Police uncover industrial espionage on huge scale

National security officers in Norway have uncovered what they say is the most wide-ranging theft of industrial data in the country’s history.

Ten serious cases of industrial espionage are being investigated, say officers of the Police Security Service, or PST, and the National Security Authority. The companies — some of which have had entire databases stolen — include firms from the defence and oil and gas sectors.

“This is an operation which has gone on for a long time and is still ongoing,” PST operations leader Tore Risberget told security conference-goers at Oslo Congress Centre on Wednesday.

Investigators reportedly described the methods used by spies to break through firewalls as “extremely advanced”, although information The Local has received suggests some industrial data has been stolen by simply inserting malicious memory sticks into the laptops of travelling company representatives.

“Whenever we go abroad, the whole hard disc has to be cleansed of spyware,” an IT worker in one of the industries targeted  told The Local.

The PST and NSM report the latest serious breach of industrial data security had only just happened, with secret contracts, industrial drawings, usernames and passwords the target.

The ten instances of computer espionage are just the tip of the iceberg, said Eiliv Ofigsbø of Norwegian Computer Emergency Response Team, or NorCERT, who also leads the NSM’s industrial espionage department. NorCERT maintains that many have likely already been robbed without knowing it, although the sophisticated nature of the attacks are similar enough to suspect they may be the work of a single perpetrator.

In each case, malicious virus code gets database data to stream out camouflaged by ordinary network traffic. All the attacks left similar clues, suggesting they originated at the same malicious code writer’s desk.

The attacks were said to occur at the point in contract negotiations when email exchanges reached fever pitch. Key people were then identified and their computer links to company databases hacked, in some cases for months.

“We have to assume they have taken large amounts of information,” Ofigsbøe told The Local.

“Anything else would be naïve.”

Member comments

Log in here to leave a comment.
Become a Member to leave a comment.