Author: Andrea Monti

Posted on

Leonardo’s lesson

by Andrea Monti – originally published by Infosec.News

A note for the non-Italian readers: Leonardo is the biggest Italian defence contractor. Recently the company has discovered a massive information theft related to critical pieces of defence equipment, allegedly committed by two insiders. According to the prosecution, the exfiltration went on undisturbed for about two years before being discovered.

A great deal has already been said about the massive illegal exfiltration of data suffered by Leonardo, about the difference between the institutional narrative of cybersecurity and the dramatic situation of the Italian infosec, and about the regulatory superfetation burdening national security. However, something still lasts to be discussed: the less-than-proportional relationship between the members’ quantity of a structure and their “loyalty” to the structure itself. Continue reading “Leonardo’s lesson”

Posted on

SIM hijacking, security measures and bank’s liability

Threats change, but security measures to protect account holders do not. Can banks still blame users in case of frauds? by Andrea Monti – Originally published in Italian by Infosec News

One of the many recent cases reported by the press in Italy accounts for the umpteenth fraud committed against a bank account holder exploiting a SIM hijacking attack. Not even a week ago, I had to deal with a similar case, where through a social engineering attack, the scammers mislead the customer into giving them by telephone the OTP to finalise the fraudulent transaction.

In many cases, the victim manages to obtain a refund of the stolen amount, but in others the bank refuses, claiming the client’s negligence for not recognising the fraudulent nature of the criminal behaviour. In other words and rough terms: the bank does not pay for the outcomes of the stupidity or ignorance of the victim.

However, is that so? Continue reading “SIM hijacking, security measures and bank’s liability”

Posted on

Facebook and Telegram seizures reveal the problems that plague the online criminal investigations

by Andrea Monti – Originally published in Italian by Infosec.News

An article published on page 30 of IlSole24Ore of 11 November 2020 reports on the seizure-by-access-blocking of Facebook and Telegram by the Public Prosecutor’s Office of Naples. According to the newspaper, the Public Prosecutor’s Office ordered a “seizure-by-obscuration” of several domain names and a significant number of IPs.

The Guardia di Finanza (Italian tax police force) notified the magistrate’s decision to the operators and internet service providers. While the latter are executing the magistrate’s order, a further note from the Guardia di Finanza arrives asking them not to follow up the inhibition or in any case unblock sixty-six domain names, among which the first two are Facebook (it-it.facebook.com) and Telegram (t.me). Continue reading “Facebook and Telegram seizures reveal the problems that plague the online criminal investigations”

Posted on

Terrorism and the abuse of fundamental rights

Acts of terrorism in France and Austria call for reflection on the political and tactical use of human rights by States as an instrument of anti-terrorist propaganda. Is the exercise of fundamental freedoms put at risk in the name of realpolitik? The analysis of Andrea Monti, adjunct professor of Law and Order and Public Security, University of Chieti-Pescara – Originally published in Italian by Formiche.net

There is no way, at least for now, of knowing whether the murder of the French teacher Samuel Paty, the killing of three people in Nice and the massacre in Vienna are the execution of a global plan, or whether they are individual events, planned and carried out by individuals or criminal cells. We also ignore if the spark that triggered them is – once again – the satire of Charlie Hebdo (a fact certainly connected to the assassination of Samuel Paty, but not to the others). Continue reading “Terrorism and the abuse of fundamental rights”