In a recent press release, Italy’s Polizia Postale shed some light on their operations and arrests in 2017. The Polizia Postale investigates communication crime, including cyber terrorism, hacking, child pornography, and general cybercrime. Last year, in particular, the police noticed an uptick in the use of the darknet in crimes involving child abuse or solicitation. They have sworn to adapt.
In their own words, “the main operational effort of the Postal Police and Communications is in the continuous updating of their computer skills to provide an adequate response to the ever new technological frontiers of delinquency.” In 2017, the new frontiers included social networking applications and services, along with darknet forums and communities. The police are deep undercover in both areas, according to assistant chief Marcello La Bella. During 2017, the Postal Police investigated almost 600 for crimes related to illegal pornography on the internet and arrested 55 suspects for online crimes against children.
Operation Black Shadow, an investigation into child pornography led by the Postale di Trento, pointed police in the direction of 36 suspected owners or viewers of child pornography. Of the 36 houses searched, the Postale di Trento managed to arrest 10 suspects. Another operation by the Polizia postale di Firenze led to more than 40 house searches and three arrests. The Postale di Trieste arrested nine in a similar operation.
A significant increase, they wrote, could be seen in the number of cybercrime events directed towards individuals, such as defamation, cyberstalking, or identity theft. The police dealt with nearly 1,000 investigations. They managed only to arrest nine suspects, however. The National Anti-Crime Center for Critical Infrastructure Protection reported 28,522 alerts about threats to national infrastructure. The Center handled 1,006 known attacks on critical infrastructure and worked with the other agencies in 80 cases.
Two cases stood out. The operation “EyePyramid” and the Polizia Postale’s involvement in dismantling the Andromeda botnet. The investigation into the EyePyramid malware campaign began in before 2017, but continued until the arrest of a brother and sister in January, 2017. From at least 2014 and likely earlier than that, the duo had operated a spear-phishing campaign that utilized a seemingly amateur piece of malware called EyePyramid. They targeted politicians, bankers, enforcement officers, and freemasons in Italy. The brother and sister behind the campaign appeared to have very little understanding of OPSEC; they used personal email addresses for registrations linked to the malware and operated the C&C from I.P. addresses traceable to their place of employment.
Yet, despite the OPSEC failures and unsophisticated malware, the duo had collected more than 80 gigabytes of emails, usernames, passwords, and other sensitive information. According to the announcement, the Polizia Postale also played a role in the takedown of the Andromeda botnet.