Telenor reports industrial espionage

Bookmark and Share

Norwegian telecoms firm Telenor has, for the the first time, reported a case of serious industrial espionage to the national police unit Kripos. Newspaper Aftenposten reported Sunday that high tech-spies managed to infiltrate Telenor’s extensive security network and empty the contents of top executives’ personal computers.

Companies and other victims of computer hacking are often reluctant to publicly report attacks or go to the police with complaints. The new attack on Telenor, however, was apparently so disturbing and potentially damaging that the company opted to file police charges on Friday. Telenor has also notified Norway’s national security authority (Nasjonal sikkerhetsmyndighet, NSM) via Nor-CERT and the cyber defense unit Cyberforsvaret.

“It’s completely clear that those behind (the attack) were able to download information,” Rune Dyrlie, security director for Telenor Norge, told Aftenposten. “There’s no doubt we have lost data.”

Alerted by abnormal traffic
The industrial espionage was discovered when Telenor’s Security Operation Center in Norway registered unusual Internet traffic from the personal computers of several Telenor executives. The high-tech spies reportedly emptied the executives’ machines of e-mail, all types of computer files, passwords and other personal data. Aftenposten reported that the hackers also managed to take over remote control of the machines.

State-controlled Telenor has around 31,000 employees worldwide and generated NOK 101.7 billion (USD 18 billion) in revenues from its telecommunications operations, mostly in Europe and Asia. That makes it one of the world’s leading telecoms firms, especially in mobile operations, and it has a relatively large division devoted to security. Nearly 20 full-time employees monitor Internet traffic to and from the company and they were alarmed when their surveillance systems discovered abnormal traffic from the Telenor executives’ machines to unknown IP-addresses via several countries.

Asked how even Telenor, with all its resources and expertise, could be a victim of such industrial espionage, Dyrlie stressed that the attack was discovered quickly “and we succeeded in halting further criminal activity.” He said Telenor has taken precautions to prevent such attacks.

‘Huge challenge’
“But in this area we’re steadily getting new threats,” he told Aftenposten, adding that the recent attack used “new, tailor-made programs” that were unknown. “It looks like those who were behind this have massive resources and a lot of competence,” Dyrlie said. “It’s a huge challenge to get to the bottom of this. No matter what you do, you have to have systems that monitor the systems to watch for abnormalities.”

Telenor wouldn’t identify the executives targeted in the attack but it reportedly began with them receiving e-mail with so-called ZIP files that, when opened, installed hidden “trojans” on their machines with malicious coding that emptied information and sent it out. Some of the executives also received e-mail with links to a web address, with several of the e-mails involved appearing to come from trusted contacts with names and addresses, and even from Telenor colleagues.

Dyrlie said Telenor couldn’t identify what information the spies were actually targeting, saying it was common for them to download lots of different information to disguise what they really were after. “Therefore we don’t want to offer any opinions on who was behind this,” he said, or what they wanted.

Spying and hacking have been identified as among the biggest threats facing both state institutions and private companies, with Norway’s police intelligence unit PST (Politiets sikkerhetstjeneste) issuing a formal warning earlier this year. Companies and media outlets are believed to be under routine attack and even the Norwegian Nobel Institute was hit by hackers shortly after the Norwegian Nobel Committee awarded the Nobel Peace Prize to Chinese dissident Liu Xiaobo in 2010. The number of cases of serious industrial espionage is believed to have doubled in the past year. Government ministries have also been hit, and two state employees responsible for security were forced to resign.

Views and News from Norway/Nina Berglund

Please support our news service. Readers in Norway can use our donor account. Our international readers can click on our “Donate” button: