State databases hacked, information protected on multiple levels of control
New guidelines strengthen security on politicians and entrepreneurs: checks on internal users, searches performed and external suppliers
4' min read
4' min read
What is certain is that in the exfiltration of confidential data from the most important State databases, such as the Interforce CED of the Ministry of the Interior or Siva, which collects anti-money laundering alerts (the so-called SOS), the 'human factor' would have been crucial. This is how they defined it at the Viminale, after the investigation by the Milan Public Prosecutor's Office into Enrico Pazzali's company Equalize shed light on the role of 'moles' within the institutions who were leaking secret information on people and companies.
A bit like Pasquale Striano, the lieutenant of the Guardia di Finanza, seconded to the SOS office of the National Anti-Mafia Directorate, who 'stole' financial reports on politicians or entrepreneurs to hand them over to journalists upon request. Crucial was the case of Defence Minister Guido Crosetto who, according to the Perugia magistrates coordinated by Prosecutor Raffaele Cantone, was one of the main 'targets' of the dossier.
Unfaithful Functionaries
.Investigative reconstructions that have triggered a profound reflection on databases and the way they are managed. The same Agency for National Cybersecurity (Acn), an intelligence body that reports to the Chigi Palace and is directed by Prefect Bruno Frattasi, has noted, among others, a fundamental 'criticality': most of the actions were perpetrated by the possibility of access to information thanks to the permissions assigned to public administration officials who were later found to be 'unfaithful'. People who allegedly played a double game for purposes that remain to be clarified and who - in the delicate case under examination by the Rome Public Prosecutor's Office - may have handed over confidential information to foreign parties interested in financial speculation in Italy.
In recent days, the NCA has issued a 19-page document with new guidelines 'for strengthening the protection of databases against the risk of misuse'. It was realised that the excessive scope of permissions granted to authorised users had triggered a phenomenon that had degenerated into the buying and selling of confidential information. Material that is useful for targeting a political or business enemy and that, inevitably, risks manipulating market trends.
"Robust"
ControlIt was decided that structuring a consistent and robust control is 'the basis for ensuring that' access to databases 'is restricted to authorised personnel and users'. To this end, the digital identities of staff must be nominative and individual, not shared among several persons, also in order to be able to track access and unambiguously trace back to the internal and external staff making it.

