Slashdot Mirror

← Back to Stories (view on slashdot.org)

Cyber-Scammers Steal €50 Million From Austrian Airplane Manufacturer (softpedia.com)

Posted by samzenpus on from the worst-practices dept.

An anonymous reader writes: FACC Operations GmbH, an Austrian company that produces various airplane parts for companies like Airbus and Boeing, has announced a cyber-incident during which cyber-fraudsters managed to steal around €50 million from their bank accounts. While CEO Fraud attacks manage to steal a few thousand dollars here and there, never has a company lost so much cash liquidity in one incident. Stock price took a tumble immediately.

11 of 39 comments (clear)

  1. Or Maybe.... by Anonymous Coward · · Score: 2, Insightful

    Something tells me it was an inside job and they just blamed it on a hack. Seems like a great way to get away with snagging 54+ million dollars and getting away with it.

    1. Re:Or Maybe.... by Sique · · Score: 4, Informative

      It was an inside job, their first announcement was, that it was a suspected hack, and that they sent their collected data so far to a cyber incidence response center, and later determined it must have been an inside job. This is the (german) article from a leading Austrian newspaper about the incident from yesterday morning: FACC article. Feel free to use your favorite online translation service if your german is not good enough.

      --
      .sig: Sique *sigh*
    2. Re:Or Maybe.... by arglebargle_xiv · · Score: 5, Informative

      That's an important point, which the article makes several times:

      Der Cyberbetrug beim oberÃsterreichischen Luftfahrtzulieferer FACC war kein Hackerangriff und kein Datendiebstahl, sagte ein Unternehmenssprecher am Mittwoch zur APA. Man wisse jetzt, dass "intern jemand benutzt" worden sei und sich die Betrugshandlungen im "Finanzbereich" von FACC abgespielt hÃtten.

      "The fraud wasn't due to hackers and didn't arise from data theft. It was an inside job carried out in the finance department".

      So it was ordinary fraud, they just used a computer, which you'd pretty much have to nowadays.

    3. Re:Or Maybe.... by drinkypoo · · Score: 2

      Not just that, but scammers can't steal anything. They can only be given things — by definition, that's how scams work. They trick you into giving them what they want. So after removing the irrelevant word "cyber" and translating the headline into child's English I get "bank officials give away 50M euros to scammers"

      --
      "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
    4. Re:Or Maybe.... by Big+Hairy+Ian · · Score: 2

      If the money was stolen by someone in the finance department then surely it's embezzlement not fraud

      --

      Build a Man a Fire, and He'll Be Warm for a Day. Set a Man on Fire, and He'll Be Warm for the Rest of His Life.

    5. Re:Or Maybe.... by buchner.johannes · · Score: 2

      GP translation is bad. The German text says someone in the finance department was used (presumably by someone outside). Therefore fraud, scam or perhaps social engineering.

      --
      NB: The message above might reflect my opinion right now, but not necessarily tomorrow or next year.
  2. Social enginering? by houghi · · Score: 2, Insightful

    If there is a due process, this would almost never happen. For amounts there needs to be a process of autentification.

    What might happen often is that a CxO is such an ass that people are afraid to folow the standard procedure and will do the transfer as requested in an email, because otherwise they get chewed at for not folowing his orders.

    Very few people will dare to say no to such a boss. I once was in a situation where the CxO asked to do certain changes on a website. I said no.

    The reason I said no was because I knew he wanted to push certain things. I knew what he was asking would hurt the company legally and thus financially. I said no, even if it was WAY above my paygrade to do so.

    Obviously I ,ailed AND called other people to inform them about my desision and the reason. Yes, my job was at risk and I could have easily just followed orders. I know the majority of people would have done so.

    Yes, there was a shitstorm and that was fun to watch.

    The company I work now has insited repeatately that ALL procedures must be followed to avaid things like what happend and ALL suspisious mails must be reported.

    This goes for EVERYBODY, especially people that are higher up. Not also, but especially.

    --
    Don't fight for your country, if your country does not fight for you.
    1. Re:Social enginering? by Anonymous Coward · · Score: 2, Interesting

      I have a similar story. I was asked by a division president to make a chance to a production system that was going to halt production and cost the company a lot of money. He listened to my explanation three entire times (each less technical than the last) and still wanted it done. When I still insisted that I'd rather lose my job than have my name next to the biggest technical disaster the company would ever face, he stormed off. I immediately went to my boss's cube and told him what had happened and that it was nice working for him (which was true). A few minutes later, I got a call from the local HR telling me I had been terminated and to come to my cube immediately, where building security was waiting for me.

      A few weeks later, I get a call at home from my old boss saying that after the shitstorm died down, they had convinced this blowhard that it was not in the company's interests to make such a major change as it flipping a light switch, because it was going to cause known failures and outages with downtime that would be extremely costly.

      I didn't get my job back, of course. I learned a super valuable lesson that day - don't let upper management corner you into this sort of situation. Physically avoid anyone higher up than your N+1 manager. Avoid answering their emails and phone calls as much as possible. When you absolutely have to correspond with them, give them one word answers. When pressed, feign ignorance so they move their scrutiny to the next doomed employee. Upper management is the biggest risk to any organization.

    2. Re:Social enginering? by houghi · · Score: 2

      I work in Europe, so if he would have fired me, I would have gotten several months worth of pay. He still would have to go through the proper channels. I would have also gone to my union (not a guild like in the US) and they most likely would have gotten me even more monies.

      What he did not know was how well informed I was about the whole situation. I had information available that was only know to a very few. I was able to read rapports that were well above my pay grade. Reading the results of the CxO meetings is nice if you are curious and know how to keep your mouth shut.

      Obviously I had reported that I could, so my ass was covered there as well.

      Because of reasons they HAD to go through me first. It was either me or nothing at all.

      What I have learned is that you also need to have a great N+1 that you know will defend you if the shit hits the fan.

      --
      Don't fight for your country, if your country does not fight for you.
  3. Cyber cyber cyber! by wonkey_monkey · · Score: 4, Funny

    FACC Operations GmbH has announced a cyber-incident during which cyber-fraudsters managed to steal around €50 million from their bank accounts.

    Don't you mean they cyber-stole €50 cyber-million from their cyber-bank cyber-accounts?

    Please cyber-mod my cyber-comment if you enjoyed reading it on your cyber-computer.

    --
    systemd is Roko's Basilisk.
  4. 50 million euros? by NormalVisual · · Score: 2

    "I must have put a decimal point in the wrong place or something. Shit! I always do that! I always mess up some mundane detail!"

    --
    Please stand clear of the doors, por favor mantenganse alejado de las puertas