Cyber Incident Victim: mobilita.gov.it
Date:
Nov 2016
Location:
Italy
Summary
A hacker compromised an Italian government website via SQL injection, exposing credentials and personal data of approximately 45,000 users, with 9,000 entries publicly leaked to pressure administrators into addressing security flaws. The attacker reported unsuccessful attempts to contact authorities prior to disclosure, prompting criticism from security experts over the lack of initial response. Following the breach, administrators temporarily took the site offline to remediate vulnerabilities before restoring services. The incident mirrored similar intrusions by the same threat actor against other government entities globally, though unlike some affected nations, Italian officials did not publicly acknowledge the hacker’s actions or provide formal updates regarding the compromise.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On November 18, 2016, hacker Kapustkiy breached the Italian government website for the Dipartimento della Funzione Pubblica using a SQL injection attack, gaining access to a database containing approximately 45,000 user records. The compromised data included login credentials for services managed by Italian cities. Kapustkiy publicly disclosed approximately 9,000 records via Pastebin, stating this partial leak was intended to prompt authorities to address security vulnerabilities while limiting immediate damage. The hacker reported multiple unsuccessful attempts to contact website administrators via email prior to the disclosure, receiving no response to his warnings about the breach. This incident followed a pattern of Kapustkiy targeting government websites globally, including recent breaches at the Paraguay Embassy of Taiwan and multiple Indian embassies across Switzerland, Mali, Romania, Italy, Malawi, and Libya.
Italian authorities initially failed to respond to the breach reports or media inquiries, drawing criticism from security expert Andrea Rigoni, an adviser to NATO and various governments, who characterized the non-response as a significant oversight. Website administrators eventually took the affected system offline during the weekend following the disclosure to address vulnerabilities before restoring normal operations. The incident exposed sensitive user credentials and highlighted systemic communication failures within Italy's cybersecurity response protocols. Contrasting responses emerged internationally, with Indian officials publicly acknowledging Kapustkiy's embassy website breaches and thanking him for identifying security flaws while implementing fixes. No equivalent official statement or acknowledgment came from Italian authorities regarding the Dipartimento della Funzione Pubblica breach despite the confirmed data exposure and subsequent remediation efforts.