By Steve Scherer and Massimiliano Di Giorgio
ROME (Reuters) - Italian police arrested two siblings on Tuesday for hacking into the emails of European Central Bank President Mario Draghi, former Prime Minister Matteo Renzi and thousands of other accounts.
The Rome court ordered the arrest of Giulio Occhionero, 45, and his sister Francesca Maria Occhionero, 48, for stealing state secrets and illegal hacking. Lawyers representing the two could not be immediately reached.
"There were tens of thousands of email accounts hacked, and among them were accounts belonging to bankers, businessmen and even several cardinals in the Vatican," Roberto Di Legami, director of the specialised cyber police unit that conducted the investigation, told Reuters.
Giulio Occhionero, a nuclear engineer by training, developed the malware that infected the email accounts and allowed him access to all correspondence, Di Legami said.
The emails were probably used by Occhionero, who heads an investment firm called Westland Securities, "to make investments based on reserved information," Di Legami said.
Draghi's account at the Bank of Italy, where he was previously governor, and Renzi's account while he was prime minister were among those infected by the malware, according to the arrest warrant.
Draghi's ECB account was not listed as having been targeted in the warrant.
Spokesmen for Renzi and the ECB could not be immediately reached. The Bank of Italy, whose former Director General Fabrizio Saccomanni was also a victim, had no immediate comment.
Occhionero, which means black-eye in Italian, called his software "Eye Pyramid" in reference to the all-seeing eye of God like the one depicted on the back of the U.S. dollar bill.
"He was very obsessive in cataloguing the information," Di Legami said. A folder containing emails relating to a Masonic lodge was called "BROS" for "Brothers", while another regarding politicians was called "POBU" for "Politicians Business".
While most of the hacking appears to have been focused on the email accounts, there was evidence that he had managed to install a keylogger on some computers, allowing him to see every keystroke, Di Legami said.
According to the material already seized in Rome, some 18,000 accounts may have been hacked, and some 2,000 user passwords were found.
Former Prime Minister Mario Monti's accounts at Bocconi University, where he worked, and at the Senate also were targeted.
Vatican culture minister Cardinal Gianfranco Ravasi was another victim of the cyberattack. Cardinal Ravasi was not immediately available for comment.
Email addresses at important legal firms, accounting companies, labour unions, and even credit recovery groups were also put under control, according to the warrant.
Some "99 percent" of the data was stored in the United States, Di Legami said.
The Federal Bureau of Investigation, at the request of the Rome court, has seized the servers. They will be shipped back in coming days, but it will take some time before the information they contain can be analysed, he said.
(Additional reporting by Francesco Canepa in Frankfurt, and Philip Pullella and Stefano Bernabei in Rome; Editing by Isla Binnie and Richard Lough)