Le data room they are used in different commercial contexts, in the event that several subjects or companies must share a large amount of confidential, confidential data (however not intended for the public), concerning the offer of services or goods for sale, thus avoiding the risky passage of information.
In short, these are real safes containing shared information, which can be accessed securely, reducing the risk of disclosure, even accidental, connected to the transfer or distribution of the data itself.
La data room traditional, in fact, was a constantly monitored room, usually located at the seller's premises or in that of his lawyers that the interested parties and their consultants could visit in order to consult documents, registers and other data made available.
With the advent of technology, the data rooms have been reproduced in a virtual environment (the so-called virtual data room).
A virtual data room consists of a site, a platform or in any case a reserved virtual space, whose access is allowed to a defined number of subjects to whom a secure key is provided, which allows the consultation of the content. The enabled subjects can thus access the data, download it without having to respect consultation rounds.
In the sector of the supply of essential services and in particular telecommunications services, the data rooms (such as Opera, DTU system, Tim Retail, Wholesale portal) collect confidential data, shared by sector operators, for the management of the so-called. portability and network maintenance.
Such precious safety vault information is managed by Tim, maintainer of the network infrastructure and above all of the so-called last mile, the last section of the infrastructure that lands at the individual consumer user.
Data relating to the technical management of users has always had great economic value on the market (think of the information relating to fault reports) and can allow the implementation of aggressive commercial practices, aimed at obtaining customers, perhaps predisposed to portability precisely because of various problems, reported and present in the DATA ROOM.
Today the final phase of the operation was started "DATA ROOM", An articulated investigation activity coordinated by Prosecutor of the Republic of Rome, and conducted by the specialized investigators of the National Cybercrime Center for the Protection of Critical Infrastructures - CNAIPIC of the Postal and Communications Police Service, with the collaboration of Compartments of Naples, Perugia, Ancona and Rome.
Over 100 Postal Police specialists are busy executing 20 precautionary measures, in particular 13 ordinances ordering house arrest and further 7 ordinances which establish the obligation to reside in the municipality of residence and the prohibition to exercise companies or to hold managerial positions in companies and legal persons. The recipients of these measures are the subject, together with a further 6 suspects, oflocal and IT searches.
The suspects are responsible, in various capacities and in competition with each other, for the aggravated violation of the offenses provided for in art. 615 ter of the Italian Criminal Code (abusive access to the IT system), art. 615 quater of the Italian Criminal Code (abusive possession and dissemination of access codes), concerning the conduct of systems of public interest, and of the violation of the privacy law art. 167-bis of Legislative Decree 193/2003 (communications and unlawful disclosure of personal data subject to large-scale processing).
The restrictive measures, issued by GIP at the Court of Rome, they were carried out against suspects residing on the Capitoline territory and in various provinces of Campania.
The recipients of the measures include unfaithful employees of telephone companies, (the material procurers of the "precious" data), the intermediaries who dealt with the illegal trade in the information extracted from the databases and the owners of telephone call centers, who exploited these important information to contact potential customers and make the expected commissions for each portability, that go up to 400 euros for each new contract entered into.
During the complex investigative activities, the suspects have acquired concrete and unequivocal evidence regarding the execution of repeated illegal access to the data room in use to the telephone operators operating on the national territory and managed directly by TIM, containing the delivery work orders and the complaints of provident insurance coming from user reports regarding telecommunications network outages.
The complex investigations were initiated in February by CNAIPIC, by proxy of the Public Prosecutor of the Republic of Rome, following a complaint filed by Telecom Italia, which reported various abusive accesses to the IT systems managed by TIM, found at least starting from January 2019.
Illegal accesses were through account o virtual desktops used by employees of telephony service operators and partner companies for access to databases, keys often stolen fraudulently, directly managed by the complainant company itself, due to the concession of the maintenance activities of the national telephone infrastructure.
The databases are routinely supplied by all the telephone operators in relation to the reports received from customers on the disservices detected, representing, moreover, a real snapshot of the conditions of the national telecommunications infrastructure.
The "criminal chain", within which each component has a specific task, functional to the achievement of the final objective, had even set up "automatons", thanks to the collaboration of an expert Roman programmer, also affected by a precautionary measure , ie software programmed to carry out continuous, daily queries and data extraction.
The extractions, as verified during the interceptions, were systematically carried out with an average volume of hundreds of thousands of records per month. The suspects managed these volumes modulating them according to the illicit "demand" of the market, as emerges for example from a conversation in which one of the suspects asked an unfaithful employee for an integration of 15.000 records to reach the 70.000 agreed for the current month, announcing an additional order for 60.000 mobile users.
The information extracted from the database, therefore, became the subject of an illicit merchandise, as it was particularly attractive for the remote contract sales companies that seek precisely to intercept the most "vulnerable" customers, due to problems or disservices, to therefore propose the change of your telephone operator.
The complex "system" saw on the one hand a series of unfaithful technicians capable of procuring data, on the other a real commercial network that revolved around the figure of an entrepreneur from Campania, buyer of the precious "goods" and in turn able to extract "on their own", even with the use of automation software, large quantities of information, by virtue of credentials illegally stolen from unsuspecting employees.
The "goods" were then placed on the call center market, 13 are those already identified, all in the Campania area, and subject to as many searches.
The data itself, adequately "cleaned" to be used by the various call centers, passed from hand to hand, resold at reduced prices based on the "freshness" of the data itself, the engine of a movement that feeds the phenomenon of continuous commercial proposals that all they know well.
Of absolute criminal level the amount of proceeds, as emerges from more than one conversation in which some suspects discuss the fees, the result of illegal activity, agreeing on the distribution of the illegal proceeds of the month, for tens of thousands of euros to be shared among the unfaithful operators and collectors / resellers of data.
The technical investigations also made it possible to highlight how the marketing of user lists and their contact details also concerned the IT systems used by managers operating in the energy sector, which are being further investigated.
The complex investigations have seen the specialists of the Postal Police and Communications Service engaged in the activity of telephone interception and stalking of the suspects, as well as in complex activities of feedback and analysis on the computer systems relating to the platforms containing the data, made possible also thanks the precious collaboration of the Telecom Italia corporate security structure.
This is the first large-scale operation aimed at the protection of stolen personal data, a phenomenon known to all that involves unfaithful employees, compliant call centers and intermediaries and which has as its object what on the market has assumed a significant commercial value: the data reserved relating to users.
For the execution of the restrictive and search measures, as well as for carrying out the information activity, the CNAIPIC coordinated a team of specialists in which i Departments of the Postal Police of Rome, Naples, Perugia and Ancona.
The CNAIPIC
In the framework of the strategies for the protection of critical computer infrastructures, the establishment of the National Anti-Crime Center for Critical Infrastructure Protection (CNAIPIC), within the Postal and Communications Police Service, is proposed as an operational model of absolute innovative character, Also in relation to the international context.
According to art. 7 bis of the law 31 July 2005 n. 155 (which has converted 27 2005 144 Decree 09 2008 with XNUMX Decree "Urgent Measures Against International Terrorism") CNAIPIC is exclusively engaged in the conduct of prevention and counterfeiting of cybercrime, Of a common, organized or terrorist criminal matrix aimed at computer systems or telematic networks supporting the functions of institutions and companies that deliver or run vital services or processes for the country system, conventionally defined as critical computer infrastructures and which, Always in accordance with the aforesaid rule of law, have been identified as such with the Decree of the Minister of Interior of XNUMX January XNUMX.
The CNAIPIC therefore intervenes in favor of the security of a range of infrastructures characterized by intersectoral criticism (due to the ever closer ties of interconnection and interdependence between the different infrastructure sectors) and to a kind of threat that can have as much a ' Extraterritorial origin as well as a "domino effect" and transnational impact projection.
The operating model is also based on the principle of "public-private" partnerships: CNAIPIC, in fact, assumes (through an Operations Room available 24 hours a day and 7 days a week) a central location within a network of critical infrastructural realities (institutional and corporate), and operates in close connection with various types of organizations (national and foreign), engaged both in the specific sector and on the subject of IT security, with which it maintains constant relations of information exchange and provides (through Intelligence Units and analysis) to the collection and processing of data useful for the purpose of preventing and combating the threat.
The aforementioned partnership relationship finds its moment of formalization in the stipulation of specific agreements; from the 2008 to today 78 agreements have been stipulated.
The office of the Italian contact point for technical-operational emergencies connected to the occurrence of transnational cybercrime incidents, as established by the Cybercrime Convention signed in Budapest on November 23 2001, is also operational within CNAIPIC.
The contact point operates 24 hours on 24 and 7 days on 7, within the High Tech Crime network established under G7, and subsequently extended to the Council of Europe.
The network, currently made up of 86 countries, has as its primary purpose the prompt response to the so-called requests freezing of the data to the homologous structure, pending formalization via letter rogatory or MLAT.