Richi Jennings

Nokia gives millions to blackmailer. Police fail to follow [u]

June 18, 2014 6:25 AM EDT


2007 oops revealed. [Updated with report on who and how]

It's been revealed that Nokia was successfully blackmailed, a few years back. The perps stole Nokia's private digital signing key, threatening a rain of malware on Espoo's parade. So Nokia sent millions of euros to extortionists, but Finnish police lost them.

How the mighty might have fallen: In IT Blogwatch, bloggers wonder if this helps explain the failure of Symbian.

curated these bloggy bits for your entertainment.

 
Here's the scoop, from MTV (no, not that one):

Nokia became a target of extortion and ended up paying several millions of euros in ransom...to a blackmailer to protect an encryption key. ... The case is still unsolved.

The blackmailer had gotten hold of the Symbian [private] key used for signing. ... Had the key been leaked Nokia would not have been able to ensure that the phones accept only applications approved by the company.

It is not known how the key ended up in the hands of the blackmailer.  MORE


 
So Sakari Suoninen says:

Nokia paid several million euros to criminals...some six years ago [said a] Finnish TV station. ... Nokia was not immediately available for comment.

MTV said that the blackmailers...threatened to make [the private key] public...so anyone could then have written...malware which would have been indistinguishable from the legitimate part of the software.

Nokia contacted the police and agreed to deliver the cash to a parking lot. ... The money was picked up but the police lost track of the culprits.  MORE


 
Wait. Symbian? Steven J. Vaughan-Nichols brings us this history lesson:

At the time, Nokia had just over 50 percent of the...market and the vast majority of these phones were running Symbian. Apple's iPhone [was only] released in June 2007 and...Android 1.0 would not be released until September 2008. ... Symbian was at that time the most important mobile operating system in the world.

The once mighty Symbian may have fallen, but at least it didn't collapse because of a major security breach.  MORE


 
Arif Ullah speculates:

I don’t like the idea of how people got away with ransom. However Nokia were making money from developers with their application signing process; if Nokia didn’t pay the ransom...then Nokia would have lost money anyway from the developers, since they may decide to sign apps using the free leaked method to test/release apps.

Symbian could have lost market share earlier due to malware. Paying the ransom could have worked out cheaper.  MORE


 
But jaywontdart uses a few colorful metaphors:

Nokia bungled everything they touched. ... The culprits won, entirely. That makes Nokia doubly inept. Did they get anything RIGHT with Symbian?

This is a clusterfrig all around for Nokia. It...was utterly unprepared for the 2010’s [and] seemingly failed at every step with Symbian.  MORE


 
UPDATE: Petri Sajari and Aleksi Teivainen add more local color:

Information...from two different sources indicates that Nokia believes the blackmailer to be a Finnish citizen who participated in the development of the user interface.

According to well-informed sources, the suspect demanded that half of the ransom be...donated to charity [and that] the decision to comply...was taken at the highest echelons of the company.  MORE


 

Subscribe now to the Blogs Newsletter for a daily summary of the most recent and relevant blog posts at Computerworld.