Pirate Bay co-founder charged with hacking IBM mainframes, stealing money

This is the biggest data intrusion investigation ever performed in Sweden, the prosecutor said

Pirate Bay co-founder Gottfrid Svartholm Warg was charged with hacking the IBM mainframe of Logica, a Swedish IT firm that provided tax services to the Swedish government, and the IBM mainframe of the Swedish Nordea bank, according to the Swedish public prosecutor.

"This is the biggest investigation into data intrusion ever performed in Sweden," said public prosecutor Henrik Olin.

Besides Svartholm Warg the prosecution charged three other Swedish citizens. Two of them live in Malmö and provided accounts for money transfers while one other -- who lives in the middle of Sweden -- was charged with mainframe hacking, Olin said. The third man and Svartholm Warg were also charged with hacking into the Bisnode webservice system that is part of Logica's mainframe environment, Olin added.

All of the suspects are men. The two from Malmö were born in 1993 and 1994, and the other man who has been into hacking for quite some time was born in 1976, Olin said. They are related to the Pirate Bay, Olin said.

Svartholm Warg, who co-founded the Pirate Bay, was a fugitive from a Swedish jail sentence after being convicted for copyright violations in relation to the work he did for the Pirate Bay. He was arrested in Cambodia in September 2012 and deported to Sweden where he was arrested for his alleged involvement in the Logica hack.

In November, new suspicions were raised. Svartholm Warg was also suspected of being involved in serious fraud and another data intrusion. While details about those new suspicions were not disclosed back then, they involved the hacking of the Nordea bank mainframe in order to steal money from several bank accounts, Olin said on Tuesday.

Only one of the attempts to transfer money from eight Nordea bank accounts succeeded, according to Olin. In that case an amount in 24,200 Danish kroner (approximately US$4,300) was transferred from a Danish Nordea bank account, Olin said. The intruders managed to do that by hacking the mainframe that was located in Sweden, he said.

Seven other attempts to transfer money from different bank accounts failed. Four of them involved a sum of 220,548 Danish kroner (US$38,800), while three other attempted transfers were in euros amounting to a total of €653,900 (US$858,500), Olin said. In total, the foursome allegedly tried to transfer an amount of a little over $900,000.

The Swedish prosecution managed to track two of the receiving accounts, which led to the arrest of the Malmö men, Olin said. The other six transfers were intended for accounts belonging to other personal and company accounts based in Sweden and abroad, he said. Attempts were made to send money to Cyprus, the Swiss UBS bank and the Barclays bank in the U.K., Olin said.

The Logica and Nordea hack are somehow related because both companies used an IBM mainframe, said Olin, who could not specify which mainframe was used. The operative system of the mainframe is z/OS though, a 64-bit operating system for IBM mainframes, Olin said.

The Nordea bank won't comment on ongoing legal proceedings, said Helena Östman, head of communications at Nordea.

Logica, now part of CGI Sweden, is glad that people were charged with the breach, said Anders Sandell, head of security of CGI Sweden. While both Logica and Nordea use IBM mainframes, the companies use different systems, he said, adding that he could not disclose any more technical details nor provide any information about vulnerabilities used in the hacks.

IBM Sweden spokesman Andreas Lundgren declined to comment.

At the moment, it is not really clear why Logica was hacked, said Olin. But the intruders stole extensive personal and vehicle data, including social security numbers, he said. "I won't comment any further on that because there is no evidence what they wanted to use it for. At the moment we only have loose theories."

Court proceedings against Svartholm Warg and the other three are expected to begin at the Nacka district court at the end of May, Olin said.

Loek is Amsterdam Correspondent and covers online privacy, intellectual property, open-source and online payment issues for the IDG News Service. Follow him on Twitter at @loekessers or email tips and comments to loek_essers@idg.com

Join the CSO newsletter!

Error: Please check your email address.

Tags pirate baydata breachlegaldata protectionprivacyCriminalDetection / preventionintrusionGottfrid Svartholm Wargintellectual propertysecuritycopyright

More about CGIIBM AustraliaIDGLogicaNordeaOlin

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Loek Essers

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place