Late on Tuesday night, unknown individuals attacked the server of Surgutneftegaz oil company. They sent emails from a mailbox allegedly located on the company’s website, claiming that its CEOs were arrested.
Surgutneftegaz disproved that information. Experts do not understand what the hackers’ real purpose was; the latter either wanted to put psychological pressure on the company, forcing it to disclose some information, or they were simply checking spam’s impact on the stock market. There had been similar attempts to manipulate the market before.
Several stock market players said they received an email signed “Press-center of Surgutneftegaz company” on Tuesday, at 9:30 p.m. Moscow time. The email claimed that Surgutneftegaz Director General Vladimir Bogdanov and its head of board Nikolai Zakharchenko were arrested on Monday on suspicion of tax evasion of 3.79 billion rubles. The email also claimed that a part of the company’s property was arrested, and that trading its shares will be suspended since Friday. Then followed a commentary allegedly given by Surgutneftegaz, calling “those actions a provocation by the authorities”.
Those who received the email were subscribed for mailing from Surgutneftegaz website. Meanwhile, the site could not be opened at that time. It did not resume working on Wednesday; the hacker attack went on throughout the day, said the company’s employees. Yet, the same email arrived to those who never owned the company’s shares and were not subscribed to its mailing. Thus, nearly 100 employees of Kommersant Publishing House also received the email, at 11:00 p.m. “The email is quite illiterately written. Besides, it claims the company’s taxes were calculated by the Ministry of Taxes, which no longer exists,” said a recipient of the email out of the stock market players.
Even before Russia’s trading pits opened, Surgutneftegaz’s press-service categorically refuted the email, assuring that “all this information” is not true. Thus, the company said the last tax audit in it finished in November 2006, and “Surgutneftegaz does not have problems with tax services”. Consequently, the email did not affect the company’s position at the stock market: by the end of the day, its quotations fell by 0.44 percent at the RTS, and grew by 0.168 percent at the MICEX.
The hacker attack is not the first at the Russian market. Moreover, one of the previous cases also concerned Surgutneftegaz. In April, investors received a false analytical note from Troika Dialog investment company. It contained advice to buy Surgutneftegaz shares. The quotations then grew by 4.19 percent at the MICEX. In May, hackers distributed another report allegedly from Troika Dialog, recommending to buy the shares of Tomsk Energy Sales company.
Surgutneftegaz press-service’s head Raisa Khodchenko thinks the email might have been aimed at undermining the company’s reputation. “The night attack against the website simply did not allow investors to receive confirmation or disproof,” she said. However, CentreInvest Securities investment company’s managing director Dan Rapoport said the U.S. trading pits closed at 12:00 p.m. local time, due to the upcoming Independence Day. So, they closed earlier than the mailing began. Surgutneftegaz head Vladimir Bogdanov thinks the intention to buy up the company’s shares stands behind the spammers’ actions. He added he wants to complain to law-enforcement authorities against false information. Bogdanov does not know who might be interested in the attack.
Experts say the hackers chose an easy way to misinform the market. “It’s easy to make it so that another email is seen instead of the sender’s real email,” said Alexander Chachava, president of Leto consulting company, which deals with information security. He added the spammers might have wanted to psychologically press the company and its managers, trying to force Surgutneftegaz, by means of the provocation, to confirm or disprove the published information, for instance about tax claims. Yet, common hooliganism might have been the attack’s purpose, said the expert.
Other experts said the attack might have simply been “the monitoring of information medium transparency”. Choosing Surgutneftegaz might have been incidental, believes Finans analyst Dmitry Tsaregorodtsev: “Perhaps, those who initiated it, simply wanted to see how spam affects the market.”
Rapoport said such attacks are frequent in the U.S., and those guilty are frequently found. In Russia, it is the Federal Financial Markets Service that supervises the market. However, its members believe the issue is within law enforcers’ powers.
Chachava said the hackers can be found, although “everything depends on professionalism”. It will be harder to discover them if the attack was carried out from abroad. Troika Dialog, that already began investigating the spam mailing allegedly by it, said it is not yet ready to announce the result. Meanwhile, lawyer Denis Uzoikin said that spammers’ actions fall into the criminal category only if violating the issuer’ rights. In other cases, they might be classified as damaging the business reputation and protecting a number of civil rights.
Surgutneftegaz disproved that information. Experts do not understand what the hackers’ real purpose was; the latter either wanted to put psychological pressure on the company, forcing it to disclose some information, or they were simply checking spam’s impact on the stock market. There had been similar attempts to manipulate the market before.
Several stock market players said they received an email signed “Press-center of Surgutneftegaz company” on Tuesday, at 9:30 p.m. Moscow time. The email claimed that Surgutneftegaz Director General Vladimir Bogdanov and its head of board Nikolai Zakharchenko were arrested on Monday on suspicion of tax evasion of 3.79 billion rubles. The email also claimed that a part of the company’s property was arrested, and that trading its shares will be suspended since Friday. Then followed a commentary allegedly given by Surgutneftegaz, calling “those actions a provocation by the authorities”.
Those who received the email were subscribed for mailing from Surgutneftegaz website. Meanwhile, the site could not be opened at that time. It did not resume working on Wednesday; the hacker attack went on throughout the day, said the company’s employees. Yet, the same email arrived to those who never owned the company’s shares and were not subscribed to its mailing. Thus, nearly 100 employees of Kommersant Publishing House also received the email, at 11:00 p.m. “The email is quite illiterately written. Besides, it claims the company’s taxes were calculated by the Ministry of Taxes, which no longer exists,” said a recipient of the email out of the stock market players.Even before Russia’s trading pits opened, Surgutneftegaz’s press-service categorically refuted the email, assuring that “all this information” is not true. Thus, the company said the last tax audit in it finished in November 2006, and “Surgutneftegaz does not have problems with tax services”. Consequently, the email did not affect the company’s position at the stock market: by the end of the day, its quotations fell by 0.44 percent at the RTS, and grew by 0.168 percent at the MICEX.
The hacker attack is not the first at the Russian market. Moreover, one of the previous cases also concerned Surgutneftegaz. In April, investors received a false analytical note from Troika Dialog investment company. It contained advice to buy Surgutneftegaz shares. The quotations then grew by 4.19 percent at the MICEX. In May, hackers distributed another report allegedly from Troika Dialog, recommending to buy the shares of Tomsk Energy Sales company.Surgutneftegaz press-service’s head Raisa Khodchenko thinks the email might have been aimed at undermining the company’s reputation. “The night attack against the website simply did not allow investors to receive confirmation or disproof,” she said. However, CentreInvest Securities investment company’s managing director Dan Rapoport said the U.S. trading pits closed at 12:00 p.m. local time, due to the upcoming Independence Day. So, they closed earlier than the mailing began. Surgutneftegaz head Vladimir Bogdanov thinks the intention to buy up the company’s shares stands behind the spammers’ actions. He added he wants to complain to law-enforcement authorities against false information. Bogdanov does not know who might be interested in the attack.
Experts say the hackers chose an easy way to misinform the market. “It’s easy to make it so that another email is seen instead of the sender’s real email,” said Alexander Chachava, president of Leto consulting company, which deals with information security. He added the spammers might have wanted to psychologically press the company and its managers, trying to force Surgutneftegaz, by means of the provocation, to confirm or disprove the published information, for instance about tax claims. Yet, common hooliganism might have been the attack’s purpose, said the expert.
Other experts said the attack might have simply been “the monitoring of information medium transparency”. Choosing Surgutneftegaz might have been incidental, believes Finans analyst Dmitry Tsaregorodtsev: “Perhaps, those who initiated it, simply wanted to see how spam affects the market.”Rapoport said such attacks are frequent in the U.S., and those guilty are frequently found. In Russia, it is the Federal Financial Markets Service that supervises the market. However, its members believe the issue is within law enforcers’ powers.
Chachava said the hackers can be found, although “everything depends on professionalism”. It will be harder to discover them if the attack was carried out from abroad. Troika Dialog, that already began investigating the spam mailing allegedly by it, said it is not yet ready to announce the result. Meanwhile, lawyer Denis Uzoikin said that spammers’ actions fall into the criminal category only if violating the issuer’ rights. In other cases, they might be classified as damaging the business reputation and protecting a number of civil rights.
Surgutneftegaz
Hackers Attack
Annual Hack-In-The-Box Security Conference
Gary McKinnon
