Contactez-nous Suivez-nous sur Twitter En francais English Language

De la Théorie à la pratique

Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN



Criminal hacker group brought to trial for what may be Sweden’s largest-ever cybercrime fraud

September 2017 by Nixu Corporation

Criminals scammed millions from Swedish companies and authorities by hijacking computers. As reported widely in Swedish media on Monday September 18, 2017 a criminal hacker league has been charged with one of the biggest IT-based frauds in Swedish history. What makes the fraud unique is the severity and extent of the attack; a group of eight criminal hackers from Sweden and Poland has stolen 40 million Swedish kronor from 60 companies, authorities and municipalities; among the victims are several Swedish financial institutions and a political party. The preliminary investigation has been limited to SEK 40 million due to the maximum sentence value, but the scam most likely vastly exceeds that sum.

How the fraud worked and could it have been prevented?

The attackers gained access to the organization’s user IDs and passwords as well as an understanding of how the organization communicates by utilizing malicious files and remote administration tools. This information was then used in the social engineering part of the scam. The add-on of social engineering added to the success rate where users were tricked into clicking on links and/or malicious files which enabled the attackers to gain full access and lateral movement within the victim’s networks.

With the access gained by the criminal activity, attackers were able to redirect significant amounts of products such as IT equipment to alternative addresses. The scam pivoted over time to also include actual changes in financial systems to redirect payments to alternative accounts, hence leapfrogging the logistics side, transferring cash directly to specified accounts.

Jesper Svegby, CEO of Bitsec, part of the European cybersecurity company Nixu, comments that the fraud wasn’t very sophisticated technically but it was advanced in terms of the large scale and strategy. In addition, the attacks evolved over time to generate even better outcome for the criminals, so there was a long-term characteristic involved in the attack that lasted over a long period of time.

According to Jesper Svegby the attacks could have been successfully prevented and stopped, which was the case in many instances. Operations that had on-site control features to prevent malicious code and limited access to remote software had better chances to resist the criminal attack. Furthermore, businesses with a higher security awareness and incident readiness had better capabilities to identify the incidents, respond to them and mitigate them.

Cybersecurity calls for new approach throughout the society

The fraud is setting a new trend in terms of IT related crime, two worlds are converging which has created a significant impact. General company based fraud generating revenue through fake invoicing, tax fraud has in this case been merged with the IT-based crime scene by utilizing malware and weaknesses in systems and procedures to gain access to sensitive systems. The combination has enabled the perpetrators to manage the entire chain in the fraud in a very efficient and scalable manner.

"This is a new trend that we have been able to follow closely when supporting some of the companies exposed to this fraud", says Bitsec CEO Jesper Svegby.

"As society becomes increasingly digital, ensuring effective protection against this type of crime requires new approaches and structures from various parties in society. Organizations need to lift their information security to management and board level. In addition, society must realize its vulnerability and require more interaction within and between police, prosecutors and companies and organizations facing cyber-threats", summarizes Jesper Svegby.

The trial is set to begin on September 26th and is scheduled to run for approximately 55 days. The prosecutor is aiming for the maximum sentence of eight year’s imprisonment. The preliminary investigation is significant, involves as many as 13 prosecutors and has produced investigatory material exceeding 20,000 pages.

See previous articles


See next articles