Unprecedented hack attacks on Norwegian firms

OSLO — The biggest wave of hacking and espionage attacks in Norway’s history has hit key defence and energy companies, the National Security Agency (NSM) said Friday. At least 10 companies have over the past year fallen victim to hackers in a string of attacks believed to be the work of one group, the NSM said in a statement. "We have to suppose that the actual number (of victims) is much higher, but that many (companies) have not been in contact" with authorities, the agency said. The security agency said it was difficult to track down the perpetrators, who used servers based abroad for their attacks, refusing to point fingers at any suspects. "This is the first time that a hacking campaign of this magnitude has been detected in Norway," NSM spokesman Kjetil Berg Veire told AFP. The hackers in each case tried to gain access to the corporate network by sending seemingly legitimate emails to specific people, along with a well-concealed virus handing them remote access to the computer in question, according to the agency. But each attack was "tailored" for the specific company, making it possible to escape detection by anti-virus programmes, it said. The main targets of the attacks were companies in the oil, gas and overall energy sector, as well as in defence. The names of the targeted companies were not divulged. "The attacks have on several occasions come when the companies have been involved in large-scale contract negotiations," NSM said. The attacks had allowed the hackers to gain access to documents, industrial charts, usernames and passwords. According to Berg Veire, however, it is impossible to quantify the possible losses, as an overview of what had been taken was lacking. A US intelligence report released earlier this month branded the Chinese the world’s "most active and persistent perpetrators" of economic espionage. "US private sector firms and cybersecurity specialists have reported an onslaught of computer network intrusions that have originated in China, but the (US intelligence community) cannot confirm who was responsible," said the intelligence report.