Arrest of Stecco

Microphones were installed in two homes, one collective space, and several cars.^[3]

GPS trackers were installed on 12 cars.^[3]

A tracking device was installed on a bike that was suspected of being used by Stecco.

Cameras were installed:^[3]

• In front of six homes.
• In cars.
• Inside train stations, providing investigators with real-time access to footage of the stations, which the cameras already installed in the stations did not provide.

After arresting Stecco, investigators showed his picture and asked questions to many people living around the arrest site, which allowed them to find the house where Stecco allegedly lived.^[3]

Investigators analyzed CCTV footage from street cameras, train stations, highway toll booths, buses, and businesses to determine the movements of people under surveillance.^[3]

Investigators learned through a hidden microphone installed in a home that someone under surveillance would be traveling by train the next day.^[3] The next day, this person and another indeed traveled by train and a large number of surveillance operators were deployed to follow them. There were four operators on the train (two at each end) and two operators waiting at each intermediate station.

Investigators used the collaboration of mobile network operators to:^[3]

• Intercept the calls of more than 40 phones.
• Retroactively analyze the phone activity of 69 phones and one phone booth. In particular, once investigators thought they had found the general area where Stecco was living, they checked:
  • Whether any of the 69 phones had called a phone in the area in the past 6 years.
  • Whether Stecco had called a phone in the area in the 5 years before he went on the run.

Investigators used the collaboration of several companies:^[3]

• The Italian national railway manager (RFI) provided CCTV footage from train stations, lists of tickets purchased from ticket machines, and searches made on ticket machines, even when no tickets were purchased.
• The Italian national railway operator (FSI) provided a list of fines on five different lines and a list of all tickets purchased under a given name in previous months. FSI also enabled an “automated alert” system that would have notified investigators when tickets were purchased under the name.
• Banks provided:
  • The bank records of 59 people, which investigators analyzed to determine if they contained “suspicious” transactions that could indicate financial support for Stecco.
  • The bank records of an anarchist journal, which investigators requested after seeing someone read an issue of the journal in CCTV footage.
• The classified ads website subito.it provided the IP addresses used to log into an account.
• An email service provider provided data related to email addresses.

Investigators found the PIN code of the smartphone of someone under surveillance when a camera hidden in a car captured the person entering the code.^[3]

Investigators attempted to find the password of a Tails system through brute force using a software called “bruteforce-luks.”

Investigators attempted to install malware on the smartphone of someone under surveillance.^[3] They sent the person an SMS with a link. If the person had clicked on the link, the malware would have been installed, allowing investigators to listen to conversations through the smartphone's microphone. But the person did not click on the link, so the malware was not installed.