#AntiSecIT Analysis of the Anonymous Italian job

Last week I discussed with a friend on the risks related to attacks of the group Anonymous against strategic offices in Italy. In that occasion I didn’t excluded offensives of the group of hacktivists against institutions of my country predicting them in conjunction with the upcoming elections or financial maneuvers.

Anonymous group in Italy appears less active respect other countries, and this has misled those who have been victims of their attacks. Too much Italian security professionals consider the group as a disorganized collective unable to cause serious problems to the political reality of the country.

The Italian Anonymous collective has claimed to have obtained 1.35 Gigabyte from the Italian State Police, they have published the documents using various channels such as a TOR mirror for the leak and par-anoia.net portal. The anon-news.blogspot.de reports that the full archive contains 3500 private documents. The group has started a campaign named #AntiSecITA, according Reuters Italia the hacktivists have published on internet a few thousand documents that say they have stolen exploiting servers and web portals managed by state police. The documents report persons, events, personal data such as mobile phone numbers and email, pay slips and also soft-porn pictures. Anonymous announced the operation posting the following message on Italian Anonymous Blogs:

“For weeks, we love to browse in your server, in your e-mail address, your portals, documents, records and much more.

We are in possession of a large amount of material, eg documents on interception systems, spreadsheets, bugs latest generation of covert activities, files related to the NOTAV demonstrators and dissidents; various circulars but also numerous e-mails, some of which demonstrate your dishonesty (eg a communication in which you learn how to take possession of the firearm seized a foreign man without committing the crime of receiving stolen goods).

The security level of your system, contrary to what we thought was really poor, and we take the opportunity to take our revenge. Is there any problem, Officer?”

The hackers posted also  in their official site:

“Obviously the data is in Italian, thus limited information is available at this time. But several Italian researchers are busy with assessing the material already.”

The leaked documents contains details about wiretaps from Telcom Italia and confidential technical information about interception devices.

Another curious fact is the choice for Italy’s press.  Why use Italian insted English?

Although these gentlemen have shown effective computer skills, they preferred to communicate to their followers in Italian language, maybe due to the will of the collective to manifest its presence on the national territory and its strength, the intent is probably attract the largest number of followers to be involved in future operations.

I believe that the group is really thinking about something else, the act in question is demonstrative in my opinion, I think that the viewfinder is poinetd on other important and controversial national entities.

Another reflection on language, Italian cell of Anonymous clearly has a loose connection with the collective center, you probably self constituted and operates in total autonomy.

In the past Anonymous Italy has already attacked the state police stealing Italian anti-crime agency files on different international organizations, more than 8 gigabytes of information, stored on the server of the National Center for Computer Crime Protection of Critical Infrastructures (CNAIPIC).

The Reuters reports

“A few days earlier, police communications had announced, in turn, have identified “the promoter and some important representatives of Italian cell” group. The leader, according to investigators, was an activist living in Ticino known as “phre.” Along with him, the authorities had reported another 14 people, including six children.”

I understand that the investigation should be covered by the strictest of confidence but we run the risk that everything will be forgotten, accidentally or intentionally. In Italy more than one occasion won the silent on the need to ascertain objective responsibilities.

The incident is worrisome, a free citizen today may find its stolen interceptions files and this could fuel the climate of tension that exists in the country. Organs such as the police should have, in my opinion, publicly apologize for the incident and prosecute those who are attacking the security of citizens.

From a careful reading of the last announcement posted on par-anoia.net  once again written in Italian language I perceive that they are young, probably of university culture, active in the protection of the environment and angry with the police for events such as The Group of Eight (G8) forum occurred years ago and NoTAV question.

The battles referred by the group are local, far from the logic of the collective of Anonymous in this moment. The use of Italian preclude the divulgation on large scale of the arguments.

The police is perceived as an enemy to fight, and I think that this effect must work the police, try to listen to what they say these activists.
I live in Italy, the country suffers significantly corruption and is easy to understand how these guys can consider getting justice in this way, but the problems are elsewhere, much should be reviewed in the political class.

How can an italian citizen be sure that his private information, managed by law enforcement during an investigation, were properly protected?

Is really easy hack the servers of state police and why?
Are there objective responsibilities?

I afraid that one of the main problem in Italy is related to the concept of cyber security, security is considered a cost to reduce ….we must avoid it.
The Italian security landscape is static, always same names to fill several positions, no openness to new schools of thought …
I consider myself am a stranger at home …. many colleagues told me that read my posts in english it too complex, amazing.

Pierluigi Paganini