday 17, following a meeting of the CISR (Interministerial Committee for Security of the Republic) the new national cyber security plan was approved and a new decree on the same subject was adopted by the President of the Council of Ministers (the previous one dates back to 2013). It is hoped that the effects of these measures will be felt as soon as possible because, as was said on the sidelines of the presentation of the 2016 report by CLUSIT (Italian Association for IT Security), in the current situation cyber risks are "out of control". And it is expected that, in addition to investing in technology, a lot will be invested in that human factor which, very often, proves to be the determining factor.

Italy has been awake ... and now it must act very quickly.

 

Main sources:

http://formiche.net/2017/01/11/giulio-occhionero-cyber-spionaggio/

http://formiche.net/2017/01/17/mentat-solutions-occhionero/

https://www.theguardian.com/world/2017/feb/10/russia-suspected-over-hack...

http://www.sicurezzanazionale.gov.it/sisr.nsf/archivio-notizie/cyber-sec...

http://www.corrierecomunicazioni.it/digital/45999_clusit-2016-annus-horr...

Events

Click on the days highlighted in red and find out what's in evidence.
Tales of military life
Send us your story
Tribute (due) to the 80th "Roma" infantry who takes leave with honor

Well, yes, we are now used to witnessing the closure of the barracks and perhaps even a little to burying the long history of the departments, a phenomenon which however does not erase the memories. It also touched...

Read the story
"Il Signor Parolini" (ninth part)

The baked chicken, as expected, had lived up to its reputation, consolidating, where needed, the undisputed culinary mastery of Gastone, chief ...

Read the story