Pirate Bay co-founder Gottfrid Svartholm Warg was charged with hacking the IBM mainframe of Logica, a Swedish IT firm that provided tax services to the Swedish government, and the IBM mainframe of the Swedish Nordea bank, according to the Swedish public prosecutor.
"This is the biggest investigation into data intrusion ever performed in Sweden," said public prosecutor Henrik Olin.
Besides Svartholm Warg the prosecution charged three other Swedish citizens. Two of them live in Malmö and provided accounts for money transfers while one other -- who lives in the middle of Sweden -- was charged with mainframe hacking, Olin said. The third man and Svartholm Warg were also charged with hacking into the Bisnode webservice system that is part of Logica's mainframe environment, Olin added.
All of the suspects are men. The two from Malmö were born in 1993 and 1994, and the other man who has been into hacking for quite some time was born in 1976, Olin said. They are related to the Pirate Bay, Olin said.
Svartholm Warg, who co-founded the Pirate Bay, was a fugitive from a Swedish jail sentence after being convicted for copyright violations in relation to the work he did for the Pirate Bay. He was arrested in Cambodia in September 2012 and deported to Sweden where he was arrested for his alleged involvement in the Logica hack.
In November, new suspicions were raised. Svartholm Warg was also suspected of being involved in serious fraud and another data intrusion. While details about those new suspicions were not disclosed back then, they involved the hacking of the Nordea bank mainframe in order to steal money from several bank accounts, Olin said on Tuesday.
Only one of the attempts to transfer money from eight Nordea bank accounts succeeded, according to Olin. In that case an amount in 24,200 Danish kroner (approximately US$4,300) was transferred from a Danish Nordea bank account, Olin said. The intruders managed to do that by hacking the mainframe that was located in Sweden, he said.
Seven other attempts to transfer money from different bank accounts failed. Four of them involved a sum of 220,548 Danish kroner (US$38,800), while three other attempted transfers were in euros amounting to a total of €653,900 (US$858,500), Olin said. In total, the foursome allegedly tried to transfer an amount of a little over $900,000.
The Swedish prosecution managed to track two of the receiving accounts, which led to the arrest of the Malmö men, Olin said. The other six transfers were intended for accounts belonging to other personal and company accounts based in Sweden and abroad, he said. Attempts were made to send money to Cyprus, the Swiss UBS bank and the Barclays bank in the U.K., Olin said.
The Logica and Nordea hack are somehow related because both companies used an IBM mainframe, said Olin, who could not specify which mainframe was used. The operative system of the mainframe is z/OS though, a 64-bit operating system for IBM mainframes, Olin said.
The Nordea bank won't comment on ongoing legal proceedings, said Helena Östman, head of communications at Nordea.
Logica, now part of CGI Sweden, is glad that people were charged with the breach, said Anders Sandell, head of security of CGI Sweden. While both Logica and Nordea use IBM mainframes, the companies use different systems, he said, adding that he could not disclose any more technical details nor provide any information about vulnerabilities used in the hacks.
IBM Sweden spokesman Andreas Lundgren declined to comment.
At the moment, it is not really clear why Logica was hacked, said Olin. But the intruders stole extensive personal and vehicle data, including social security numbers, he said. "I won't comment any further on that because there is no evidence what they wanted to use it for. At the moment we only have loose theories."
Court proceedings against Svartholm Warg and the other three are expected to begin at the Nacka district court at the end of May, Olin said.
Loek is Amsterdam Correspondent and covers online privacy, intellectual property, open-source and online payment issues for the IDG News Service. Follow him on Twitter at @loekessers or email tips and comments to loek_essers@idg.com