Exclusive: Leonardo hack targeted military plane details, arrest warrant shows

Francesca Landini
·4-min read
FILE PHOTO: Leonardo logo is seen during celebrations for the 500th Eurofighter Typhoon produced by the European consortium at Caselle airport in Turin

By Francesca Landini

MILAN (Reuters) - An investigation into a data theft at Leonardo has found that a hacker working inside the Italian defence group appeared to target details of Europe's biggest unmanned fighter jet programme and aircraft used by the military and police, an arrest warrant shows.

The inquiry, which is ongoing, was undertaken by Italian police's cybercrime divisions in Rome and Naples and Naples prosecutors. It began in January 2017 when Leonardo told police of an abnormal outflow of data from some of its computers.

Details of the parts of Leonardo's business that the hacker allegedly targeted have not been reported before.

The warrant does not say whether the hacker was acting independently or at the behest of others, or the goal of the alleged activity.

In the 108-page warrant seen by Reuters, the judge leadingthe preliminary inquiry cites evidence that one of the computerswhich was hacked belonged to a Leonardo technician who worked on the electronic system of the nEUROn, an experimental unmanned military aircraft which was designed in 2012 under a European defence programme led by France.

Other computers belonged to Leonardo workers involved in theproduction of C27J military transport aircraft and ATR commercial and military turbo-prop planes used by Italy's taxpolice and coastguard, the November-dated document said.

Asked about the details in the court document, Leonardo repeated that classified, strategic information was notheld on the computers that were violated. Leonardo does notstore top secret military data at the group's plant in Pomigliano d'Arco, near Naples.

Leonardo said on Dec. 5 that it was the injured party andthat it had first reported the hacking, adding it would continueto cooperate fully with the police.

Data security is critical for the reputation of Leonardo, which as well as offering its own cybersecurity services, is involved in several European defence programmes to produce military aircraft and equipment, defence sector analysts say.

Italian police said on Dec. 5 that at least 10 gigabytes ofconfidential data was stolen from Leonardo between 2015 and 2017through a malware installed on targeted machines.

The police also said on Dec. 5 they had arrested Arturo D'Elia and Antonio Rossi who had both worked at Leonardo, over their alleged role in hacking 94 computers, 33 of which were located at the group's Pomigliano plant.

D'Elia is accused of having installed the malware on thecomputers to steal the data, while Rossi is accused of trying tothrow the subsequent inquiry off track.

In the arrest warrant for preliminary investigations against the two men, the judge cited several possible reasons behind the hacking.

These included "the use of data for industrial andcommercial purposes, blackmail and military espionage activitiesor simply the intention to damage the image of the company bydemonstrating ... its organisational and IT vulnerability."

D'Elia did not have any "intent to spy", his lawyer, Nicola Naponiello, told Reuters, adding that the aim of the hack was "to show off his skills" and that D'Elia would cooperate with police to allow them inspect his hard disks and laptops.

A lawyer for Rossi said he had nothing to do with D'Elia, adding also that his client, who is currently under house arrest, had not damaged or destroyed any evidence of the crime.

Italy's Review Court on Friday rejected appeals by lawyersfor D'Elia and Rossi against their arrests. The two men havenot been charged.

The investigation was complicated because the two men hadcovered up their actions, the document said.

D'Elia, who at the time of the alleged crime was aconsultant for a small IT company called Open eSSe, was sent to Pomigliano as an "incident handler" to help police at the endof 2017 while working with Leonardo's cybersecurity team.

This gave D'Elia the opportunity "to alter and conceal directly the evidence and traces of the crimes he had committed on the affected computers", the arrest warrant said.

Open eSSe did not immediately respond to an email from Reuters seeking comment.

Rossi, who served as head of Leonardo's Cyber EmergencyReadiness Team, is alleged to have covered up the crime byfailing to report the real quantity and importance of the stolendata. He is also accused of reformatting a computer containingevidence and data from the cyber-attack.

(Reporting by Francesca Landini; Editing by Alexander Smith)