On 9 June, through our Twitter channel, we gave the news about the cyber attack that had hit the Municipality of Palermo. On that occasion we had limited ourselves to taking up the announcement made on its blog by the Vice Society ransomware group, without providing further details.
After reading the official press release published by Sispi (Palermo Innovation System), technological partner of the Sicilian Municipality, and the statements made to the media by Councilor Petralia (Youth Policies – Sport – Innovation – Functional relations with SISPI), we are wondered if things were exactly that way.
The only way to find out was to try to get in touch directly with Vice Society, the author of the cyber attack on the IT infrastructures of the Municipality of Palermo, in an e-mail we asked him a series of questions.
The answers provided by Vice Society tell another truth, a very different truth from that described in recent days by Sispi and the Municipality of Palermo.
According to the Vice Society, the intrusion into the IT structures of the Municipality of Palermo took place well before the date declared by Sispi in the press release issued on 9 June.
Vice Society claims that it has never sent e-mails to the URP, nor to other departments of the Municipality, nor to Sispi.
In an article in the online newspaper “la Repubblica” on 9 June that tells of the hacker attack, there is a quotation mark
The administration is certainly not dealing with a gang
this too, according to the Vice Society, is false. Instead, the ransomware group claims that, at least initially, there were negotiations.
Also in “la Repubblica” of 9 June a statement by Councilor Petralia is reported
[…] we do not know what data it is. What is certain, however, is that we all have the data in clear text, they have not been damaged. Certainly they may have been copied, there may have been violations, but certainly we have preserved them all […]
Another statement which, according to the Vice Society, does not correspond to the truth.
We asked the ransomware group about the amount of data stolen from servers while inside IT facilities and the data it provided, if real, is worrying.
But how did Vice Society enter the IT systems of Sispi and therefore also those of the Palermo Municipality? If what you are referring to are true, we should all be very seriously concerned.
Our questions to Vice Society:
SuspectFile (SF): Is it correct when Sispi declares that your intrusion into IT systems took place on June 2nd?
Vice Society (VS): Sispi are lying when they say the date and time. June 2, 6:30 is the date they woke up and saw that it was late. The real work was done much earlier and the sispi didn’t see anything for a long time.
SF: Do you confirm the sending of your e-amil to the Urp office where you claim the cyber attack and ask for the ransom?
VS: It’s a fake. We do not write to our partners first.
SF: If you can make it public, what figure has your group asked to avoid publishing the stolen data (data you started publishing today – June 11th editor’s note –)?
VS: The dialogue with the Municipality of Palermo was unproductive. They do not care about the security of their citizens’ data. This was demonstrated in their statements and Sispi’s attitude towards security and irresponsible network monitoring. The amount of money that Municipality of Palermo was willing to offer was ridiculous and there was no point in discussing it after which the dialogue was terminated.
SF: Can you confirm that you have not encrypted the data after exfiltrating it?
VS: They’re lying again. Over 70% of the data was encrypted. They could recover some of the data from the physical media, the rest would be permanently inaccessible. The municipal services will cite that they have problems with the database and ask you to provide personal data again to create a new database. You will see this in the near future. So you can provide any data you want, they can’t double-check it anyway 😉
SF: What is the total amount of data stolen during the cyber attack?
VS: About 350 Gb.
SF: What kind of data do you have?
VS: Documents are affected from various departments and divisions. You’re better off reading them on our website, the files are already available to everyone.
SF: Having hit a public institution, can you tell which way you used to get inside the IT systems of the Municipality?
VS: Unupdated server systems and a bad password policy were the cause.
SF: Could you still have control of the IT structures of the Municipality of Palermo at this time
VS: Yes, sure.
SF: Is the attack on the Municipality of Palermo, coinciding with today’s local elections, of a political nature?
VS: We are politically neutral. Your election is your election.
SF: Are there any Italian-speaking affiliates working with your group?
VS: Almost every country has its our people.
We have two substantially opposed truths, on the one hand the Municipality of Palermo and Sispi who claim to have refused any kind of dialogue, to have never opened any kind of negotiations with the hacker group and to have all the data in clear text. On the other Vice Society which denies any declaration made by Sispi and by the top management of the municipal administration.
What is certain is that a few days ago the ransomware group started publishing part of the data exfiltrated during the cyber attack, many of which refer to personal documents of citizens, municipal employees and Sispi such as identity cards, passports, health cards and medical reports.
We will update this article in case of new details or if we receive comments or requests for denials.
Il 9 giugno, attraverso il nostro canale Twitter, avevamo dato la notizia sull’attacco informatico che aveva colpito il Comune di Palermo. In quell’occasione ci eravamo limitati a riprendere l’annuncio dato sul proprio blog dal gruppo ransomware Vice Society, senza fornire ulteriori dettagli.
Dopo aver letto il comunicato ufficiale pubblicato dal Sispi (Sistema Palermo Innovazione), partner tecnologico del Comune siciliano, e le dichiarazioni rese agli organi d’informazione dall’Assessore Petralia (Politiche Giovanili – Sport – Innovazione – Rapporti funzionale con SISPI), ci siamo chiesti se le cose stavano esattamente in questo modo.
L’unico modo per scoprirlo era di cercare di mettersi in contatto direttamente con Vice Society, l’autore dell’attacco informatico alle infrastrutture IT del Comune di Palermo, in una e-mail gli abbiamo posto una serie di domande.
Le risposte che ci ha fornito Vice Society raccontano un’altra verità, una verità ben diversa da quella descritta nei giorni scorsi dal Sispi e dal Comune di Palermo.
Secondo Vice Society l’intrusione all’ìnterno delle strutture IT del Comune di Palermo è avvenuta ben prima della data dichiarata dal Sispi all’interno del comunicato rilasciato il 9 giugno.
Vice Society afferma di non aver mai inviato e-mail né all’URP, né ad altri dipartimenti del Comune, né al Sispi.
In un articolo del quotidiano online “la Repubblica” del 9 giugno che racconta dell’attacco hacker, è presente un virgolettato
L’amministrazione non si mette di certo a trattare con una gang
anche questo, secondo Vice Society, è falso. Il gruppo ransomware afferma invece che, almeno inizialmente, delle trattative ci sono state.
Sempre su “la Repubblica” del 9 giugno viene riportata una dichiarazione dell’Assessore Petralia
[…] non sappiamo di che dati si tratti. Quel che è certo però è che noi i dati li abbiamo tutti in chiaro, non sono stati danneggiati. Possono essere stati copiati certo, possono esserci state delle violazioni, ma certamente noi li abbiamo preservati tutti […]
Altra dichiarazione che, secondo Vice Society, non corrisponde al vero.
Abbiamo chiesto al gruppo ransomware la quantità di dati sottratti dai server durante la permanenza all’interno delle strutture IT e il dato che ci ha fornito, se reale, è preoccupante.
Ma come è entrato Vice Society nei sistemi informatici del Sispi e quindi anche in quelli del Comune palermitano? Se quanto riferitoci dovesse corrispondere al vero, dovremmo preoccuparci tutti molto seriamente.
Le nostre domande a Vice Society:
SuspectFile (SF): Is it correct when Sispi declares that your intrusion into IT systems took place on June 2nd?
Vice Society (VS): Sispi are lying when they say the date and time. June 2, 6:30 is the date they woke up and saw that it was late. The real work was done much earlier and the sispi didn’t see anything for a long time.
SF: Do you confirm the sending of your e-amil to the Urp office where you claim the cyber attack and ask for the ransom?
VS: It’s a fake. We do not write to our partners first.
SF: If you can make it public, what figure has your group asked to avoid publishing the stolen data (data you started publishing today – June 11th editor’s note –)?
VS: The dialogue with the Municipality of Palermo was unproductive. They do not care about the security of their citizens’ data. This was demonstrated in their statements and Sispi’s attitude towards security and irresponsible network monitoring. The amount of money that Municipality of Palermo was willing to offer was ridiculous and there was no point in discussing it after which the dialogue was terminated.
SF: Can you confirm that you have not encrypted the data after exfiltrating it?
VS: They’re lying again. Over 70% of the data was encrypted. They could recover some of the data from the physical media, the rest would be permanently inaccessible. The municipal services will cite that they have problems with the database and ask you to provide personal data again to create a new database. You will see this in the near future. So you can provide any data you want, they can’t double-check it anyway 😉
SF: What is the total amount of data stolen during the cyber attack?
VS: About 350 Gb.
SF: What kind of data do you have?
VS: Documents are affected from various departments and divisions. You’re better off reading them on our website, the files are already available to everyone.
SF: Having hit a public institution, can you tell which way you used to get inside the IT systems of the Municipality?
VS: Unupdated server systems and a bad password policy were the cause.
SF: Could you still have control of the IT structures of the Municipality of Palermo at this time
VS: Yes, sure.
SF: Is the attack on the Municipality of Palermo, coinciding with today’s local elections, of a political nature?
VS: We are politically neutral. Your election is your election.
SF: Are there any Italian-speaking affiliates working with your group?
VS: Almost every country has its our people.
Abbiamo due verità sostanzialmente contrapposte, da una parte il Comune di Palermo e il Sispi che affermano di aver rifiutato ogni tipo di dialogo, di non aver mai aperto nessun tipo di negoziazioni con il gruppo di hacker e di avere tutti i dati in chiaro. Dall’altra Vice Society che smentisce ogni dichiarazione fatta dal Sispi e dai vertici dell’Amministrazione comunale.
Quello che invece è certo è che da alcuni di giorni il gruppo ransomware ha iniziato a pubblicare parte dei dati esfiltrati durante l’attacco informatico, molti dei quali fanno riferimento a documenti personali di cittadini, dipendenti comunali e del Sispi come carte di identità, passaporti, tessere sanitarie e referti medici.
Aggiorneremo questo articolo in caso di nuovi dettagli o se ci perverranno commenti o richieste di smentite.