Follow Slashdot stories on Twitter


Forgot your password?
Crime The Almighty Buck Technology

Cyber-Scammers Steal €50 Million From Austrian Airplane Manufacturer ( 39

An anonymous reader writes: FACC Operations GmbH, an Austrian company that produces various airplane parts for companies like Airbus and Boeing, has announced a cyber-incident during which cyber-fraudsters managed to steal around €50 million from their bank accounts. While CEO Fraud attacks manage to steal a few thousand dollars here and there, never has a company lost so much cash liquidity in one incident. Stock price took a tumble immediately.
This discussion has been archived. No new comments can be posted.

Cyber-Scammers Steal €50 Million From Austrian Airplane Manufacturer

Comments Filter:
  • Or Maybe.... (Score:2, Insightful)

    by Anonymous Coward
    Something tells me it was an inside job and they just blamed it on a hack. Seems like a great way to get away with snagging 54+ million dollars and getting away with it.
    • Re:Or Maybe.... (Score:5, Informative)

      by Sique ( 173459 ) on Friday January 22, 2016 @06:47AM (#51349231) Homepage
      It was an inside job, their first announcement was, that it was a suspected hack, and that they sent their collected data so far to a cyber incidence response center, and later determined it must have been an inside job. This is the (german) article from a leading Austrian newspaper about the incident from yesterday morning: FACC article []. Feel free to use your favorite online translation service if your german is not good enough.
      • Re:Or Maybe.... (Score:5, Informative)

        by arglebargle_xiv ( 2212710 ) on Friday January 22, 2016 @07:22AM (#51349285)

        That's an important point, which the article makes several times:

        Der Cyberbetrug beim oberÃsterreichischen Luftfahrtzulieferer FACC war kein Hackerangriff und kein Datendiebstahl, sagte ein Unternehmenssprecher am Mittwoch zur APA. Man wisse jetzt, dass "intern jemand benutzt" worden sei und sich die Betrugshandlungen im "Finanzbereich" von FACC abgespielt hÃtten.

        "The fraud wasn't due to hackers and didn't arise from data theft. It was an inside job carried out in the finance department".

        So it was ordinary fraud, they just used a computer, which you'd pretty much have to nowadays.

        • If the money was stolen by someone in the finance department then surely it's embezzlement not fraud
          • GP translation is bad. The German text says someone in the finance department was used (presumably by someone outside). Therefore fraud, scam or perhaps social engineering.

          • If the money was stolen by someone in the finance department, he was basically doing his job.

            Oh. Stealing FROM the company, not FOR it? Ok, that's something different!

      • Not just that, but scammers can't steal anything. They can only be given things — by definition, that's how scams work. They trick you into giving them what they want. So after removing the irrelevant word "cyber" and translating the headline into child's English I get "bank officials give away 50M euros to scammers"

        • by Sique ( 173459 )
          In this case, it was the finance departement of an airspace industry company, not a bank official. And so far, we don't even know if they were tricked by scammers to do so, or if it was an inside scheme from the beginning.
      • So it was an inside job, and some people in the finance department stole 50 million $ from the company using computers.

        Young whippersnappers, all instant gratification and me me me me all the time. No patience, no hard work, nothing. In our days we stole fractions of pennies in each transaction to add up to 50 million $. Bah.. now get off my lawn.

  • by Anonymous Coward

    never has a company lost so much cash liquidity in one incident.

    I raise the maximum to 70 million euro: (in the mean time it was leaked that the fraud was performed by impersonating a mail from a director).

    • LoL... where did that come from OP... i thought the summaries where supposed to use data from the source article.. not made up... there are numerous whaling attacks bigger than 50 mil... just google it
    • by Holi ( 250190 )
      You mean the scam like we got today?


      I'll need you to make an Express Wire transfer of $24,350.00 to a Bank Account before banking hours are closed for the day.
      Let me know how feasible this would be.


      these have been getting a lot of use lately. How stupid do you have to be to not verify these transfer requests?

  • Social enginering? (Score:3, Insightful)

    by houghi ( 78078 ) on Friday January 22, 2016 @07:01AM (#51349249)

    If there is a due process, this would almost never happen. For amounts there needs to be a process of autentification.

    What might happen often is that a CxO is such an ass that people are afraid to folow the standard procedure and will do the transfer as requested in an email, because otherwise they get chewed at for not folowing his orders.

    Very few people will dare to say no to such a boss. I once was in a situation where the CxO asked to do certain changes on a website. I said no.

    The reason I said no was because I knew he wanted to push certain things. I knew what he was asking would hurt the company legally and thus financially. I said no, even if it was WAY above my paygrade to do so.

    Obviously I ,ailed AND called other people to inform them about my desision and the reason. Yes, my job was at risk and I could have easily just followed orders. I know the majority of people would have done so.

    Yes, there was a shitstorm and that was fun to watch.

    The company I work now has insited repeatately that ALL procedures must be followed to avaid things like what happend and ALL suspisious mails must be reported.

    This goes for EVERYBODY, especially people that are higher up. Not also, but especially.

    • Re: (Score:2, Interesting)

      by Anonymous Coward

      I have a similar story. I was asked by a division president to make a chance to a production system that was going to halt production and cost the company a lot of money. He listened to my explanation three entire times (each less technical than the last) and still wanted it done. When I still insisted that I'd rather lose my job than have my name next to the biggest technical disaster the company would ever face, he stormed off. I immediately went to my boss's cube and told him what had happened and th

      • by houghi ( 78078 )

        I work in Europe, so if he would have fired me, I would have gotten several months worth of pay. He still would have to go through the proper channels. I would have also gone to my union (not a guild like in the US) and they most likely would have gotten me even more monies.

        What he did not know was how well informed I was about the whole situation. I had information available that was only know to a very few. I was able to read rapports that were well above my pay grade. Reading the results of the CxO meeti

      • by Bert64 ( 520050 )

        Such a thing is far less likely to happen in europe, where employment law is much stronger and prevents them from firing you without valid justification and/or a pay off.

        That said, you should get him to provide those instructions in writing, you also reply in writing indicating why you believe it to be a bad idea and if he still wants to go ahead it's on him as you've done your due diligence in providing the warning.
        Such situations happen all the time, perhaps not to the same degree but often technical peop

  • by wonkey_monkey ( 2592601 ) on Friday January 22, 2016 @07:15AM (#51349269) Homepage

    FACC Operations GmbH has announced a cyber-incident during which cyber-fraudsters managed to steal around €50 million from their bank accounts.

    Don't you mean they cyber-stole €50 cyber-million from their cyber-bank cyber-accounts?

    Please cyber-mod my cyber-comment if you enjoyed reading it on your cyber-computer.

  • by NormalVisual ( 565491 ) on Friday January 22, 2016 @07:48AM (#51349361)
    "I must have put a decimal point in the wrong place or something. Shit! I always do that! I always mess up some mundane detail!"
  • 'The company published a note about the incident on January 19, saying it was "a victim of a crime act using communication and information technologies."'
  • This is exactly what happens when you treat security like something you only need to get those pesky government regulators off your back and that fancy certificate for your wall so some other company gives you a contract (who doesn't know jack about security either and replaces that lack of knowledge by requiring "something security-relevant" from you, as some kind of surrogate-security).

    Finally it hurt them.

    What likely happened was a faked email from a bigwig who needed immediately some money transferred,

  • When an 'inside man' steals, it is called embezzlement, not hacking. In addition, while it is a big embezzlement case, it isn't the largest.

    Why pretend it is "cybercrime" rather than embezzlement? Because cyber crime makes you look less like a dumb-ass. I couldn't help it, it was those hackers that did it! Rather than "I am a incompetent fool that trusts people because their aunt told me he was a good buy."

  • Some guy in Nigeria: Finally!

Air is water with holes in it.