Print 8 comment(s) - last by DerMack.. on Jun 22 at 11:58 AM

Largest ransom totalled "several million" Euros

An intriguing pair of reports reveals that reveal Nokia Oyj. has been regularly blackmailed on security issues by former employees or outside hackers in the past decade.  And the company usually opted to pay up, in at least one case paying out several million Euro.
The new story comes shortly after a report by MTV Finland (yes, that MTV), which wrote:
Nokia paid millions of euros to a blackmailer to protect an encryption key of the Symbian phones. The extortion took place around the end of the year 2007.
When Nokia paid the money it was promised that the key will not be misused. It is not known how the key ended up in the hands of the blackmailer.
The situation, however, progressed rapidly, and the ransom payment was made in the Finnish city of Tampere. The money was left in a bag at a parking lot nearby Särkänniemi amusement park.
Then things went wrong. The blackmailer took the bag. Police, however, lost track of the blackmailer and the money was gone. 
At the time of the blackmailing, Nokia remained the smartphone market's dominant superpower with roughly half of smartphones sold running Symbian.
The Helsinki Times (Helsingin Sanomat) confirms and fleshes out that report with new details that range from amusing to eyebrow raising.  

Finland Ice Hockey
Finnish phonemaker Nokia left several million Euro in a hockey bag for its blackmailer.
[Image Source: Quacker Design]

Of the 2007 demand, it was reported that the blackmailer was suspected to be one of many Nokia's former employees (which doesn't exactly narrow the search given that tens of thousands of Finns had worked at the phonemaker) and that the extortionist made the unusual step of demanding Nokia donate a matching sum to charity.
Writes the paper, citing "two different sources":
Nokia believes the blackmailer to be a Finnish citizen who participated in the development of the user interface. The suspect was able to obtain the highly-classified encryption key due to a data security vulnerability.
According to well-informed sources, the suspect demanded that half of the ransom be delivered to a pre-determined location in cash and the other half donated to charity. Nokia, the sources tell, delivered the cash in an ice hockey equipment bag to the designated location in Tampere and made the donation.
"A well informed ex-Nokia employee" shares how the company's executives labored over the decision to pay the ransom:
The ransom demand was delivered to Nokia in English by e-mail, while the decision to comply with it was taken at the highest echelons of the company.
The paper also writes that "a former Nokia executive" shared with it that this was far from the first incident, albeit being much larger than most.  The Finnish news agency states:
Nokia received a number of similar, albeit less serious, demands for rewards from third parties for the detection of vulnerabilities in its software, hardware or services. Nokia often complied with the demands.
At least one of those other incidents is being looked into by Finland's National Bureau of Investigation (KRP) -- Finland's equivalent of the FBI.  The KRP continues to investigate the 2007-2008 incident of the Symbian key extortion attempt, as well.  It recently opened "a pre-trial investigation,” however; it is unclear whether the KRP is any closer to revealing the blackmailer's identity.  Without someone to charge, it's hard to have a trial.

Finland National Police Headquarters
Finnish National Bureau of Investigations and Police Headquarters [Image Source: Matti Tossavainen/Stad]
As for Nokia, one could certainly draw some humorous conclusions about its willingness to pay off petty extortion demands.  Nokia was heavily criticized for hiring former Microsoft Corp. (MSFT) software executive Stephen Elop as its CEO in Sept. 2010.  Mr. Elop denied being a "Trojan horse", but would three years later in Sept. 2013 deliver Nokia's profitable devices unit, gift wrapped to Microsoft for roughly $7.2B USD.  Many felt that Nokia caved too quickly to Microsoft's demands and sold the devices unit for less than it was worth.
On the flip side, Nokia's willingness to cooperate, whether with ransomers or (perhaps exploitive) OS partners has saved it to some extent, as others in similar situations have suffered far worse.  AOL and Sony Corp. (TYO: 6758) were among the companies that since 2000 paid billions for refusing to work with hackers and capitulate to their demands.  As a result both companies suffered extensive loss of customer data and service disruptions.  Compared to that, paying off a few million Euros isn't really that bad an outcome.

Nokia Store
Nokia is today once more profitable. [Image Source: Atmospheric Endeavors]
The reports are intriguing as we often hear rumors of corporate extortion of tech giants by hackers, but seldom due we hear it exposed in such explicit detail.
Nokia was likely targeted because it was Finland's top tech firm and was among the world's most profitable tech companies back in 2007.  Today it's smaller, but once again profitable.  And it should be wary of hackers and its legion of laid off former workers blackmailing it.  After all, not only does it clearly now once more have the money to pay, its history also suggests that it's willing to pay extortionists' demands.

Sources: MTV News Finland, Helsingin Sanomat (The Helsinki Times)

Comments     Threshold

This article is over a month old, voting and posting comments is disabled

This is a first
By BRB29 on 6/19/2014 1:03:11 PM , Rating: 4
this is the first time i heard someone wants ransom and charity money. Is this his/her way of feeling better about this? Sometimes, i eat some spinach after a double whopper.

RE: This is a first
By tng on 6/19/2014 1:15:21 PM , Rating: 2
After spending a January in Finland working at one of Nokia's buildings in the Helsinki area, I can tell you that hackers there are rampant.

Normally I would leave my laptop connected to the internet and my browser closed unless I was using it. About every 5 to 10 minutes my firewall would reject a attempted hack on my computer. It was so bad that I just disconnected it until I needed to get online.

Granted there really is not much else to do that time of year, the sun comes up at 9:30AM and has set by 3:30PM, most days it snowed all day and going outside was kept to very brief periods. So I can see some script kiddies that really have no other source of entertainment there.

RE: This is a first
By Flunk on 6/19/2014 1:37:35 PM , Rating: 2
Probably assumed the cash would be marked or otherwise traceable. By forcing a donation to charity they ensure that Nokia will at least not have that money anymore. Maybe they just want to hurt the company, might as well go to charity in that case.

Who knows, what I will say is that if I was the hacker I wouldn't be spending any of that money any time soon without taking it to the laundry.

RE: This is a first
By CaedenV on 6/19/2014 2:00:51 PM , Rating: 2
Thieves often give to charities. Many times the first charge on a stolen credit card will be a donation to a known nonprofit (sadly never one I work for) in order to verify that the card is in good working order. It is one of those things where banks don't want the bad press of denying distribution of funds to a worthy cause, and thieves need to make sure that the card works before making other purchases.

In this case I am sure it is different. If I were a crook (swear I am not) I could see where I would want to do serious damage to a company, but would not want the liability and work of cleaning that much cash all in one go. I would get my revenge, a (hopefully) worthy cause would get most of the money, and the company would take half of the burden of hiding the money for me so that I would have less money to clean/launder, while still having plenty to last me a while.

Or perhaps it is a much more practical reason: Maybe the people involved in the investigation would look less hard if the money was funneled to a charity that the investigators were tied to? Maybe someone else with a bad history with the company was involved with the charity and this was to throw the scent off of the real criminal? Maybe the criminal is a firm believer in Karma?

God knows there are plenty of good and bad reasons to give to charity, and most charities can use the money just as well no matter the intent of the giver.

RE: This is a first
By tng on 6/19/2014 2:21:56 PM , Rating: 2
I would have less money to clean/launder, while still having plenty to last me a while.

Well it is Europe and from Helsinki you could get a ferry to Tallinn in Estonia where there are plenty of organizations that would happily launder cash for you.

Europe is very open and since the payment was made in Euros, they could have spent small amounts of it throughout Europe on a driving vacation. Small bills at remote locations that would take weeks to show up anywhere they could be identified...

RE: This is a first
By Piiman on 6/21/2014 10:44:05 AM , Rating: 2
" and thieves need to make sure that the card works before making other purchases."

Why? Whats the difference? NONE! Just buy something damn it!
If it doesn't work it doesn't work using it to donate doesn't make it magically work. Duh.

By Mint on 6/19/2014 1:43:39 PM , Rating: 2
I figured a wire to an anonymous bank account is the preferred way of doing things, but I suppose those don't truly exist nowadays.

I wonder if we'll see drone handoffs soon. Seems inevitable to me.

By DerMack on 6/22/2014 11:58:55 AM , Rating: 2
Just wanted to clear that one a bit. Back in the day MTV3 used to be the commercial nation wide TV-channel over here, there were 2 channels run by Finnish Broadcasting Company (YLE) and this 3rd one was the commercial alternative. Since then they have dropped the number 3 and expanded into other mediums...

"If a man really wants to make a million dollars, the best way would be to start his own religion." -- Scientology founder L. Ron. Hubbard

Most Popular ArticlesFree Windows 10 offer ends July 29th, 2016: 10 Reasons to Upgrade Immediately
July 22, 2016, 9:19 PM
Top 5 Smart Watches
July 21, 2016, 11:48 PM

Copyright 2016 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki