What the hell happened to the Revenue Agency? by Umberto Rapetto

The hacker-Agenzia delle Entrate-Sogei case seen by Umberto Rapetto Deny. Deny even the evidence. It is a classic of faithless husbands, but not only. Companies and Public Administrations – far from having to hide escapades of any kind – use this technique with great ease. And it happened again this time. A group of cybercriminals – known to be dramatically "reliable" – claim to have stolen a certain amount of potentially critical information from the Revenue Agency's computers. They have already made many armored entrepreneurial and institutional realities cry and – if ever there were a "TripAdvisor" of those who cook the most important information systems – the "gentlemen" of Lockbit 3.0 could boast memorable reviews. The Michelin Guide of the past would even have written "deserves a detour"... . The news is quick to rebound and joy spreads among the hardened tax evaders and among the many poor recipients of investigations that are not always surgical and often – like the dust under the carpet – destined to disappear with the providential "self-protection". The tricolor tax authorities find themselves at the center of attention and awakens the dormant memory of the mythological "crazy folders" that the whole world has always envied us as an example of unsurpassed creativity ... Since the watchword is "everything is fine", even this time nothing officially happened. In the collective dismay, the Agency comes alive with a statement with a Roman tone "but davero?!?", duly with a "v" only as it is used in the Capital, and ensures to ask SOGEI that historically manages the systems.

The stainless "Società Generale di Informatica", owned by the Department of Economy and Finance and recently in the headlines for a memorable blackout, immediately took care to deny the existence of any attack "on the site of the Revenue Agency". Wait. "To the site"? SOGEI says verbatim "From the technical investigations carried out Sogei therefore excludes that a cyber attack on the site of the Revenue Agency may have occurred". The Russian brigands announcing the exhibition of the scalp do not talk about any website, but only about having come into possession of information from the Revenue Agency. They probably got into the computer of some internal employee or an employee of any supplier. There is never a lack of those who have made a few "clicks" too much after being deluded of some millionaire winnings in lotteries in which they have never participated, of the advances of some statuary inflatable matron found around the social networks, of the possibilities of earning that only a registered fraudster is able to fresco in the imagination of the pyrla on duty. The anthropomorphic vision of the most powerful computer systems allows us to glimpse the traditional heel in the role of weak point. We learned it (or, rather, we should have learned it) with the disastrous experience of the Lazio Region that characterized last summer revealing a level of vulnerability to say the least disheartening. A workstation is enough to open the door to the bad guys. That computer can be enabled to access other people's archives and applications, embodying Charon ready to ferry the bandits to the other shore. That same "machine" is able to store delicious information for those who want to hurt an organization. They can be documents and files exchanged for business purposes, as normally happens between the client and the service provider. Stuff that is obviously not destined to become public for natural reasons of confidentiality. The malloppo is quantitatively insignificant. But a small diamond is worth much more than a wagonload of manure. The 78 gigabytes boasted by Lockbit 3.0 can simply be a slice of the victim's disk. Perhaps we will know who the victim is only after the exposure of the stolen goods, provided that someone does not give in to blackmail and pay the sum to ensure a beneficial silence. In the latter case the aura of mystery does not necessarily turn into favorable oblivion. Undue access is like peppers eaten in the evening: sooner or later they "come back up" even if the world of information forgets with extreme ease. If nothing really happened, let's sit back and wait for the countdown to end, eager to read the contents of the loot. In recent times, data and projects of Ferrari, Lamborghini and Maserati were on sale. None of the three automakers had been targeted by hackers, yet confidential technical material concerning them circulated. The ruthless band Everest had hit Speroni SpA which supplied important components of the most beautiful sports cars ... It will be the Privacy Guarantor to evaluate the content of what this time the gangsters will spit on the surface Internet, in the deep web or in the ravines of the darknet. Article published on giano.news • 31 July 2022