[ad_1]
The Gunnebo Group listed is a major player in physical security such as shell protection, cash handling, alarms and surveillance. Among the clients are banks, authorities; even the Riksdag administration has hired Gunnebo to keep the premises and property safe. The company describes itself as a world leader, with subsidiaries and a turnover of more than SEK 5 billion per year. The business is global, with clients all over the world.
Now DN can report a very extensive data leak from company servers and computers. There are quotes, bank statements and internal accounting. But also many drawings of sensitive installations. In many cases with exact locations for surveillance cameras, alarms, arches and protected rooms.
The entire leak has been openly posted online by the attackers and therefore may have reached criminals. In total, there are 19 gigabytes of information and more than 38,000 files.
The leaked files show how Swedish bank branches have built their security systems.
Photo: Magnus Hallgren
Together with the IT security expert Leif Nixon of Sectra Communications, DN has read the material. Some parts stand out:
● Drawings showing alarm systems and surveillance cameras in a SEB office in a Swedish city. A drawing shows exactly where the cameras are located and what part of the office they cover, as well as where the computer equipment of the surveillance system is located. Another shows where the alarm buttons and motion detectors are located. Both drawings are dated Fall 2019.
● Confidential drawings for the new Swedish Tax Agency office in Sundbyberg, with floor after floor described in detail. The drawings have a clear indication of secrecy and what part of the Public and Secret Access Law protects them.
● An agreement between Gunnebo and the Riksdag administration reveals details about the Riksdag’s shell protection. When DN contacts the Riksdag’s security department, the response is that this information is confidential and may not be found in public documents.
● Drawings for one of the most exclusive jewelers in Stockholm, with a clear marking of the location of the security vault. A room is marked as CCTV, the English term for surveillance cameras. The leak also contains quotes indicating exactly what model of safe has been offered to the store.
● Drawings for bank vaults of at least two German banks. The arches are built to hold safes supplied by Gunnebo, and the drawings give a detailed picture of the construction. The corresponding drawings are also available for Swedish banks, but they are older and at least some of the banks have stopped offering safes.
● Photographs showing the installation of ATMs in another European country, as well as the security elements around them. One document contains Nordea’s Swedish regulations on how ATMs should be built, what doors protect the room, and the like. However, the Nordea document is older and dates from 2010.
Many of the documents are drawings, revealing the security systems in sensitive facilities.
Photo: Magnus Hallgren
Leif Nixon says that a leak on buildings is more problematic. When a password is leaked, it can be replaced, but the physical facilities cannot be changed in the blink of an eye.
– It is difficult to recover from this, it involves so many physical buildings that should be rebuilt.
The files come from a data breach in August. Gunnebo described it in a press release as an “organized cyber attack” and announced that it had denounced Säpo as suspected industrial espionage. At the same time, Gunnebo describes the success with which the intrusion was handled: “The company then immediately shut down the servers to isolate the attack. Due to the rapid intervention, the operational impact was minimized and business was able to resume quickly, “Gunnebo wrote.
The statement, however, does not mention anything about the leaked information.
But even before that, the group behind the attack had made contact with Gunnebo. DN has read the message, where the attackers describe how they have stolen large amounts of data: financial information, customer data, employee information, software source code, passwords and more. “Your time is running out,” write the hackers. In the message, the group also threatens to reveal the information openly online if Gunnebo is not contacted, exactly what happened next.
According to Stefan Syrén, Gunnebo’s CEO, this wasn’t discovered until much later.
Alarm systems, blueprints and bank vaults are documented in the leak.
Photo: Magnus Hallgren
Similar blackmail attacks It has affected many companies in recent times, where hackers steal data and encrypt company computers and servers. Then the company must pay a ransom so that the encrypted data is unlocked and the stolen information is not leaked online. Big game, or “major huntIt has become known in computer security circles.
The pirated material was uploaded to a public server during the second half of September. It is unknown how many people have access today.
Gunnebo CEO Stefan Syrén tells DN that the company never considered paying the attackers money, not even having contact with them.
– Paying was never on the agenda. These are criminal elements. Paying them helps them continue their business, he says.
To investigate the leak itself, with its thousands of files, Gunnebo has enlisted the help of outside IT security companies.
– Obviously, it is regrettable that we have had data theft. We review the material now and in cases where it is sensitive information, we contact the client.
– I understand that you can see the drawings as sensitive, but we do not automatically consider them as sensitive. When it comes to cameras in a public setting, for example, half the point is that they need to be visible, therefore a drawing with the location of the camera itself is not very sensitive. But in general, it is very regrettable that information comes out.
He explains that the August press release did not mention anything about the leaked information, saying that Gunnebo did not know about it at the time, but focused entirely on the attackers’ attempts to lock down the company’s hard drives with the so-called virus. of extortion, which was described as successful.
– But what we knew then was a success. We avoid closure. But you learn more all the time. We now know that our data was stolen and we are trying to handle the theft professionally.
However, IT security expert Leif Nixon is critical:
“Gunnebo has been entrusted with handling large amounts of sensitive data, from detailed information on bank security systems to information on access systems for protected objects,” he says.
– Such trust requires you to monitor your security. Getting hacked is one thing, you can never 100% protect yourself from that. But it is under all criticism to handle such a bad incident. A and O when an intrusion has occurred is to determine what really happened, and here ten minutes of investigation would have been enough to understand the risk of theft of critical data. I think Gunnebo has a long journey ahead of him to restore his reputation.
DN has asked the Riksdag administration questions about the leak, which returns with a written comment: “Gunnebo has not informed the Riksdag administration about the incident he described by phone. The reason for this the company must respond. We have no further comment on this, “writes Carina Larsson, press secretary for the Riksdag administration.
The Swedish Tax Agency has received information about the Gunnebo leak, confirms Johan Lönnqvist, acting head of security.
– The information is classified, says Johan Lönnqvist.
It still makes the assessment that it will not harm the Swedish Revenue Agency because the drawings were sent as a basis for an estimate and therefore do not show any prepared security functions.
– It is sensitive information when describing the thickness of a floor and the like, but there are no ready-to-use security solutions in the drawings we send.
How do you react to a company entrusting classified information to something like this?
– It’s always sad when that happens. We live in a changing world, there is a greater cyber threat. This is something the authorities need to work with.
Johan Lönnqvist does not want to comment on Gunnebo’s handling of the incident.
Information on several major banks can be found in the extensive Swedish Gunnebo leak.
Photo: Hendrik Osula / TT
SEB does not want to give an interview about the incident, but writes in a comment to DN: “We had contact with Gunnebo in connection with the cyber attack on the company in August, and we have an ongoing dialogue with the company. We always take the necessary measures to safeguard our safety, that of our clients and that of our employees. Other questions about the computer attack that Gunnebo was subjected to in August, we refer to Gunnebo ”.
Nordea has also been informed, says the press service. In a written statement, the bank claims the incident has had “marginal consequences” but declines to reveal any details.
DN has contacted the Security Police, which declines to comment.
