Hackad (2021–…): Season 1, Episode 3 - Att kidnappa ett företag - full transcript
"Let's do this."
-Should this be on?
Yeah, think so?
I record all calls, so we have
extra backup if this gives up.
A large part of crime
has moved online:
Everything from simple, small scams
to serious organized crime.
Oh yeah. These are the awesome.
They look good. These are our cameras.
It's no longer teenagers
who do things just because you can–
- but criminal elements.
This is also a camera.
I'm so equipped now.
The security company Gunnebo
has been attacked.
Is the camera running?
So I don't go in,
and then just ... panic.
SVT has let four professional
hackers attack individuals–
and companies, to show how vulnerable
we are in our connected society.
Organized crime
has moved online.
Coop had to close
almost all of its 800 stores.
Serious cyberattacks
increases every year–
And huge ransoms are paid
to save companies from ruin.
Can our hackers access
big business via a secret shortcut?
/ CALL SIGNAL /
I'm terrified they'll be
suspicious and call the police.
are you nervous, Jinny?
Our hackers are playing criminals.
In two days they have to infiltrate
the IT company Langate.
Jesper and Jinny are using
Social manipulation,
- to be let in to the company
to gain a foothold.
No one there, except the CEO,
knows about the hack.
Jinny is dressed as a worker
and will say she has to check humidity.
They have made a "cover story"
where her name is Frida.
They have a website for Flexvatten,
the company she's from.
I'll park here.
It's good if we're not seen.
- We can stop here.
-Yeah, thinking about that too.
The risk is they'll call the police.
That they catch you, become suspicious
and keep you there.
In reality, this had been
a fairly serious crime.
Anyone who wants to attack several companies
can target a supplier -
- a so-called supply chain attack.
Langate is small with many customers.
If the hackers manage to infiltrate them–
- then the opportunity to access
a large number of companies is opened.
The last few meters ... I didn't check
the heart monitor, but it was probably high.
I got really nervous.
Hey! I'm here to measure some moisture
in your walls.
- From Sölvesborgs Construction, or?
-Yes. Or from Sölvesborg municipality.
Is it okay?
We humans have a tendency
to fill in the blanks -
-If someone seems to fit in
a role.
If you look like an IT technician,
then you probably are.
-Where do you the kitchen and ...?
- The kitchen is in there.
-Bathroom?
-There.
If you look like you belong in an environment,
we assume you do.
We may not stop a person
and ask to see the ID -
-Or look closely and realize
that the ID is fake.
The world's thickest wall is useless
if someone opens a door in it.
I looked for cables in the ceiling
and for a cable to a TV
-But there was nothing, so we
concluded that they ran everything on wifi.
And we had not prepped for that.
She's been inside for 15 minutes
so far.
I felt
that I had to go one more round.
Then I saw a door. I went straight in
as if I knew what was there.
There was a switch - network
equipment - and some type of server
-With lights flashing.
So it was a gold mine,
just what I were looking for.
Fast as hell, take up everything,
plug in, plug in power ...
Jinny?
Something is happening.
Out through door and pretend to write.
I wrote on the paper all the way out.
- Did you go out, Jinny?
-Yes.
Did you plug it in?
Do you know that you got a link?
- It flashed.
- It hasn't come up yet.
Forget it. It came up! It's up.
Yes, we have contact!
Holy shit!
Oh! How fucking nervous I was.
So fucking good!
Like, fuck.
The glasses were foggy all the time.
She's a fucking hero. I'm on
a parking lot, so I'll pull away.
Feel free to start
Responder in analyze mode, right away.
There's a risk that he ... When I said
what wanted to do, he paused.
It feels like I've
done something bad, and we have.
At the end of 2020 there was
a major supply chain attack
- against the security company Solarwinds.
In the attack, malicious code was spread
to Solarwind's customers -
–For instance the US military
and several other security companies.
In Sweden, e.g.
Volvo Cars, Skanska and Space Agency.
The US Treasury Department pointed out
Russia as responsible for the attack.
I'm so fucking ... almost vomiting
now, ... of adrenaline.
How do we start the conversation? Only:
"Hello, we want to hack your business."
While Linus is investigating
the company from the inside -
- they meet with the company's CEO
to discuss the assignment.
The CEO does not know
that the hackers have jumpstarted.
- Wanna have lunch and talk?
-Yes, we should do that.
Nobody at Langate knows this.
No one on the staff, no one knows
that this will be done.
I do not know the details myself,
but now I'm going to be hacked.
"Good luck."
But not too much "luck".
We at Langate know that we
may be the victim of a hacker attack -
-To access our customers.
- We want to create as good protection as we can.
-Because you become the most sensitive part.
Yes, we will be the service provider
supply chain to others.
Potentially, one could reach–
-About a hundred customers
important information.
-Or make do ransomware attack ...
-Some kind of malicious code.
Or just access information that
you see has an incredible business value.
I had an experience this weekend.
A customer who has refused protection -
-And insist that we publish
our terminal server.
Then they got ransomware, and boom
the pay system stopped working. Nasty!
Ransomware is a billion dollar industry.
It will only get bigger.
Swedish companies that are attacked
by ransomware and pays ...
The total amount per year
amounts to several billion SEK.
There are cases where Swedish companies
has paid close to 300 million–
-To get their files unlocked.
And that is ONE company.
A hacker who accessed resources
can perform a ransomware attack.
What happens is that all files
are encrypted and locked.
Now a key is required
to restore everything.
The files were hijacked by the hacker,
who demands money to unlock.
The Coop food chain had to close
almost all of its 800 stores.
-After the cash register system failed.
This summer, Coop was hit
by a ransomware attack-
-Which was also
a supply chain attack.
Operation of Coop's cash register system
is handled by the company Visma Esscom.
Visma in turn uses
services from the company Kaseya.
It was Kaseya who was attacked
by a hacker.
The malicious code was spread to Visma
and caused Coop's cash registers to be locked.
Coop had to close 800 stores while
they restarted all cash registers manually.
There are more examples of attacks which
affected companies and infrastructure.
2019 the aluminium
manufacturer Norsk Hydro was affected.
It was enough for an employee to click
on a link in an email.
The hackers entered Hydro's IT environment
and planted a virus–
-Which they used to encrypt
information throughout the company.
Computers and servers were locked
and production lines stopped.
The total sum for the attack
estimated at $ 75 million.
Norsk Hydro never paid
any ransom.
They had backups on their data
and was able to restart operations.
Sensitive information about bank vaults, alarms
systems and the government is online.
The security company Gunnebo
was hit by a ransomware attack in 2020.
Gunnebo refused to pay the ransom.
About 38,000 documents were leaked -
and are exposed online.
drawings of bank vaults, alarm
systems and sensitive facilities.
In a survey among
150 IT-managers at Swedish companies -
- 30% state that they've been exposed to one
ransomware attack in the last year.
Here we go. Let's do it.
-Now we're on our way. How nice!
-It's fun to watch it.
Hey! I'm here to measure some moisture
in your walls.
- From Sölvesborgs Construction, or?
-Yes. Or from Sölvesborg municipality.
I checked under the sink and so on.
- Moist tile, then?.
-Yeah, what the hell do I know?
In an attack like this, you don't know
how prepared the victim is.
So you need to do it slowly
and carefully, so that you do not ...
You don't want to make too much noise
in the network.
You don't know what to expect.
It's a bit like a maze without a map.
You have a bunch of cool tools,
but there are monsters in the maze.
- No password spraying, just.
-No no no.
Come on...! I
Having some issues here.
We start to map out what is there.
We clearly see people going home.
We have no success. The attacks
which we normally use do not work.
I'm wondering if we should test–
-to do an active Responder
on ONE computer.
-They have a lot of different things.
- That's what I'm looking at.
I can't take it.
I have to sleep.
We have a program
which will run overnight–
-And when they come to the office
tomorrow.
Hopefully someone has a laptop
with them that they had brought home.
When they start it, it will
hopefully trigger something that we can catch.
There is a reason
to stay late.
You can do bolder things
on the network -
- without worrying about
people noticing it.
So there is every reason
to stay late.
Ransomware attacks are common,
but a crime that few want to talk about.
SVT has asked several companies
subjected to major attacks -
- but none of them
want to line up for an interview.
Nobody knows how common it is–
-Because companies do not
report it to the police.
It may be that they think
that the police will do nothing -
-Or that you do not want to broadcast
that you have had an attack -
-Which has hit hard, because companies
think it would mean-
-That "we show that we have bad
security and get no customers ".
We have to be a bit more structured now.
- For Responder ...
-Responder has no hits.
When we arrived today,
nothing had happened.
We have to reach all
these customers, that's the goal.
We need to access a machine,
the backup server ...
We need to reach customers.
They may very well have some tech nerd
who've made sure they are safe.
It's a disaster for us.
Then we have to get very creative.
In the worst case
you had a good idea there, Linus.
Trying to poison the network and force
a machine to connect to us.
Maybe we should
perform a bolder attack anyway.
With bolder I mean:
If we're looking for something in a forest
- then we'll blow away all the trees
to find something on the ground.
Jesper's attack will possibly stop
the network from working -
-For the ones we attack.
Our tiny computer, which we have hidden
behind a cupboard inside the company ...
We decided to tunnel all traffic
through this little point–
-To force everything that is sitting
in the network to do what we want.
Nobody remembers a coward.
Shall we press all three?
-Shared responsibility is not responsibility.
- You have full power.
I'll press now, then.
It's running.
Yes! New hash. Damn, what a treat.
Come on now!
It will be seen, this is noisy.
Yes, and it does.
–Oh, oh.
- What?
- Have you found a net?
Min session är nere.
-No no no....
They found it?
After a while our
terminal freeze–
- and we lose the connection to
our unit that sits on the inside.
Yes, I'm all out.
- Damn. We were too aggressive.
-Yes, you can probably say that.
They find our box and disconnect it.
We lose the connection. Game over.
Now that we are blind again and have no
access, we have a few hashes.
The hashes are the cryptographic
equivalent of a password.
And we can crack
these using computing power.
Powerful computers with graphics
cards which we ask to solve our problem.
Time is running out. While Linus is
trying to crack passwords
- Jinny and Jesper go back
to the company office.
It's time to reveal ourselves.
We'll see what they answer,
if they have noticed anything.
-Welcome!
-Thank you. - After you.
-Are you having a good time?
-Yes.
We have some friends with us,
me and my colleague:
Jinny, or Frida.
We work as IT security experts.
We have been doing some stuff with you.
It's silence. Everything has been
good? The week has been good?
No disturbances?
My feeling
when these two people came in:
"Wow, now he's hired
an entertainment group "-
- "which will entertain us."
They said they were IT experts.
So I'm thinking: "Yes, now there will be
a lot of IT jokes, because that's our thing. "
Anyone recognize my
colleague here?
-Yes! No, what the hell ...
- You should recognize me.
Oh, what the hell is that ...? Ah! Okay!
Then I recognize Jinny,
who has infiltrated us.
I'm the one who opens the door.
Hey! I'm here to
measure some moisture in your walls.
-What did we do here, quite simply?
-You were measuring moi ...
It was a very positive reaction.
I was afraid he would get angry.
But he laughed and ...
So there's shock, but laughter, as well.
I'm in a call when I open the door.
I'm talking to a customer about security.
I say, "The doorbell rings."
"Hi, my name is Frida
I'm going to measure moisture. "-" Yes, go ahead. "
"It's very important,
with security! "
But you haven't noticed anything
on infrastructure or ...?
We noticed a response on the computer,
which did not feel natural.
What's supposed to happen doesn't happen–
- instead we get a
login box. That's weird.
We have seen a small box in a room
which you may have put there.
I suspect
that it's no longer connected.
-How did you find it?
-A colleague of mine saw it.
In reality, one of our customers
was attacked for real.
So Jörgen and I request
people to come here, and tell them:
"Now we have prio 1 alert.
Someone has been hacked. "
Pretty strange, weird timing.
They had another incident at the same time.
A customer had an intrusion
while we were doing stuff.
"I see a box. Do you know anything about it?"
"No. No idea
what internal project is this? "
"Then I want to disconnect it."
We could have stayed in the network
longer if they did not have the incident.
So that was just unfortunate.
People have lost three years of work
because they've been attacked.
They attacked the data, but also
the backup of the data. Then it's gone.
Then you cry for real.
You've worked for three years–
-for nothing
and have to start over.
There is nothing
to recreate or save.
We have taken two passwords
and given them to our machines.
They're cracking the password
still. It's not cracked yet.
We have had a very short time - we have
spent almost two days on planning.
It's just a matter of time
before this gets cracked.
We got our hands on
two encrypted passwords - hashes.
We have tried to crack them
for 24 hours and have not succeeded yet.
It's sad for us,
but a good grade for Langate.
In my world you have succeeded,
even if you don't think so.
The hackers managed to infiltrate
the IT company–
-And had access
to their network for over a day.
They could not get past
the company's security system -
-And therefore could not
access the customers in the network.
The passwords that the hackers came across
kept good quality.
Attempts to crack them
were discontinued after 48 hours.
They remain unresolved.
If I were an evil hacker,
I'd be quieter–
- and take my time. When I had
enough customers -
- I'd probably
encrypt everything–
-And requested loads of money
in ransom.
If they don't pay,
yeah, go bankrupt, then.
"What do I care? I'm evil."
We currently don't have
a basic level of security -
-So that we have a fairly high bar.
The higher the bar is–
-The more costly and time consuming
it is for an attacker-
- to try to access the information.
This is business-critical.
This is what boards should be
accustomed to dealing with.
You see investments in security
as a cost.
If you see it as an investment,
something that gives a return–
-it's easier to argue for.
It's about the company's survival.
This has to end now. I'm tired of
talking to desperate people -
-who get in trouble because of
hacker attacks all the time.
Good morning, Klara. Hope you have
slept well. Today it's sunny outside.
This so-called IoT man
is like a damn mad scientist.
I'm safe,
they're not getting in.
-Check if you get access.
-It's up, we're in.
-Should this be on?
Yeah, think so?
I record all calls, so we have
extra backup if this gives up.
A large part of crime
has moved online:
Everything from simple, small scams
to serious organized crime.
Oh yeah. These are the awesome.
They look good. These are our cameras.
It's no longer teenagers
who do things just because you can–
- but criminal elements.
This is also a camera.
I'm so equipped now.
The security company Gunnebo
has been attacked.
Is the camera running?
So I don't go in,
and then just ... panic.
SVT has let four professional
hackers attack individuals–
and companies, to show how vulnerable
we are in our connected society.
Organized crime
has moved online.
Coop had to close
almost all of its 800 stores.
Serious cyberattacks
increases every year–
And huge ransoms are paid
to save companies from ruin.
Can our hackers access
big business via a secret shortcut?
/ CALL SIGNAL /
I'm terrified they'll be
suspicious and call the police.
are you nervous, Jinny?
Our hackers are playing criminals.
In two days they have to infiltrate
the IT company Langate.
Jesper and Jinny are using
Social manipulation,
- to be let in to the company
to gain a foothold.
No one there, except the CEO,
knows about the hack.
Jinny is dressed as a worker
and will say she has to check humidity.
They have made a "cover story"
where her name is Frida.
They have a website for Flexvatten,
the company she's from.
I'll park here.
It's good if we're not seen.
- We can stop here.
-Yeah, thinking about that too.
The risk is they'll call the police.
That they catch you, become suspicious
and keep you there.
In reality, this had been
a fairly serious crime.
Anyone who wants to attack several companies
can target a supplier -
- a so-called supply chain attack.
Langate is small with many customers.
If the hackers manage to infiltrate them–
- then the opportunity to access
a large number of companies is opened.
The last few meters ... I didn't check
the heart monitor, but it was probably high.
I got really nervous.
Hey! I'm here to measure some moisture
in your walls.
- From Sölvesborgs Construction, or?
-Yes. Or from Sölvesborg municipality.
Is it okay?
We humans have a tendency
to fill in the blanks -
-If someone seems to fit in
a role.
If you look like an IT technician,
then you probably are.
-Where do you the kitchen and ...?
- The kitchen is in there.
-Bathroom?
-There.
If you look like you belong in an environment,
we assume you do.
We may not stop a person
and ask to see the ID -
-Or look closely and realize
that the ID is fake.
The world's thickest wall is useless
if someone opens a door in it.
I looked for cables in the ceiling
and for a cable to a TV
-But there was nothing, so we
concluded that they ran everything on wifi.
And we had not prepped for that.
She's been inside for 15 minutes
so far.
I felt
that I had to go one more round.
Then I saw a door. I went straight in
as if I knew what was there.
There was a switch - network
equipment - and some type of server
-With lights flashing.
So it was a gold mine,
just what I were looking for.
Fast as hell, take up everything,
plug in, plug in power ...
Jinny?
Something is happening.
Out through door and pretend to write.
I wrote on the paper all the way out.
- Did you go out, Jinny?
-Yes.
Did you plug it in?
Do you know that you got a link?
- It flashed.
- It hasn't come up yet.
Forget it. It came up! It's up.
Yes, we have contact!
Holy shit!
Oh! How fucking nervous I was.
So fucking good!
Like, fuck.
The glasses were foggy all the time.
She's a fucking hero. I'm on
a parking lot, so I'll pull away.
Feel free to start
Responder in analyze mode, right away.
There's a risk that he ... When I said
what wanted to do, he paused.
It feels like I've
done something bad, and we have.
At the end of 2020 there was
a major supply chain attack
- against the security company Solarwinds.
In the attack, malicious code was spread
to Solarwind's customers -
–For instance the US military
and several other security companies.
In Sweden, e.g.
Volvo Cars, Skanska and Space Agency.
The US Treasury Department pointed out
Russia as responsible for the attack.
I'm so fucking ... almost vomiting
now, ... of adrenaline.
How do we start the conversation? Only:
"Hello, we want to hack your business."
While Linus is investigating
the company from the inside -
- they meet with the company's CEO
to discuss the assignment.
The CEO does not know
that the hackers have jumpstarted.
- Wanna have lunch and talk?
-Yes, we should do that.
Nobody at Langate knows this.
No one on the staff, no one knows
that this will be done.
I do not know the details myself,
but now I'm going to be hacked.
"Good luck."
But not too much "luck".
We at Langate know that we
may be the victim of a hacker attack -
-To access our customers.
- We want to create as good protection as we can.
-Because you become the most sensitive part.
Yes, we will be the service provider
supply chain to others.
Potentially, one could reach–
-About a hundred customers
important information.
-Or make do ransomware attack ...
-Some kind of malicious code.
Or just access information that
you see has an incredible business value.
I had an experience this weekend.
A customer who has refused protection -
-And insist that we publish
our terminal server.
Then they got ransomware, and boom
the pay system stopped working. Nasty!
Ransomware is a billion dollar industry.
It will only get bigger.
Swedish companies that are attacked
by ransomware and pays ...
The total amount per year
amounts to several billion SEK.
There are cases where Swedish companies
has paid close to 300 million–
-To get their files unlocked.
And that is ONE company.
A hacker who accessed resources
can perform a ransomware attack.
What happens is that all files
are encrypted and locked.
Now a key is required
to restore everything.
The files were hijacked by the hacker,
who demands money to unlock.
The Coop food chain had to close
almost all of its 800 stores.
-After the cash register system failed.
This summer, Coop was hit
by a ransomware attack-
-Which was also
a supply chain attack.
Operation of Coop's cash register system
is handled by the company Visma Esscom.
Visma in turn uses
services from the company Kaseya.
It was Kaseya who was attacked
by a hacker.
The malicious code was spread to Visma
and caused Coop's cash registers to be locked.
Coop had to close 800 stores while
they restarted all cash registers manually.
There are more examples of attacks which
affected companies and infrastructure.
2019 the aluminium
manufacturer Norsk Hydro was affected.
It was enough for an employee to click
on a link in an email.
The hackers entered Hydro's IT environment
and planted a virus–
-Which they used to encrypt
information throughout the company.
Computers and servers were locked
and production lines stopped.
The total sum for the attack
estimated at $ 75 million.
Norsk Hydro never paid
any ransom.
They had backups on their data
and was able to restart operations.
Sensitive information about bank vaults, alarms
systems and the government is online.
The security company Gunnebo
was hit by a ransomware attack in 2020.
Gunnebo refused to pay the ransom.
About 38,000 documents were leaked -
and are exposed online.
drawings of bank vaults, alarm
systems and sensitive facilities.
In a survey among
150 IT-managers at Swedish companies -
- 30% state that they've been exposed to one
ransomware attack in the last year.
Here we go. Let's do it.
-Now we're on our way. How nice!
-It's fun to watch it.
Hey! I'm here to measure some moisture
in your walls.
- From Sölvesborgs Construction, or?
-Yes. Or from Sölvesborg municipality.
I checked under the sink and so on.
- Moist tile, then?.
-Yeah, what the hell do I know?
In an attack like this, you don't know
how prepared the victim is.
So you need to do it slowly
and carefully, so that you do not ...
You don't want to make too much noise
in the network.
You don't know what to expect.
It's a bit like a maze without a map.
You have a bunch of cool tools,
but there are monsters in the maze.
- No password spraying, just.
-No no no.
Come on...! I
Having some issues here.
We start to map out what is there.
We clearly see people going home.
We have no success. The attacks
which we normally use do not work.
I'm wondering if we should test–
-to do an active Responder
on ONE computer.
-They have a lot of different things.
- That's what I'm looking at.
I can't take it.
I have to sleep.
We have a program
which will run overnight–
-And when they come to the office
tomorrow.
Hopefully someone has a laptop
with them that they had brought home.
When they start it, it will
hopefully trigger something that we can catch.
There is a reason
to stay late.
You can do bolder things
on the network -
- without worrying about
people noticing it.
So there is every reason
to stay late.
Ransomware attacks are common,
but a crime that few want to talk about.
SVT has asked several companies
subjected to major attacks -
- but none of them
want to line up for an interview.
Nobody knows how common it is–
-Because companies do not
report it to the police.
It may be that they think
that the police will do nothing -
-Or that you do not want to broadcast
that you have had an attack -
-Which has hit hard, because companies
think it would mean-
-That "we show that we have bad
security and get no customers ".
We have to be a bit more structured now.
- For Responder ...
-Responder has no hits.
When we arrived today,
nothing had happened.
We have to reach all
these customers, that's the goal.
We need to access a machine,
the backup server ...
We need to reach customers.
They may very well have some tech nerd
who've made sure they are safe.
It's a disaster for us.
Then we have to get very creative.
In the worst case
you had a good idea there, Linus.
Trying to poison the network and force
a machine to connect to us.
Maybe we should
perform a bolder attack anyway.
With bolder I mean:
If we're looking for something in a forest
- then we'll blow away all the trees
to find something on the ground.
Jesper's attack will possibly stop
the network from working -
-For the ones we attack.
Our tiny computer, which we have hidden
behind a cupboard inside the company ...
We decided to tunnel all traffic
through this little point–
-To force everything that is sitting
in the network to do what we want.
Nobody remembers a coward.
Shall we press all three?
-Shared responsibility is not responsibility.
- You have full power.
I'll press now, then.
It's running.
Yes! New hash. Damn, what a treat.
Come on now!
It will be seen, this is noisy.
Yes, and it does.
–Oh, oh.
- What?
- Have you found a net?
Min session är nere.
-No no no....
They found it?
After a while our
terminal freeze–
- and we lose the connection to
our unit that sits on the inside.
Yes, I'm all out.
- Damn. We were too aggressive.
-Yes, you can probably say that.
They find our box and disconnect it.
We lose the connection. Game over.
Now that we are blind again and have no
access, we have a few hashes.
The hashes are the cryptographic
equivalent of a password.
And we can crack
these using computing power.
Powerful computers with graphics
cards which we ask to solve our problem.
Time is running out. While Linus is
trying to crack passwords
- Jinny and Jesper go back
to the company office.
It's time to reveal ourselves.
We'll see what they answer,
if they have noticed anything.
-Welcome!
-Thank you. - After you.
-Are you having a good time?
-Yes.
We have some friends with us,
me and my colleague:
Jinny, or Frida.
We work as IT security experts.
We have been doing some stuff with you.
It's silence. Everything has been
good? The week has been good?
No disturbances?
My feeling
when these two people came in:
"Wow, now he's hired
an entertainment group "-
- "which will entertain us."
They said they were IT experts.
So I'm thinking: "Yes, now there will be
a lot of IT jokes, because that's our thing. "
Anyone recognize my
colleague here?
-Yes! No, what the hell ...
- You should recognize me.
Oh, what the hell is that ...? Ah! Okay!
Then I recognize Jinny,
who has infiltrated us.
I'm the one who opens the door.
Hey! I'm here to
measure some moisture in your walls.
-What did we do here, quite simply?
-You were measuring moi ...
It was a very positive reaction.
I was afraid he would get angry.
But he laughed and ...
So there's shock, but laughter, as well.
I'm in a call when I open the door.
I'm talking to a customer about security.
I say, "The doorbell rings."
"Hi, my name is Frida
I'm going to measure moisture. "-" Yes, go ahead. "
"It's very important,
with security! "
But you haven't noticed anything
on infrastructure or ...?
We noticed a response on the computer,
which did not feel natural.
What's supposed to happen doesn't happen–
- instead we get a
login box. That's weird.
We have seen a small box in a room
which you may have put there.
I suspect
that it's no longer connected.
-How did you find it?
-A colleague of mine saw it.
In reality, one of our customers
was attacked for real.
So Jörgen and I request
people to come here, and tell them:
"Now we have prio 1 alert.
Someone has been hacked. "
Pretty strange, weird timing.
They had another incident at the same time.
A customer had an intrusion
while we were doing stuff.
"I see a box. Do you know anything about it?"
"No. No idea
what internal project is this? "
"Then I want to disconnect it."
We could have stayed in the network
longer if they did not have the incident.
So that was just unfortunate.
People have lost three years of work
because they've been attacked.
They attacked the data, but also
the backup of the data. Then it's gone.
Then you cry for real.
You've worked for three years–
-for nothing
and have to start over.
There is nothing
to recreate or save.
We have taken two passwords
and given them to our machines.
They're cracking the password
still. It's not cracked yet.
We have had a very short time - we have
spent almost two days on planning.
It's just a matter of time
before this gets cracked.
We got our hands on
two encrypted passwords - hashes.
We have tried to crack them
for 24 hours and have not succeeded yet.
It's sad for us,
but a good grade for Langate.
In my world you have succeeded,
even if you don't think so.
The hackers managed to infiltrate
the IT company–
-And had access
to their network for over a day.
They could not get past
the company's security system -
-And therefore could not
access the customers in the network.
The passwords that the hackers came across
kept good quality.
Attempts to crack them
were discontinued after 48 hours.
They remain unresolved.
If I were an evil hacker,
I'd be quieter–
- and take my time. When I had
enough customers -
- I'd probably
encrypt everything–
-And requested loads of money
in ransom.
If they don't pay,
yeah, go bankrupt, then.
"What do I care? I'm evil."
We currently don't have
a basic level of security -
-So that we have a fairly high bar.
The higher the bar is–
-The more costly and time consuming
it is for an attacker-
- to try to access the information.
This is business-critical.
This is what boards should be
accustomed to dealing with.
You see investments in security
as a cost.
If you see it as an investment,
something that gives a return–
-it's easier to argue for.
It's about the company's survival.
This has to end now. I'm tired of
talking to desperate people -
-who get in trouble because of
hacker attacks all the time.
Good morning, Klara. Hope you have
slept well. Today it's sunny outside.
This so-called IoT man
is like a damn mad scientist.
I'm safe,
they're not getting in.
-Check if you get access.
-It's up, we're in.