backtop


Print 8 comment(s) - last by DerMack.. on Jun 22 at 11:58 AM

Largest ransom totalled "several million" Euros

An intriguing pair of reports reveals that reveal Nokia Oyj. has been regularly blackmailed on security issues by former employees or outside hackers in the past decade.  And the company usually opted to pay up, in at least one case paying out several million Euro.
 
The new story comes shortly after a report by MTV Finland (yes, that MTV), which wrote:
 
Nokia paid millions of euros to a blackmailer to protect an encryption key of the Symbian phones. The extortion took place around the end of the year 2007.
...
When Nokia paid the money it was promised that the key will not be misused. It is not known how the key ended up in the hands of the blackmailer.
...
The situation, however, progressed rapidly, and the ransom payment was made in the Finnish city of Tampere. The money was left in a bag at a parking lot nearby Särkänniemi amusement park.
 
Then things went wrong. The blackmailer took the bag. Police, however, lost track of the blackmailer and the money was gone. 
 
At the time of the blackmailing, Nokia remained the smartphone market's dominant superpower with roughly half of smartphones sold running Symbian.
 
The Helsinki Times (Helsingin Sanomat) confirms and fleshes out that report with new details that range from amusing to eyebrow raising.  

Finland Ice Hockey
Finnish phonemaker Nokia left several million Euro in a hockey bag for its blackmailer.
[Image Source: Quacker Design]

Of the 2007 demand, it was reported that the blackmailer was suspected to be one of many Nokia's former employees (which doesn't exactly narrow the search given that tens of thousands of Finns had worked at the phonemaker) and that the extortionist made the unusual step of demanding Nokia donate a matching sum to charity.
 
Writes the paper, citing "two different sources":
 
Nokia believes the blackmailer to be a Finnish citizen who participated in the development of the user interface. The suspect was able to obtain the highly-classified encryption key due to a data security vulnerability.
 
According to well-informed sources, the suspect demanded that half of the ransom be delivered to a pre-determined location in cash and the other half donated to charity. Nokia, the sources tell, delivered the cash in an ice hockey equipment bag to the designated location in Tampere and made the donation.
 
"A well informed ex-Nokia employee" shares how the company's executives labored over the decision to pay the ransom:
 
The ransom demand was delivered to Nokia in English by e-mail, while the decision to comply with it was taken at the highest echelons of the company.
 
The paper also writes that "a former Nokia executive" shared with it that this was far from the first incident, albeit being much larger than most.  The Finnish news agency states:
 
Nokia received a number of similar, albeit less serious, demands for rewards from third parties for the detection of vulnerabilities in its software, hardware or services. Nokia often complied with the demands.
 
At least one of those other incidents is being looked into by Finland's National Bureau of Investigation (KRP) -- Finland's equivalent of the FBI.  The KRP continues to investigate the 2007-2008 incident of the Symbian key extortion attempt, as well.  It recently opened "a pre-trial investigation,” however; it is unclear whether the KRP is any closer to revealing the blackmailer's identity.  Without someone to charge, it's hard to have a trial.

Finland National Police Headquarters
Finnish National Bureau of Investigations and Police Headquarters [Image Source: Matti Tossavainen/Stad]
 
As for Nokia, one could certainly draw some humorous conclusions about its willingness to pay off petty extortion demands.  Nokia was heavily criticized for hiring former Microsoft Corp. (MSFT) software executive Stephen Elop as its CEO in Sept. 2010.  Mr. Elop denied being a "Trojan horse", but would three years later in Sept. 2013 deliver Nokia's profitable devices unit, gift wrapped to Microsoft for roughly $7.2B USD.  Many felt that Nokia caved too quickly to Microsoft's demands and sold the devices unit for less than it was worth.
 
On the flip side, Nokia's willingness to cooperate, whether with ransomers or (perhaps exploitive) OS partners has saved it to some extent, as others in similar situations have suffered far worse.  AOL and Sony Corp. (TYO: 6758) were among the companies that since 2000 paid billions for refusing to work with hackers and capitulate to their demands.  As a result both companies suffered extensive loss of customer data and service disruptions.  Compared to that, paying off a few million Euros isn't really that bad an outcome.

Nokia Store
Nokia is today once more profitable. [Image Source: Atmospheric Endeavors]
 
The reports are intriguing as we often hear rumors of corporate extortion of tech giants by hackers, but seldom due we hear it exposed in such explicit detail.
 
Nokia was likely targeted because it was Finland's top tech firm and was among the world's most profitable tech companies back in 2007.  Today it's smaller, but once again profitable.  And it should be wary of hackers and its legion of laid off former workers blackmailing it.  After all, not only does it clearly now once more have the money to pay, its history also suggests that it's willing to pay extortionists' demands.

Sources: MTV News Finland, Helsingin Sanomat (The Helsinki Times)



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

RE: This is a first
By Flunk on 6/19/2014 1:37:35 PM , Rating: 2
Probably assumed the cash would be marked or otherwise traceable. By forcing a donation to charity they ensure that Nokia will at least not have that money anymore. Maybe they just want to hurt the company, might as well go to charity in that case.

Who knows, what I will say is that if I was the hacker I wouldn't be spending any of that money any time soon without taking it to the laundry.


"If a man really wants to make a million dollars, the best way would be to start his own religion." -- Scientology founder L. Ron. Hubbard














botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki