On October 12, 2016, Anonymous Italia launched a cyber offensive against the Polizia Penitenziaria (the Italian penitentiary police) to protest against the “unjust” acquittal of all those involved in the trial of Stefano Cucchi’s, a young Italian citizen who died in 2009 under still unclear circumstances a week after being remanded in custody by the Italian police for alleged drug dealing.
The Polizia di Stato (Italian police), and its different divisions, has been one of the preferred targets of the Italian hacktivists for years, mainly as a means to protest against alleged authority abuses and violence demonstrated by policemen under numerous circumstances. For instance, in October 2012, the hackers released online a batch of thousands of confidential documents exfiltrated from the Italian police’s servers, leading to the arrest of several members of the organization.
In this latest cyberattack, the Anonymous Italia’s hackers, in reprisal against the “deplorable state of the Italian justice system, which protects the executioners of defenseless citizens,” defaced the websites of the Associazione Nazionale Polizia Penitenziaria, the Polizia Penitenziaria’s blog, the Sindacato Autonomo Polizia Penitenziaria, and the Sindacato Autonomo Polizia Penitenziaria, Lombardia district. Furthermore, the Italian hacktivists also exfiltrated two database archives, presumably from the websites of the Polizia Penitenziaria (POLPE)’s blog and one of its labor unions (Sindacato Autonomo Polizia Penitenziaria – SAPPE).
The hacktivists leaked approximately 70 MB, compressed into two zip folders, presumably exfiltrated from the databases of the Sindacato Autonomo Polizia Penitenziaria’s blog and of its official monthly magazine (Polizia Penitenziaria, società giustizia & sicurezza), subsequently posting links to the downloading on their official blog. One folder is called polpe.zip, and the other sappedb.zip, hinting at their assumed origin. The most recent documents we detected within the leaked files are dated October 9, 2016. Notably, the two compromised websites are hosted on the same server, therefore it is possible that the hackers achieved access to the whole server.
We acquired the two leaked databases and our preliminary analysis reveals that they contain a trove of data, mostly relating to the activities of the blog and of the magazine linked to the penitentiary police’s labor union (SAPPE). However, thousands of organizational and personal email addresses of penitentiary police officers, carrying clear-text passwords, have also been exposed.
Our assessment is that the exfiltration of databases belonging to governmental bodies such as the Italian penitentiary police, demonstrates noteworthy technical capabilities by the initiators of the cyber operation, confirming once again the danger posed by Italian hacktivist elements.