Hackers strike world’s largest sovereign wealth fund

The $10 million attack shows the risk of cybercrime

It’s better known as being the world’s largest wealth fund, managing an estimated $1 trillion of assets created off the back of Norway’s vast oil reserves earning plenty of money on the markets. But Norfund is also the latest victim of a major cyberattack that has made the fund’s reserves a little lighter.

The fund has admitted that it has suffered what it calls “an advance data breach,” which has lost it $10 million of its cash reserves, equivalent to 100 million Norwegian kroner.

“We are now cooperating closely with the police and other relevant authorities to get a full overview of the situation and to pursue and protect our interests,” the fund explains. “We have already introduced measures to strengthen our routines and halted all payments.”

What happened?

The fund themselves aren’t 100% sure how they managed to lose the vast amount of money. However, the phrasing of the blogpost detailing the fraud indicates that it may have been some sort of compromised email account.

“The defrauders manipulated and falsified information exchange between Norfund and the borrowing institution over time in a way that was realistic in structure, content and use of language,” the fund explains. In addition to emails, documents and payment details were also falsified.

The result was that a loan worth $10 million, which was meant to be destined for a microfinance company in Cambodia, ended up in a Mexican bank account. The incident took place on 16 March, and was reported publicly two months later. Police and investigators have been informed, and are trying to ascertain where the money went.

Lessons to be learned

“This is a grave incident,” says Norfund CEO Tellef Thorleifsson. “The fraud clearly shows that we, as an international investor and development organisation, through active use of digital channels are vulnerable. The fact that this has happened shows that our systems and routines are not good enough.” 

Thorleifsson said the fund was taking action to correct the vulnerabilities that had been taken advantage of, and was treating it as an immediate and serious priority. 

The reason the fund went public about being defrauded out of the money was to try and raise awareness of the issue, and to drum up interest in the investigation in the hope of bringing out any leads. "Norfund hopes that by being open about this incident we can contribute to reducing the risk of others being victims of similar fraudulent activities," the company explained.

An increasingly large problem

Fraud of this type – with potentially massive bounties for the cybercriminals who conduct it – is becoming an increasingly large problem. It’s not just in Norway that this kind of routing or spoofing incidents take place, but Norfund is working with authorities there to try and ascertain what happened. 

The fund didn’t announce the issue publicly before now because of advice from police that it would hinder their initial lines of inquiry throughout the investigation, but decided to be open about it in order to warn others.

That’s been welcomed by authorities. Terje A. Fjeldvær, head of fraud prevention at DNB, Norway’s biggest bank, which runs the account from where the money was taken, has said that “Fraud cases of this kind are performed by very sophisticated criminals. With access to e-mail communication between two parties, they can familiarize themselves with how the parties correspond. The payments they initiate therefore deviate very little from ordinary payments performed by the victimized company and become very hard to detect and prevent.”