UPDATED: Norway’s national security authorities are sounding alarms over the amount of serious hacker attacks on local companies. The hackers have broken into their computer systems at least 103 times, and that just counts the most serious attacks that have been reported.
Telenor was among the hardest hit in what authorities now describe as the biggest and most sophisticated hacker attack ever in Norway. Top Telenor executives were the carefully selected targets last year of industrial espionage that resulted in the theft of sensitive documents and personal information on three continents.
Newspaper Dagens Næringsliv (DN) reported details of the attack and follow-up investigations into it for the first time over the weekend. The attack was discovered by the company’s own Telenor Security Operations Centre and was launched in what authorities say is the most common method – via e-mails with various types of attachments containing a virus. Since the e-mail looked like it came internally from colleagues, Telenor executives were tricked into opening the attachments that in turn infected their machines.
Ties to the NSA
Kristin V Tønnessen, information chief at Telenor, said the company’s security officials discovered the attack when automatic monitoring systems picked up unusually high traffic from the executives’ machines to unknown IP addresses. The attack, which DN reported bears similarities to another against a Swiss consulting firm, remains under investigation by Norwegian authorities.
DN’s lengthy and detailed report on the Telenor attack also revealed results of private investigations that so far have uncovered links to firms and servers in Sweden, Romania, the Netherlands, Pakistan and India, where an allegedly involved data security firm led the investigators to an American computer expert tied to the National Security Agency (NSA) who has since disappeared. The US Department of Homeland Security denied involvement. The NSA declined comment.
Overall security ‘not good enough’
Marius Kjeldahl, security expert for the national security agency NSM (Nasjonal sikkerhetsmyndighet), said Norwegian companies are subject to hacking attacks almost every day, but most aren’t what he called “very advanced.” The vast majority don’t succeed, he said, “but if someone really wants to break into a system and has the competence and resources available, they will, as a rule, succeed in the end,” Kjeldahl told DN, as they did in the Telenor case.
While it can be difficult if not impossible to defend a company against such sophisticated attacks as that against Telenor, Kjedal claims that most companies have “a long way to go” in improving their computer security. “My personal opinion is that security isn’t good enough at the majority of companies,” Kjeldahl said. “They do a good job securing Internet access and firewalls, but beyond that, much too little is done.”
Most of the attacks involve stocklisted companies, but NSM won’t identify them. Few of the companies are willing to disclose attacks either, or comment on the security threats they face.
NSM conducts security tests at a wide range of companies every year, with alarming results. “It’s possible to break into the majority of computer systems that are connected to the Internet, if the resources and will are great enough,” Kjeldahl said. “The challenges grow in line with the size of the company.”
In some cases, hackers have paraded as cleaning crews, electricians or other craftsmen, to gain physical access to the companies’ offices. That in turn can give them access to computer systems. In other cases, employees are sent free memory pins or other USB “toys” that they plug in to the companies’ machines. In the worst cases, attackers can gain control over the machines. E-mail, though, remains the biggest liabiity and most common entry point for computer criminals
Einar Stangvik, a computer expert who has revealed cases of hacking, told DN that it’s “frighteningly simple to break into the data bases of Norwegian stocklisted companies, and gain access to accounts and other stock-sensitive information.” In one case from 2007, a draft of a quarterly report for Norwegian industrial firm Norsk Hydro circulated for more than a week before Hydro reported its results. The company has since sharpened its security and conducted an external investigation into the incident.
“It didn’t result in any clear answer as to how Hydro’s report could have come out, but external lawyers and regulators made several recommendations for hindering new leaks,” Halvor Molland, Hydro’s information director, told DN. “We take computer security seriously and monitor our networks closely.”