Italian cybercrime police hacked by Anonymous
Operation AntiSec claims significant scalp
By Philip Willan | Published: 11:07, 26 July 2011
Italy's specialist police unit responsible for combating cybercrime suffered an embarrassing attack by hackers linked to the loosely knit Anonymous hacktivist network.
In a communique posted on Twitter, the hacker group claimed to have obtained more than 8 gigabytes of internal data from what it called the "Homeland Security Cyber Operation Unit in Europe" and said it would publish all the material it had obtained from its Italian branch.
The group said it had "owned" the server of the National Center for Computer Crime and the Protection of Critical Infrastructure (CNAIPIC) of the Italian police and would be publishing the material via the LulzSec and Anonymous communities under its #AntiSec campaign.
Related Articles on Techworld
The hackers said the information came from computer hard drives seized in the course of police investigations. Rather than using it to facilitate the investigations, the hackers claimed, "this corrupt organisation" had used the information illegally "to further the desire for power and money of various oligarchies."
"Many people are in prison awaiting trial while CNAIPIC used some of the data in the great game of international espionage," the hackers said.
The LulzSec statement said it had information on the Ministry of Transport in Egypt, the Ministry of Defense in Australia, and a number of companies in Russia including Atomstroyexport, Sibneft and Gazprom. It was not clear whether all the material originated with the CNAIPIC hack, however.
The group said it had commercial information on companies based in Gibraltar, Cyprus and the Cayman Islands, among them Line Holdings, Dugsberry, Alpha Prime and Alpha Minerals. US entities identified included the Department of Justice and the Department of Agriculture as well as corporations and contractors "that were receiving public funding, though we can't understand why."
Other documents identified by the newspaper La Repubblica as having been copied during the attack concerned the Madoff financial scandal, Exxon, the identity documents of Middle Eastern individuals and official documents written in Russian and Arabic.
There was even a chart showing CNAIPIC's telecom architecture and a photograph of uniformed officers who presumably work for the unit included in the hackers' information dump.
CNAIPIC's website says the unit is tasked with combating computer crime and protecting the nation's critical IT infrastructure. It employs highly specialised staff with experience in the sectors of cyberterrorism and industrial espionage, the site says.
Earlier this month police raided premises in Italy as part of an ongoing investigation into the activities of the Anonymous group and denounced three alleged members for possible prosecution, while in the US the FBI arrested 14 of its alleged members for a series of DDoS (distributed denial-of-service) attacks against PayPal.
The latest hacking operation was pre-announced on Twitter on Friday: "The recent attacks by the international Anonymous and LulzSec movements are just a warning that this thought cannot be stopped. With this text we inform you that Opitaly is in a phase of renewal."
The Italian police said Monday it was investigating the scope of the alleged security breach. "Content has been published online that appears to come from the Communication Police's CNAIPIC unit and inquiries are under way into its authenticity," the police statement said.
A police spokeswoman said it was "only human" for the police to feel embarrassed over the affair.
The hacked servers are believed to belong to a company that provides CNAIPIC with technical assistance, La Repubblica reported.