Cyber-Scammers Steal €50 Million From Austrian Airplane Manufacturer

An anonymous reader writes: FACC Operations GmbH, an Austrian company that produces various airplane parts for companies like Airbus and Boeing, has announced a cyber-incident during which cyber-fraudsters managed to steal around €50 million from their bank accounts. While CEO Fraud attacks manage to steal a few thousand dollars here and there, never has a company lost so much cash liquidity in one incident. Stock price took a tumble immediately.

Or Maybe....

[Anonymous Coward]

Something tells me it was an inside job and they just blamed it on a hack. Seems like a great way to get away with snagging 54+ million dollars and getting away with it.

Re:Or Maybe....

[Sique]

It was an inside job, their first announcement was, that it was a suspected hack, and that they sent their collected data so far to a cyber incidence response center, and later determined it must have been an inside job. This is the (german) article from a leading Austrian newspaper about the incident from yesterday morning: FACC article [derstandard.at]. Feel free to use your favorite online translation service if your german is not good enough.

Re:Or Maybe....

[arglebargle_xiv]

That's an important point, which the article makes several times:

Der Cyberbetrug beim oberÃsterreichischen Luftfahrtzulieferer FACC war kein Hackerangriff und kein Datendiebstahl, sagte ein Unternehmenssprecher am Mittwoch zur APA. Man wisse jetzt, dass "intern jemand benutzt" worden sei und sich die Betrugshandlungen im "Finanzbereich" von FACC abgespielt hÃtten.

"The fraud wasn't due to hackers and didn't arise from data theft. It was an inside job carried out in the finance department".

So it was ordinary fraud, they just used a computer, which you'd pretty much have to nowadays.

Re:

[Big Hairy Ian]

If the money was stolen by someone in the finance department then surely it's embezzlement not fraud

Re:

[buchner.johannes]

GP translation is bad. The German text says someone in the finance department was used (presumably by someone outside). Therefore fraud, scam or perhaps social engineering.

Re:

[Opportunist]

If the money was stolen by someone in the finance department, he was basically doing his job.

Oh. Stealing FROM the company, not FOR it? Ok, that's something different!

Re:

[davester666]

No, as there has been PLENTY of prior art.

Re:

[drinkypoo]

Not just that, but scammers can't steal anything. They can only be given things — by definition, that's how scams work. They trick you into giving them what they want. So after removing the irrelevant word "cyber" and translating the headline into child's English I get "bank officials give away 50M euros to scammers"

Re:

[Sique]

In this case, it was the finance departement of an airspace industry company, not a bank official. And so far, we don't even know if they were tricked by scammers to do so, or if it was an inside scheme from the beginning.

Re:

[Impy the Impiuos Imp]

They quickly transferred it offworld to the Orion cluster, converted it to gold-pressed latinum, then bought passage on an old orbital tug converted to a small transport ship headed rimward.

I assume that's why they can't just go arrest of the people and transfer it back.

Young whippersnappers ... Re:Or Maybe....

[140Mandak262Jamuna]

So it was an inside job, and some people in the finance department stole 50 million $ from the company using computers.

Young whippersnappers, all instant gratification and me me me me all the time. No patience, no hard work, nothing. In our days we stole fractions of pennies in each transaction to add up to 50 million $. Bah.. now get off my lawn.

Except...

[Anonymous Coward]

never has a company lost so much cash liquidity in one incident.

I raise the maximum to 70 million euro: http://www.brusselstimes.com/belgium/4944/belgian-bank-crelan-hit-by-a-70-million-eur-fraud (in the mean time it was leaked that the fraud was performed by impersonating a mail from a director).

Re:

[campuscodi]

LoL... where did that come from OP... i thought the summaries where supposed to use data from the source article.. not made up... there are numerous whaling attacks bigger than 50 mil... just google it

Re:

[Holi]

You mean the scam like we got today?

Barbara,

I'll need you to make an Express Wire transfer of $24,350.00 to a Bank Account before banking hours are closed for the day.
Let me know how feasible this would be.
Regards,

Michael
President

these have been getting a lot of use lately. How stupid do you have to be to not verify these transfer requests?

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:

[Anonymous Coward]

I have a similar story. I was asked by a division president to make a chance to a production system that was going to halt production and cost the company a lot of money. He listened to my explanation three entire times (each less technical than the last) and still wanted it done. When I still insisted that I'd rather lose my job than have my name next to the biggest technical disaster the company would ever face, he stormed off. I immediately went to my boss's cube and told him what had happened and th

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[Bert64]

Such a thing is far less likely to happen in europe, where employment law is much stronger and prevents them from firing you without valid justification and/or a pay off.

That said, you should get him to provide those instructions in writing, you also reply in writing indicating why you believe it to be a bad idea and if he still wants to go ahead it's on him as you've done your due diligence in providing the warning.
Such situations happen all the time, perhaps not to the same degree but often technical peop

Cyber cyber cyber!

[wonkey_monkey]

FACC Operations GmbH has announced a cyber-incident during which cyber-fraudsters managed to steal around €50 million from their bank accounts.

Don't you mean they cyber-stole €50 cyber-million from their cyber-bank cyber-accounts?

Please cyber-mod my cyber-comment if you enjoyed reading it on your cyber-computer.

Re:

[Mr D from 63]

Sigh. Brrr, that was cold.

50 million euros?

[NormalVisual]

"I must have put a decimal point in the wrong place or something. Shit! I always do that! I always mess up some mundane detail!"

Cyber-Scammers hack Microsoft Windows - again ..

[tetraverse]

'The company published a note about the incident on January 19, saying it was "a victim of a crime act using communication and information technologies."'

This is what happens when security is ignored

[Opportunist]

This is exactly what happens when you treat security like something you only need to get those pesky government regulators off your back and that fancy certificate for your wall so some other company gives you a contract (who doesn't know jack about security either and replaces that lack of knowledge by requiring "something security-relevant" from you, as some kind of surrogate-security).

Finally it hurt them.

What likely happened was a faked email from a bigwig who needed immediately some money transferred,

Called "EMBEZZELMENT"

[gurps_npc]

When an 'inside man' steals, it is called embezzlement, not hacking. In addition, while it is a big embezzlement case, it isn't the largest.

Why pretend it is "cybercrime" rather than embezzlement? Because cyber crime makes you look less like a dumb-ass. I couldn't help it, it was those hackers that did it! Rather than "I am a incompetent fool that trusts people because their aunt told me he was a good buy."

Going to Disney World!

[Impy the Impiuos Imp]

Some guy in Nigeria: Finally!