Maria Zach: 'Yes. So basically, the theft of the election was orchestrated in the Rome embassy on the second floor of Via Veneto, by an employee Stefan Serafini, Foreign Service officer of over 20 years.
He retired the day before the election, to ensure he would not lose his pension. Unlike what happened to some of the FBI agents who betrayed our country in 2016, and did lose their pension just days before their retirement.
So Stefan Serafini coordinated with a General Claudio Graziano. And Claudio Graziano, General Graziano, is on the board of Leonardo, the defense contractor. Leonardo SPA. Leonardo used their military satellite uplink to load the software and transfer it over, to change the vote from Trump to Biden.
So what everybody’s been saying is that ‘we know something happened, we know something happened’. The proof that was missing, the very basic ‘who did it, where did they do it, and how did they do it?’ Has been missing from all of the, ah, all of the documents sent in to the courts, all of the affidavits. There was nothing that was helping us win in the courts.
‘They thought that they were very shrewd in how they did it. They ah, had a really brilliant plan, that was orchestrated by Barack Obama with the help of [Matteo] Renzi, the former prime minister of Italy.
The Italian Intelligence Service has supplied us with intercepts, photos, phone calls, and ah, shockingly, pictures of the CIA agents who have been involved in orchestrating this.
Those pictures of the CIA agents, ah, ended up on the Internet. And those operatives and the folks in the government in Italy, started panicking. And they started replacing all their heads of Intelligence, of the Cyber Readiness, and within Leonardo. And [at] Leonardo, the actual person that did the uploading, arrested. For quote-unquote “safekeeping”. And had the other one, ah, put in house arrest.
The gentlemen that are in ah, in jail and in house arrest, are being accused of ‘hacking in to Leonardo to look at like, airplane schematics’ and to get some of their other tools. They’re not saying what really happened, because it’s really about them trying to cover.
Unfortunately, other people know who they are. And their, their lives are at great risk...'
Italian authorities arrested two employees of the Italian defense contractor Leonardo. One is accused of installing a backdoor Trojan into the company's systems and exfiltrating 10GB of data over a two-year period and the other allegedly attempted to cover up the breach, according to local law enforcement officials.
The Cybercrime Working Group of the Naples Public Prosecutor's Office reports Arturo D'Elia, an IT security manager with Leonardo, has been charged and detained in connection with the incident. The second individual, Antonio Rossi, has been placed under house arrest for giving false and misleading information in an attempt to hinder the investigations.
"The investigations showed that, for almost two years, the IT structures of Leonardo SpA had been hit by a targeted and persistent cyberattack (known as Advanced Persistent Threat or APT), since it was carried out with installation in target systems, networks and machines of a malicious code aimed at creating and maintaining active communication channels suitable for allowing the silent exfiltration of significant quantities of classified data and information of significant corporate value," Italian prosecutors say.
The stolen information included data from the company's human resources department and information on the procurement and distribution of capital goods, as well as the design of civil aircraft components and military aircraft for the Italian and international market along with credentials for accessing personal information of Leonardo S.p.A. employees, the prosecutors say.
No strategic or classified information was included in the data breach, Leonardo notes in a statement, as that level of data is stored in a network that is not connected to the factory, which is located outside of Naples, Italy.
Leonardo is a defense contractor specializing in aerospace, maritime and cybersecurity with more than 44,000 employees worldwide and revenues of about $16 billion, according to the company.
An Insider Threat The intrusion into Leonardo's systems ran from 2015 to 2017 and was detected when the company's cybersecurity team noticed anomalous network traffic leaving workstations located in the company's Pomigliano d'Arco plant.
The company says the attacker used a USB key to install the malware onto workstations that then pulled data whenever the computer was activated. Overall, 94 workstations were involved, 33 located at the Pomigliano plant and the remainder at other Leonardo facilities. An additional 13 computers belonging to the telecom Alcatel were also infected.
"In January 2017 the cyber security structure of Leonardo SpA reported anomalous network traffic, outgoing from some workstations of the Pomigliano D'Arco plant, generated by an artifact software called 'cftmon.exe,' unknown to company antivirus systems," prosecutors say.
The data was then exfiltrated to a command-and-control server using the website www.fujinama.altervista.org, which was also seized during the operation, prosecutors report.
The workstations were used by company managers involved in the production of defense products, Leonardo says.
Leonardo reports it is continuing its cooperation with local law enforcement agencies.
Neither the company nor the prosecutors indicated what happened to the data once it was removed from the company's network, but any information related to defense is highly prized (see: Defense Contractor Hacking More Expansive Than First Thought)).
An Unknown Malware Authorities are still in the process of deconstructing the malware used in the incident, which has not been spotted before. What is known is the malware was contained in a USB drive and then manually inserted into the targeted computers. Once downloaded, it maintained persistence and activated whenever the unit was being operated.
The malware could log keystrokes and take screengrabs, the prosecutors report. Once the information was exfiltrated, the attacker, using the command-and-control server, deleted the malware.
"Confidential company data of Leonardo SpA's Pomigliano D'Arco plant were thus in fact in full control of the attacker, who, thanks to his corporate duties, was over time able to install multiple evolutionary versions of the malware, with capacity and effects always more invasive and penetrating," the prosecutors say.
http://mboxdrive.com/Maria%20Zach.mp3 Maria Zach
Excerpt:
Maria Zach: 'Yes. So basically, the theft of the election was orchestrated in the Rome embassy on the second floor of Via Veneto, by an employee Stefan Serafini, Foreign Service officer of over 20 years.
He retired the day before the election, to ensure he would not lose his pension. Unlike what happened to some of the FBI agents who betrayed our country in 2016, and did lose their pension just days before their retirement.
So Stefan Serafini coordinated with a General Claudio Graziano. And Claudio Graziano, General Graziano, is on the board of Leonardo, the defense contractor. Leonardo SPA. Leonardo used their military satellite uplink to load the software and transfer it over, to change the vote from Trump to Biden.
So what everybody’s been saying is that ‘we know something happened, we know something happened’. The proof that was missing, the very basic ‘who did it, where did they do it, and how did they do it?’ Has been missing from all of the, ah, all of the documents sent in to the courts, all of the affidavits. There was nothing that was helping us win in the courts.
‘They thought that they were very shrewd in how they did it. They ah, had a really brilliant plan, that was orchestrated by Barack Obama with the help of [Matteo] Renzi, the former prime minister of Italy.
The Italian Intelligence Service has supplied us with intercepts, photos, phone calls, and ah, shockingly, pictures of the CIA agents who have been involved in orchestrating this.
Those pictures of the CIA agents, ah, ended up on the Internet. And those operatives and the folks in the government in Italy, started panicking. And they started replacing all their heads of Intelligence, of the Cyber Readiness, and within Leonardo. And [at] Leonardo, the actual person that did the uploading, arrested. For quote-unquote “safekeeping”. And had the other one, ah, put in house arrest.
The gentlemen that are in ah, in jail and in house arrest, are being accused of ‘hacking in to Leonardo to look at like, airplane schematics’ and to get some of their other tools. They’re not saying what really happened, because it’s really about them trying to cover.
Unfortunately, other people know who they are. And their, their lives are at great risk...'
We have the best transcribers, don't we folks
Italian authorities arrested two employees of the Italian defense contractor Leonardo. One is accused of installing a backdoor Trojan into the company's systems and exfiltrating 10GB of data over a two-year period and the other allegedly attempted to cover up the breach, according to local law enforcement officials.
The Cybercrime Working Group of the Naples Public Prosecutor's Office reports Arturo D'Elia, an IT security manager with Leonardo, has been charged and detained in connection with the incident. The second individual, Antonio Rossi, has been placed under house arrest for giving false and misleading information in an attempt to hinder the investigations.
"The investigations showed that, for almost two years, the IT structures of Leonardo SpA had been hit by a targeted and persistent cyberattack (known as Advanced Persistent Threat or APT), since it was carried out with installation in target systems, networks and machines of a malicious code aimed at creating and maintaining active communication channels suitable for allowing the silent exfiltration of significant quantities of classified data and information of significant corporate value," Italian prosecutors say.
The stolen information included data from the company's human resources department and information on the procurement and distribution of capital goods, as well as the design of civil aircraft components and military aircraft for the Italian and international market along with credentials for accessing personal information of Leonardo S.p.A. employees, the prosecutors say.
No strategic or classified information was included in the data breach, Leonardo notes in a statement, as that level of data is stored in a network that is not connected to the factory, which is located outside of Naples, Italy.
Leonardo is a defense contractor specializing in aerospace, maritime and cybersecurity with more than 44,000 employees worldwide and revenues of about $16 billion, according to the company.
An Insider Threat The intrusion into Leonardo's systems ran from 2015 to 2017 and was detected when the company's cybersecurity team noticed anomalous network traffic leaving workstations located in the company's Pomigliano d'Arco plant.
The company says the attacker used a USB key to install the malware onto workstations that then pulled data whenever the computer was activated. Overall, 94 workstations were involved, 33 located at the Pomigliano plant and the remainder at other Leonardo facilities. An additional 13 computers belonging to the telecom Alcatel were also infected.
"In January 2017 the cyber security structure of Leonardo SpA reported anomalous network traffic, outgoing from some workstations of the Pomigliano D'Arco plant, generated by an artifact software called 'cftmon.exe,' unknown to company antivirus systems," prosecutors say.
The data was then exfiltrated to a command-and-control server using the website www.fujinama.altervista.org, which was also seized during the operation, prosecutors report.
The workstations were used by company managers involved in the production of defense products, Leonardo says.
Leonardo reports it is continuing its cooperation with local law enforcement agencies.
Neither the company nor the prosecutors indicated what happened to the data once it was removed from the company's network, but any information related to defense is highly prized (see: Defense Contractor Hacking More Expansive Than First Thought)).
An Unknown Malware Authorities are still in the process of deconstructing the malware used in the incident, which has not been spotted before. What is known is the malware was contained in a USB drive and then manually inserted into the targeted computers. Once downloaded, it maintained persistence and activated whenever the unit was being operated.
The malware could log keystrokes and take screengrabs, the prosecutors report. Once the information was exfiltrated, the attacker, using the command-and-control server, deleted the malware.
"Confidential company data of Leonardo SpA's Pomigliano D'Arco plant were thus in fact in full control of the attacker, who, thanks to his corporate duties, was over time able to install multiple evolutionary versions of the malware, with capacity and effects always more invasive and penetrating," the prosecutors say.