Nokia held to ransom over Symbian vulnerability

Nokia presented its Symbian-powered music-oriented flagship handset, Nokia X6, in Espoo in 2009.

Nokia paid millions of euros in ransom roughly six and a half years ago to prevent a blackmailer from leaking the encryption key of its Symbian user interface, MTV reported on Tuesday.

The National Bureau of Investigation (KRP) opened a pre-trial investigation into the alleged aggravated extortion after the former mobile phone behemoth had paid the ransom. The investigation is still ongoing.

Information obtained by Helsingin Sanomat from two different sources indicates that Nokia believes the blackmailer to be a Finnish citizen who participated in the development of the user interface. The suspect was able to obtain the highly-classified encryption key due to a data security vulnerability.

According to well-informed sources, the suspect demanded that half of the ransom be delivered to a pre-determined location in cash and the other half donated to charity. Nokia, the sources tell, delivered the cash in an ice hockey equipment bag to the designated location in Tampere and made the donation.

A few million euros was a relatively small pay-off in light of the extent of damage the encryption key could have caused in the wrong hands. At worst, the key could have enabled hackers to hijack and infect numerous Symbian handsets across the world, a well-informed ex-Nokia employee highlights.

Nokia urged the KRP to look into the matter as discreetly as possible as it needed time to patch the vulnerability in the encryption key.

The ransom demand was delivered to Nokia in English by e-mail, while the decision to comply with it was taken at the highest echelons of the company. Both Nokia and Microsoft refused to comment on the report on Tuesday.

A former Nokia executive reveals that over the years Nokia received a number of similar, albeit less serious, demands for rewards from third parties for the detection of vulnerabilities in its software, hardware or services. Nokia often complied with the demands.

Detective superintendent Tero Haapala confirmed on Tuesday evening that the KRP are investigating an alleged aggravated extortion, with Nokia the complainant. He declined, however, to reveal when the complaint was filed and where the ransom demand is believed to have originated.

Petri Sajari – HS
Aleksi Teivainen – HT
© HELSINGIN SANOMAT
Photo: Martti Kainulainen / Lehtikuva

 

Helsinki Times Information

Editor-in-chief Alexis Kouros Tel: +358 9 689 67 425

Editorial team

James O’Sullivan, David Cord, Yannick Ilunga, Alicia Jensen, Merle Must, Andy Kruse, Eva Czechanowski, Anna-Maija Lappi, Annika Rautakoura, Mari Storpellinen, Aleksi Teivainen 

Email: info(a)helsinkitimes.fi

Web & Online subscription

Mahmoud Assiabi
webmaster(a)helsinkitimes.fi

 
Sales and marketing

Bob Graham
Aiman Kaddoura
Ethan Shadabi
Andre Roots

Email addresses are
Firstname(a)helsinkitimes.fi

Publisher
Helsinki Times Oy
Vilhonvuorenkatu 11 B
00500 Helsinki
Finland