The Federprivacy website, the Italian association of data protection professionals, and the social profile of president Nicola Bernardi were hacked yesterday. The cyber gang Alpha Team claimed responsibility for the attack. Today the website appears to be "under maintenance" while Bernardi's personal profile is still in the hands of hackers. Facts, names and insights
It's easy to talk about cybersecurity.
This time the hackers targeted the website of the Italian association of privacy and personal data protection professionals, Federprivacy.
The Federprivacy website has been inaccessible since November 13th: if today the word "under maintenance" appears, yesterday a black screen appeared (see cover photo) with the claim of the cyber attackers. This violation has a specific name: Defacing. “The term Defacing (in Italian with defacere) means the illicit modification of the home page of a website (its “face”) or the replacement of one or more internal pages. This type of attack is illegal in all countries of the world”, explains the Cybersecitalia portal.
Behind the attack is the Alpha Team cyber gang, which not only violated the Federprivacy website but also the social profile of President Nicola Bernardi, publishing a series of posts from the latter with emails and related passwords in clear text. some associates.
And it is appropriate to say "beyond insult to injury": from the Linkedin profile of the president of Federprivacy Bernardi, the hackers spread the link to the violated data of the members accompanied by an eloquent phrase: "This is the place of companies that declare themselves experts in a field they know nothing about." Also from Bernardi's Linkedin profile , another post reads: “He claims to make others feel safe and holds computer security courses. He was hacked too."
But "what is worrying is not the defeat of a "club" of professionals who by vocation or profession deal with privacy. The digital aggression in question offers numerous food for thought that should concern everyone and not just the victims", commented General Umberto Rapetto today on Giano.news .
All the details.
WHAT HAPPENED TO THE FEDERPRIVACY SITE, HIT BY HACKERS
On the Federprivacy website, unreachable since yesterday, the attackers who qualify as members of Alpha Team wrote: “This is proof of access to your server. Your IT infrastructure was compromised, which allowed us to access your server and databases. Please contact [email protected]”
And they conclude with a laconic: “WE ALWAYS KEEP OUR PROMISES”.
THE ATTACK FROM “OUR HOME”
First of all, the myth of the threat coming from who knows where collapses again. The attack in question is something from our house or, to play with the vowel changes of the Settimana Enigmistica, from cosa nostra. Phrases and messages appearing on the screens of visitors to the Federprivacy website or on the virtual noticeboards of Nicola Bernardi's contacts are written in excellent Italian" General Rapetto further observes regarding Alpha Team, adding that "the subjects in question are not new to raids on Italian territory and an interview by the online newspaper Red Hot Cyber suggests that Alpha Team has consolidated roots here. The disturbing conversation with the leader of this organization deserves to be read , without haste and possibly excluding any emotional involvement so as to make assessments that are as objective as possible."
ALPHA TEAM'S CLAIM ON PRESIDENT BERNARDI'S PROFILE
Also on the LinkedIn profile of the president of Federprivacy, the attackers are responding to user comments and publishing new posts. Like this one which explains the reason for the cyberattack and the unwillingness to publish all the data provided that "an agreement that satisfies both parties" is reached.
“ Dear Nicola Bernardi, I am Z0RG and I am the leader of the Alpha Team.
We found some big flaws in Federprivacy.org and entered the portal to make a copy of all your data.
We do this because it is unthinkable that those who protect other people's data do not protect their own.
We do not want to make public the enormous amount of data that belongs to you and that we now possess, nor sell it to competitors, nor use your social profiles and emails to harm others.
Instead, we want the matter to be resolved as discreetly as possible, so that, once our requests are met, we can delete everything in our possession and send you a report containing all the vulnerabilities we have discovered in your system, so that can be corrected.
Obviously, to do this, we would like to talk to you and find an agreement that satisfies both parties.
If you agree, reply to this message and we will have a civil discussion.
We really don't want to reveal everything and give a bad image of you in Italy. Because it will be difficult for your customers to trust you again.
We rely on your wisdom ”.
THE OBJECTIVE OF THE CYBER GANG
Also yesterday, from Bernardi's Linkedin profile Alpha Team wrote that "We demonstrate that those who sell or promote goods or services for data security do not in turn protect the data they have in their custody from others. and this is serious, because an association like Federprivacy collects many tens of thousands of euros every year from its members and cannot fail to protect their data by investing some of that money in the security that they advertise so much when offering their services?”
WHAT IS FEDERPRIVACY
Established in 2008, with registration in the registry of the Ministry of Finance on 27 March 2008, Federprivacy provides consultancy in the fields of privacy, data protection and security.
WHAT THE ASSOCIATION DOES
The association offers the following services: consultancy services provided by professionals who are experts in privacy, data protection and security, aimed at designing, implementing, verifying and maintaining systems for the management of personal data in compliance with current legislation, ensuring their security and their protection.
The 2007 Ateco code for members is 70.22.01 (Consulting activities for the management of company logistics). Furthermore, the Federprivacy association is the owner of the "privacy consultant" trademark, registered with the Ministry of Economic Development at no. REG. 0001428469, and also has indefinite authorization to use the "privacy officer" trademark, referred to in no. REG. 0001530053 at the same Ministry of Economic Development.
In addition to the already appointed President, Nicola Bernardi Malatesta, there is Davide Sottili Treasurer as general secretary and Magdalena Todor, Ettore Pasanisi and Vittorio Lombardi as councilors.
Among the various experiences in the privacy sector listed by the president, we also read on the privacy symposium website that Nicola Bernardi has collaborated as a consultant with numerous companies for the adaptation to privacy legislation since the first Italian law n. 675/1996.
To join the association as members, the following is required: the payment of 56 euros per year for Ordinary Members and 102 euros per year for Promoting Members. In 2014, 882 members were registered (since we cannot update at the moment given the inaccessibility of the Federprivacy website).
THE TIMING OF THE ATTACK
To underline even more the message of the Alpha Team cyber criminals who accuse Federprivacy of "selling or promoting goods or services for data security" but "does not in turn protect the data it has in its custody by others" is the timing with the activities of the association.
In fact, these days the cyber & privacy forum 2023 is being promoted, which will be held in Verona on November 29 "with the aim of encouraging the development of a common culture focused on security and data protection". The event is organized by Ethos Media Group in collaboration with Federprivacy, which is entrusted with the scientific direction of the conference event.
The objective of the meeting is "to provide concrete answers and update security professionals, in all sectors and at all levels – CISO, Security managers, Risk managers, Data Protection Officers, IT managers, corporate lawyers, Business executives company, officials of municipalities, bodies, law enforcement agencies, consultants, system integrators, installers, plant engineers".
WHAT BERNARDI WROTE IN 2019
Finally, the attack by Alpha Team against Federprivacy and Nicola Bernardi sounds even harsher when rereading what the president of Federprivacy wrote in 2019 regarding the first data collected from a Federprivacy report on the adaptation of Italian municipalities to the GDPR and cyber risks, on Sole 24 Ore.
“The unsecured connections based on the old «http» protocol and the absence of information on DPOs are worrying because the sites (and the data and information they contain) are exposed to hacker attacks and also the failure to publish contact details of the data protection officer effectively prevents citizens from exercising the rights recognized by the GDPR, Bernardi explained at the time.
All that remains therefore is to wait for Federprivacy's explanations of what happened to its own website.
This is a machine translation from Italian language of a post published on Start Magazine at the URL https://www.startmag.it/cybersecurity/perche-gli-hacker-hanno-preso-di-mira-federprivacy/ on Tue, 14 Nov 2023 15:44:57 +0000.