There's Norway you're going to believe this: Government investment fund conned out of $10m in cyber-attack

Police pining to drop the Lillehammer on crooks

Got Tips? 10 Reg comments
Sunnylvsfjorden Fjord in Norway with a cruise ship

Updated The Norwegian Investment Fund has been swindled out of $10m (£8.2m) by fraudsters who pulled off what's been described as "an advanced data breach."

Norfund – which is the Norwegian government's funding vehicle for developing countries – said a hacker was able to manipulate the organization into routing a loan intended for a Cambodian microfinance organization into an account controlled by the crooks. As a result, in March, 100m Kroner was lost.

The investment fund said the money appears to have been diverted from the organization in Cambodia to Mexico. Local and international police have been brought in to investigate the matter.

Details of the cyber-attack are scant. It may be a bog-standard business email compromise attack, in which a miscreant hijacks an email account to impersonate an employee or official to redirect cash meant for the Cambodian company to another bank account. Alternatively, it could have been something more intrusive.

"The defrauders manipulated and falsified information exchange between Norfund and the borrowing institution over time in a way that was realistic in structure, content and use of language," Norfund said on Wednesday of the heist. "Documents and payment details were falsified."

Again, this may be a generous way of saying someone got tricked into sending money into the wrong account with some forged invoices, or bogus emails, and poor invoice control.

FinCEN_logo

Email scammers extract over $300m a month from American suits' pockets

READ MORE

Despite Norfund's considerable wealth, the Norwegians aren't going to let this one slide. CEO Tellef Thorleifsson is promising swift action to prevent the organization from getting conned again – they are going to go viking on this one.

"This is a grave incident. The fraud clearly shows that we, as an international investor and development organisation, through active use of digital channels are vulnerable," he said.

"The fact that this has happened shows that our systems and routines are not good enough. We have [to] take immediate and serious action to correct this."

In addition to getting the cops involved, Norfund said it is working with the Norwegian Ministry of Foreign Affairs and its bank, DNB, to track down the thief and get the money back. PwC is also being called in to do an evaluation for the IT security setup at the fund.

"Norfund hopes that by being open about this incident we can contribute to reducing the risk of others being victims of similar fraudulent activities," the investment firm said.

As embarrassing as it is to fall victim to these sort of scams, Norfund is hardly alone. Business email compromise, if that is at the heart of this affair, is a multi-billion dollar industry and only getting worse.

The scam is simple, but deadly efficient. The con artist spear-phishes a specific person at the organization and then tricks other people there into sending payments to a new account rather than the intended company or organization. Because the payments are otherwise legitimate and authorized, the victims usually don't catch on until it's too late.

For example, last year a city government in Colorado got tricked into handing a scammer $1m for what it thought were construction costs, and a school district in Texas was duped into handing miscreants $2.3m through multiple fraudulent transactions. ®

Editor's note: This story was corrected after publication to make clear Norfund is the Norwegian government's investment fund for developing countries, and not the government's Pension Fund Global, which is the world’s largest sovereign wealth fund worth $1tn, as we earlier reported. We regret the error.

Sponsored: Webcast: Ransomware has gone nuclear

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER


Biting the hand that feeds IT © 1998–2020