Massive hack-for-hire scandal rocks Italian political elites
The president and former prime minister were among targets of hackers selling highly sensitive data.
ROME — It’s The Italian Job, but instead of a gold heist hackers stole confidential data of some of the country’s most powerful politicians.
From a single room behind Milan’s Duomo cathedral, a 44-year-old IT consultant called Nunzio Samuele Calamucci pulled off a stunningly audacious, multi-year breach of a national security database, according to allegations revealed by Italian prosecutors in past days and detailed in a 518-page judicial document seen by POLITICO.
Calamucci, who previously boasted of penetrating the Pentagon with the Anonymous hacktivist collective, led a squadron of young software engineers in creating and maintaining databases for the Interior Ministry as part of a remote team, according to wiretaps recorded by investigators.
By night, however, when traffic on the servers was slow, the group downloaded reams of private data belonging to thousands of Italians, including President Sergio Mattarella and former Prime Minister Matteo Renzi.
The security breach has become a national scandal that has rocked the political establishment and embarrassed the government, which is facing calls for a parliamentary inquiry and an overhaul of its security policies.
“I’m bitter and hurt for me and my family,” Renzi, leader of the centrist Italia Viva party, told POLITICO. “This is not the first time something like this has happened to me. But as an Italian I’m angry because this is a threat to democracy and privacy.”
As of Tuesday morning, four people have been arrested and 60 under investigation. On Thursday an investigating judge is expected to hear the allegations, which include conspiracy to hack, corruption, illegal accessing of data and the violation of official secrets.
The breach was allegedly run by a private investigations company called Equalize, run by former top police officer Carmine Gallo under the auspices of Enrico Pazzali, president of Fondazione Fiera Milano, an Italian trade fair and conference operator.
Equalize tapped into government databases through a computer virus that allowed it to control the servers remotely, as well as through moles working on the inside. One compromised database logged suspicious financial activity, another traced private bank transactions and a third housed police investigations. In wiretaps, Calamucci, who worked for Equalize, allegedly boasted of having hacked the information of 800,000 people.
The data was then sold to clients or used to blackmail entrepreneurs and politicians from at least 2019 until March this year, the judicial document said. The group is believed to have raised more than €3.1 million in illicit proceeds.
The four apprehended have been placed under house arrest, including Gallo, Calamucci, private investigator Massimiliano Camponovo, and Giulio Cornelli, the owner of a tech and security firm.
The affair was “unacceptable” and “criminal,” Foreign Minister Antonio Tajani said on Sunday. “Spying on people’s private lives and then using the information for economic or political purposes is really a threat to democracy.”
Ignazio La Russa, the president of the Senate and member of the Meloni’s hard-right Brothers of Italy party, was among the victims of the hacks. He said on X he was “astonished” and “disgusted” about the claims that he and his sons had been spied on.
The political opposition has called for a parliamentary inquiry and wants Prime Minister Giorgia Meloni to explain the security breach to the legislature, given that the information was stolen from the Interior Ministry, which has custody of highly sensitive data.
“We want to know if there is, and what, if any, degree of involvement of pieces of the state apparatus,” said Francesco Boccia and Chiara Braga of the Democrats party in a statement shared with Italian media.
Meloni’s own Brothers of Italy party called for new legislation and tougher penalties for hacking in the wake of the revelations.
Italy’s data protection authority also released a statement saying it was launching a taskforce to look into the security of national databases.
Foreign Minister Antonio Tajani said he had tasked a team with securing embassies and his ministry. He warned the “information can be used by our enemies.”
A lawyer for Pazzali said he intended to show he had nothing to do with the alleged events.
Hannah Roberts reported from Rome. Antoaneta Roussi reported from Brussels.
What's Your Reaction?