ROME – Italian police arrested two siblings on Tuesday for hacking the emails of European Central Bank President Mario Draghi, former Prime Minister Matteo Renzi and thousands of others.
The Rome court ordered the detention of Giulio Occhionero, 45, and his sister Francesca Maria Occhionero, 48, for stealing state secrets and illegal hacking. Lawyers representing the two could not be immediately reached.
“There were tens of thousands of email accounts hacked, and among them were accounts belonging to bankers, businessmen and even several cardinals in the Vatican,” said Roberto di Legami, head of the specialized police cyberunit that conducted the investigation.
Giulio Occhionero, a trained nuclear engineer and co-founder of investment firm Westland Securities, used a malware to infect the email accounts so that he could make “investments based on reserved information,” di Legami said.
Draghi’s account at the Bank of Italy, where he was previously governor, and Renzi’s personal Apple account that he used while he was prime minister were among those infected by the malware, according to the arrest warrant. Renzi’s official email as prime minister was also targeted, di Legami said.
However, Draghi’s ECB account was not listed in the warrant as having been touched and a source close to the matter said there was no evidence of a successful hacking of an ECB account.
Cybercrimes are in focus after U.S. intelligence agencies last week said Russia had conducted a cyber campaign aimed at discrediting Democrat Hillary Clinton and helping president-elect Donald Trump win the 2016 vote.
There was no evidence the Italian hackers were acting on behalf of foreign states, di Legami said.
Occhionero was a high-ranking member of a Masonic lodge, which in Italy are shrouded in secrecy, and among those he monitored was the grand master of the country’s biggest lodge, the arrest warrant said.
Occhionero, which means black-eye in Italian, used a customised malware called “EyePyramid,” a reference to the all-seeing eye of God like the one depicted on the U.S. dollar bill.
The stolen data was stored in servers in Prior Lake, Minnesota, and Salt Lake City, Utah, the court document showed.
The FBI has seized the servers and will ship them to Italy, Di Legami said.
While most of the hacking appears to have been focused on the email accounts, there was evidence that he had managed to install a keylogger on some computers, allowing him to see every keystroke, the warrant showed.
The investigation began when an infected email was detected in April, 2016, though there is evidence the two had been using the malware to spy since 2010.
Investigations so far show some 18,000 accounts may have been hacked, and some 2,000 user passwords identified.
Email addresses at important corporate law firms, accounting companies, finance police officials, economy ministry officials, Vatican offices, labor unions, and even credit recovery groups were also put under surveillance, according to the warrant.