Finns urge better Wi-Fi security after bank break-in

Finland called on its citizens to take more care securing their Wi-Fi networks after it emerged this week that about €200,000 ($245,400) had been stolen from a local bank using an unprotected home network.

The Helsinki branch of global financing company GE Money called on police to investigate the theft in June. The money, which has since been recovered, was stolen from one of GE Money's accounts at a local bank, said Jukkapekka Risu, investigating officer for the Helsinki police.

Police now believe that the company's 26-year-old head of data security in Helsinki stole banking software from the company along with passwords for its bank account, Risu said. Accomplices then accessed the account from a laptop computer using an unprotected network at a nearby apartment building in Helsinki's Kallio district.

They used the passwords to transfer the money to a different corporate account that they had set up six months earlier, Risu said. The thieves apparently thought that using someone else's Wi-Fi network would help cover their tracks.

Suspicion initially fell on the owner of the Wi-Fi network until police searched his apartment and determined he was not involved. They then deduced from the laptop's MAC address that it belonged to GE Money, and fingers started to point toward the bank's security officer, Risu said. The MAC address had been saved in the wireless LAN's ADSL (asymmetric digital subscriber line) box.

"After a while there were too many leads pointing against him, and after we found the laptop, that was it," he said.

Police are still completing their investigation and the security officer, along with three other suspects, have not yet been charged, Risu said. The case came to light after the Finnish newspaper Helsingin Sanomat obtained documents related to the case and published a story Tuesday.

The case will likely be sent to prosecutors next week and charges will follow in about two months, Risu said. Despite not having been charged yet, the security officer was immediately dismissed, said Pekka Pattiniemi, general manager for GE Money in Finland. GE Money is a subsidiary of General Electric Co.

"I can confirm that our local security officer was involved," Pattiniemi said. "No harm was caused because our very good internal control mechanisms caught that the money was missing the next morning. We got it all back," he said.

The security officer and the other suspects were held by police for several weeks. One suspect remains in custody, and the security officer is temporarily barred from travel, Risu said.

Police declined to name the suspects or identify the bank from which the money was stolen. Risu called it a "large, local bank."

The case was picked up by television news programs in Finland and caused something of a buzz. It also prompted the Finnish Communications Regulatory Authority to remind citizens this week about the dangers of not securing their wireless networks.

Wi-Fi is starting to become popular in Finland, particularly among home users, said Jani Arnell, information security advisor with the agency's computer emergency response team. He estimated that probably less than half of the networks in use have been secured. The agency advised people to employ at least the standard WEP (Wired Equivalent Privacy) encryption.

Police officer Risu said it's difficult for companies to guard against this type of crime when internal staff are involved.

"I suppose they could make their recruitment process more airtight," he said.

(Juha-Matti Laurio, who writes for IDG's MikroPC magazine in Finland, contributed to this report.)