Mario Draghi, president of the European Central Bank, and former Italian Prime Minister Matteo Renzi were among those hacked in a cyber-spying operation that targeted more than 18,000 e-mail accounts, according to a court document seen by Bloomberg.
Operation “Eye Pyramid” revealed cyber-spying of institutions, state agencies, professionals, political figures and business people lasting for years, Italian police said in an e-mailed statement on Tuesday. Police said two people were arrested: a nuclear engineer and his sister, both living in Rome and well-known in Roman financial circles.
The alleged hackers acted “with the aim of making a profit for themselves or for others,” the court document says.
Draghi’s e-mail at the Bank of Italy was hacked in the summer of 2016, according to the suspects’ arrest warrant issued by Rome pre-trial Judge Maria Paola Tomaselli. Draghi served as governor of the Italian central bank from 2005 to 2011. An e-mail account belonging to Renzi was also hacked, the document says.
The ECB, Renzi’s Democratic Party and the Bank of Italy declined to comment when contacted by Bloomberg. A person familiar with the matter said the Frankfurt-based ECB had no indication of a successful e-mail breach there.
Among the hackers’ targets were oil group Eni SpA, multinational power company Enel SpA and technology company Leonardo Finmeccanica SpA, the court document shows. Political parties, law firms, politicians and ministries were also targeted.
The suspects tried to obtain confidential and sensitive data, especially on banks, at the ECB in Frankfurt and at the Bank of Italy in Rome, according to a person familiar with the investigation, speaking on the condition of not being identified by name.
The two arrested are suspected of obtaining information on national security, serious illegal access to a computer system and illicit interception of computer communications in an investigation led by Rome prosecutors, an Italian police statement said.
Thanks to a wide network of computers infected with malware called “Eyepyramid,” the pair allegedly obtained from a large number of victims “confidential information and sensitive data over many years” which was stored on US servers, according to the police statement.
Italian police, working with the Cyber Division of the Federal Bureau of Investigation, have seized the servers, it added. An official at the US embassy in Rome declined to comment on behalf of the FBI.
The network targeted individuals who possessed particularly sensitive or strategic data, or “of particular value for those working in specific financial circles,” the statement said.