Earlier this morning we reported the bizarre story of how two hackers had managed to penetrate the email accounts of not only ECB head Mario Draghi, but also former Italian PMs Matteo Renzi and Mario Monti, as well as countless other highly placed politicians and executives. On the surface this may have been a non-event, especially if the hackers were unaware of the potentially market-moving content of the various emails hacked, and had no means of acting on the uncovered information.
However, as subsequent information revealed, there appears to be much more to the story, including a very surprise twist.
First, as Bloomberg reported, in addition to Draghi and Renzi, the extensive cyber-spying operation targeted more than 18,000 e-mail accounts, according to a court document. The aptly named operation “Eye Pyramid” (more on that shortly) revealed cyber-spying of institutions, state agencies, professionals, political figures and business people lasting for years, Italian police said in an e-mailed statement Tuesday.
Police said two people were arrested: a nuclear engineer and his sister, both living in Rome "and well-known in Roman financial circles."
The two were Giulio Occhionero, 45, and his sister Francesca Maria Occhionero, 48, who were charged with stealing state secrets and illegal hacking. Lawyers representing the two could not be immediately reached. According to the complaint, the alleged hackers acted “with the aim of making a profit for themselves or for others.”
The suspects' arrest warrant issued by Rome pre-trial Judge Maria Paola Tomaselli states that Draghi’s e-mail at the Bank of Italy was hacked in the summer of 2016. Draghi served as governor of the Italian central bank from 2005 to 2011. An e-mail account belonging to Renzi was also hacked, the document says.
Among the others hacked is a list of who's who in Italian politics: "There were tens of thousands of email accounts hacked, and among them were accounts belonging to bankers, businessmen and even several cardinals in the Vatican," Roberto Di Legami, head of the specialised police cyber unit that conducted the investigation, told Reuters. Other hacker were Italian oil giant Eni SpA, multinational power company Enel SpA and technology company Leonardo Finmeccanica SpA, the court document shows. Political parties, law firms, politicians and ministries were also targeted.
The suspects tried to obtain confidential and sensitive data, especially on banks, at the ECB in Frankfurt and at the Bank of Italy in Rome, according to a person familiar with the investigation, speaking on the condition of not being identified by name. As Bloomberg add, "the two arrested are suspected of obtaining information on national security, serious illegal access to a computer system and illicit interception of computer communications in an investigation led by Rome prosecutors, an Italian police statement said."
Thanks to a wide network of computers infected with malware called “Eyepyramid,” the pair allegedly obtained from a large number of victims “confidential information and sensitive data over many years” which was stored on U.S. servers, according to the police statement. Italian police, working with the Cyber Division of the Federal Bureau of Investigation, have seized the servers, it added. An official at the U.S. embassy in Rome declined to comment on behalf of the FBI.
Draghi's account at the Bank of Italy, where he was previously governor, and Renzi's personal Apple account that he used while he was prime minister were among those infected by the malware, according to the arrest warrant cited by Reuters. Renzi's official email as prime minister was also targeted, Di Legami said.
But back to the perpetrators, because that's where the story gets even more fascinating.
Giulio Occhionero, a trained nuclear engineer and co-founder of investment firm Westland Securities, used a malware to infect the email accounts so that he could make "investments based on reserved information," Di Legami said. In other words, profit using information extracted from the head of the European Central Bank, among others.
And now the punchline: according to the arrest warrant, Occhionero was a high-ranking member of a Masonic lodge, "which in Italy are shrouded in secrecy, and among those he monitored was the grand master of the country's biggest lodge."
While Putin was not involved in this particular hacking, the actual mechanism was far more bizarre: Occhionero, which means black-eye in Italian, used a customised malware called "Eye Pyramid", a reference to the all-seeing eye of God, like the one depicted on the back of the U.S. dollar bill, as well as a reference to the Masonic eye symbol, which also happens to grace every US Dollar bill.
The court document added that the stolen data was stored in servers in Prior Lake, Minnesota, and Salt Lake City, Utah. The Federal Bureau of Investigation has seized the servers and will ship them to Italy, Di Legami said.
While most of the hacking appears to have been focused on the email accounts, there was evidence that he had managed to install a keylogger on some computers, allowing him to see every keystroke, the warrant showed. It was not clear which computers the Mason was able to track.
The warrant notes that while the investigation began when an infected email was detected in April, 2016, there is evidence the two had been using the malware to spy since 2010. As noted above, the investigation so far shows some 18,000 accounts may have been hacked, and some 2,000 user passwords identified.
And even thought the head of the specialised police cyber unit that conducted the investigation told Reuters there was no evidence the Italian hackers were acting on behalf of foreign states, one wonders which other foreign or non non-foreign actors also had access to information that may have been sourced from the email of Mario Draghi as well as the most important central bank in Europe, and how Occhionero - a high-ranking mason and finance professional - profited on the information, and how any of his accomplices, Masons or otherwise, benefited from having an inside view into what may have been extremely critical, market-moving news, coming at a time when the ECB annonced a variety of initiatives which resulted in the biggest drop in corporate bond yields in history.
Finally, if Occhionero managed to hack virtually every highly-placed Italian, did he do the same with foreign entities, such as Americans, at a time when the public and media are both extremely sensitive to any news of cybercrime, and if so what did they learn?
We hope to learn more as this fascinating case unfolds.