Pages

Thursday, January 10, 2019

How Chinese hackers pulled off the Italian con job, a Rs 130-crore heist By Sachin Dave

hacker


MUMBAI: A gang of Chinese fraudsters stole $18.6 million (Rs 130 crore) from the Indian arm of Italian company Tecnimont SpA by convincing local managers that the money was needed for an acquisition, in what could be one of the biggest cyber heists in the country. 

The hackers sent emails to the head of Tecnimont Pvt Ltd, the Indian subsidiary of Milan-headquartered Tecnimont SpA, through an email account that looked deceptively similar to that of group CEO Pierroberto Folgiero, according to a police complaint, which ET has seen. 


The hackers then arranged a series of conference calls to discuss a possible “secretive” and “highly confidential” acquisition in China. Several people played various roles during these calls, pretending to be the group CEO, a top Switzerland-based lawyer and other senior executives of the company, according to the complaint submitted by Tecnimont Pvt Ltd to the Mumbai Police’s cybercrime unit. 
1
India Chief, Head of Accounts Sacked 
The hackers convinced the India head that the money couldn’t be transferred from Italy due to regulatory issues. He then transferred the amount in three tranches during one week in November. The money that was transferred — $5.6 million, $9.4 million and $3.6 million — from India to the banks in Hong Kong was withdrawn within minutes. The fraudsters tried for a fourth transfer, but by then the fraud had been discovered. It came to light when Tecnimont SpA chairman Franco Ghiringhelli visited India in December. 

Tecnimont SpA, which is engaged in businesses such as engineering, energy and chemicals, is part of the publicly traded blue-chip Italian group Maire Tecnimont, which said it didn’t regard the theft as a “cyber attack but a fraud” and declined to comment further.A senior official close to the development said a forensic investigation was carried out by the company. Besides hiring a Mumbai-based law firm, ET has learnt Manhattan-based security firm Kroll is also inquiring into the matter. White-collar criminal law and fraud investigating firm MZM Legal is assisting in the efforts. 

“This is a very serious case of electronic fraud by a very highly skilled group of international criminals working with high-end technology,” said Zulfiquar Memon, managing partner of MZM Legal. “We are working with the Mumbai Cyber Cell to investigate the matter and get to the bottom of this.” He declined to divulge further details. 
The company has sacked the India chief and the head of accounts and finance, as per the police complaint filed with the Mumbai cyber police. 

According to people in the know, the email’s wording imitated the writing style of the group chairman. Other communications that purported to come from various executives were similar in nature as the hackers may have managed to penetrate the IT system and study their emails. 

“In addition to masking email addresses, hackers in the past have used malware to penetrate and monitor email communications,” said Dhruv Phophalia, managing director, Alvarez & Marsal India. “This enables them to gather information, learn writing styles and language used by a user in email communications and replicate them in the spoofed emails.” 

Internal investigations later revealed that all those on conference calls had fraudulent IDs. The top Swiss lawyer who went by the name of Luigi Corradi doesn’t exist. The name is that of a wellknown Italian engineer and teacher who died in 1921. The bank accounts into which the money was transferred were opened using fake documents. This was discovered when the forensic investigators contacted the banks in Hong Kong, said people aware of the matter. 

Six entities have been named in the police complaint. They include companies supposedly based in Hong Kong, in Taizhou, China, and unknown email account holders who first contacted the India head. Also named in the complaint is Luigi Corradi.

No comments:

Post a Comment