ISP Telenor: Execs Laptops Emptied in Cyber Spy Operation

The Norwegian telecommunications firm Telenor told authorities in that country that a sophisticated cyber spying operation compromised the computers of leading executives and “emptied” them of sensitive information, including e-mail messages, computer files and passwords, according to a report Sunday by Aftenposten.

Telenor Logo
Norwegian ISP Telenor said that its executives were hacked in a case of cyber espionage.

Several executives of Telenor were the subjects of “extensive, organized industrial espionage,” the report said, quoting Telenor Norway’s director, Rune Dyrlie. The company has reported the incident to  Nasjonal sikkerhetsmyndighet – or NSM – Norway’s national security authority as well as Nor-CERT, Norway’s Computer Emergency Readiness Team and the cyber defense unit Cyberforsvaret.

“We take it very seriously by several bosses in Telenor stolen sensitive information. It is quite clear that those behind, got downloaded stolen information. There is no doubt that we have lost data,” Dyrlie told Aftenposten.

Dyrlie said that the company missed the initial infection, which used “new, customized software.” The first indication of a compromise came after automated monitoring software operated by Telenor’s secure operations center (SOC) spotted unusual traffic emanating from the computers of Telenor managers. That traffic was routed via systems in “a number of different countries.”

Dyrlie said the company can’t speculate on who is behind the attacks, but said the use of custom software suggests the attackers had “plenty of resources and a lot of expertise.” The attackers, he said, downloaded a wide range of data, making the exact target of the hack uncertain.

Headquartered in Fornebu, Norway, Telenor is one of the world’s largest wireless carriers with operations in Scandanavia, Eastern Europe and Asia. The company has 150 million subscribers, world-wide and 2011 revenue of just over $17 billion.

There have been wide-spread reports about attacks on sophisticated technology firms in recent weeks. Victims have included Facebook, Apple, Twitter and Microsoft. Those attacks included firms in the North America, as well as Europe, and used so-called watering hole web sites to lure high value employees into having their computers compromised in a drive by download attack. It is unclear whether there is any connection between those attacks and the Telenor breach.