What did the 108‑page Italian arrest warrant related to Leonardo actually allege, and how was it misinterpreted?
Executive summary
The 108‑page Italian arrest warrant describes an insider cyber‑theft at defense contractor Leonardo between 2015 and 2017 in which suspects allegedly installed malware on company machines, exfiltrated engineering and corporate files and impeded the inquiry — it does not allege interference in the 2020 U.S. presidential election or name U.S. embassy personnel or the Italian general later invoked in online conspiracies [1] [2] [3]. Conspiracy claims that the warrant proves an “Italy did it” vote‑switching plot stem from misreadings, missing context and add‑on testimony circulated outside the warrant, which Reuters and Naples prosecutors have treated as unsubstantiated [3] [4].
1. What the warrant actually alleges: an insider APT that stole IP and corporate data
Italian prosecutors say the investigation uncovered a targeted, persistent attack inside Leonardo in which malware was installed on dozens of workstations and used to silently exfiltrate significant quantities of company data — investigators point to 94 compromised computers, about 33 at the Pomigliano plant, and roughly 10 gigabytes (about 100,000 files) of administrative, HR, procurement and design material taken over a period from 2015–2017 [5] [2] [6].
2. The legal charges and internal obstruction described in the warrant
The arrest warrant and public statements record allegations including abusive access to computer systems, unlawful interception of electronic communications and unlawful processing of personal data; prosecutors also placed the head of Leonardo’s Cyber Emergency Readiness Team under house arrest on suspicion of manipulating evidence and misleading investigators to hinder the probe [5] [1] [7].
3. What the warrant does not say — key omissions that matter
Careful review of the 108‑page document shows it does not include claims that Leonardo hackers altered U.S. votes, nor does it name the U.S. foreign service officer or Italian general later cited in social‑media narratives; those specific persons and the allegation of election meddling are absent from the warrant itself [3] [4]. Reuters reports and Naples police officers told reporters that D’Elia’s interrogation made no reference to a plot to affect the U.S. election and that prosecutors view the wider conspiracy theory as likely baseless [3].
4. Where the misinterpretation came from — testimony, seized material and outside amplification
The conspiracy narrative grew when snippets of testimony, unauthenticated recordings and commentary were reassembled by online promoters to claim a grand scheme; these additions were not part of the warrant’s documented facts and were amplified by partisan and fringe outlets despite Reuters’ fact‑checking that the warrant itself does not substantiate the election‑meddling claims [8] [4] [3].
5. Alternative explanations and motives worth noting
Mainstream reporting and technical analyses frame this as an intellectual‑property and insider‑threat case — motives alleged in the warrant point to theft of competitive designs and corporate data rather than geopolitically targeted election interference [2] [6]. At the same time, observers should note the political utility of turning a complex cybercrime case into a dramatic election conspiracy: it serves actors seeking to erode trust in institutions and to mobilize partisan audiences by connecting unrelated facts into a sensational narrative [3] [4].
6. Limits of available reporting and what remains unanswered
The sources reviewed provide clear detail about the scope of the alleged intrusion, the charges and the absence of election‑tampering language in the warrant, but do not include the full text of the 108 pages here nor public release of all investigative exhibits; thus reporting must stop short of certifying every line of the warrant and cannot adjudicate claims based on outside recordings or later, unverified testimony not contained in the arrest document [3] [2].