Czar mail logo 9225e250e2be53ed378b1bbcb1a770ecf98c994c063c73d0685db9e2194e8a48
Czar Mail of California is an American Company
  • It's private; we don't read your mail.
  • No spam—no filters—no lost good mail.
  • No viruses—no trojans—no key loggers.
  • Only about 4¢ per workday.
  • Free trial—no credit card needed.
Comodo secure seal 133f96ceac619d2317cd9e4e3e9f40f30929fb612c170231cb400953d3546602

A $2.4bn deal fell through for Coca-Cola

Hackers spent a month logging commercially sensitive information before they were detected in a 2009 cyber-attack on Coca-Cola.

Coca cola f55339144e8910c9cc3a85a0f85c51f76e044b9415a318ec1df4727ee18b608a

At the time, Atlantic Industries, a wholly owned subsidiary of Coca-Cola, was looking to buy the China Huiyuan Juice Group for about $2.4bn, which would have been the largest foreign takeover of a Chinese company up to that time. The BBC reported that according to Bloomberg, "the deal collapsed three days after the cyber-attack, citing internal sources."[BBC]

Established in 1992 and headquartered in Beijing, Huiyuan is the largest privately owned juice producer in China. It's engaged in the manufacture and sales of juice and other beverage products, including fruit juice and vegetable juice, nectars, bottled water, tea, and dairy drinks. On 17 March, it was reported that Coca Cola was considering abandoning the deal, as Chinese authorities insisted on relinquishing the Huiyuan brand name after acquisition. On 18 March, the [Chinese] Ministry of Commerce disallowed the bid, citing market competition concerns.[Wikipedia]

The one discrepancy between the Bloomberg accounts and a report by the Mandiant Corporation, a cybersecurity firm, was why ultimately the company’s acquisition fell apart. According to Bloomberg, Coca-Cola’s takeover attempt of China Huiyuan Juice Group was thwarted because China’s Ministry of Commerce rejected it for antitrust reasons. Mandiant’s report offered a different take:

    The intrusion had a significant impact on the victim organization. As a result of the compromise, the U.S. company terminated their acquisition plans. While it was not possible to determine all the data that had been lost, the victim company was not able to compete the acquisition and accomplish their business objectives.[NY Times]

The 2010 case study published by Mandiant may offer further details. The study, which does not mention Coca-Cola specifically, details a 2009 breach of a “Fortune 500 Manufacturer” that aligns almost perfectly with Bloomberg’s account of Coca-Cola’s breach.[ibid.]

If Mandiant’s study is, in fact, based on Coca-Cola, then it offers new insights into the breach. According to the study, once in, hackers used password-stealing software to gain access to other systems on the company’s network. They also used the compromised executive’s account to launch what is known as an SQL server attack, in which hackers exploit a software vulnerability and enter commands that cause databases to produce their contents.[ibid.]

The infiltration was, according to internal documents seen by Bloomberg, blamed on state-backed Chinese attackers.[GuruFocus]

How did they do it?

According to Bloomberg, an e-mail containing the subject line: “Save power is save money! (from CEO)” was sent to the e-mail account of Bernhard Goepelt, Coca-Cola’s current general counsel. The e-mail contained a malicious link that, once clicked, downloaded malware that gave the attackers full access to Coca-Cola’s network. The authentic appearing email contained malware which was clicked on, allowing the installation of key loggers and other malware which allowed the hackers to steal emails and passwords. With the passwords, the hackers were able to freely navigate on the company's network, stealing documents and sensitive information.[NY Times]

How would Czar Mail have stopped it?

Czar mail mailer logo 92718fff7ada274816c3218b9912afd2237f785c618f7228dc27f67525d52111

According to Bloomberg, the email was "spoofed," meaning it was forged to look like a legitimate email from a Coca-Cola email account. When ordinary email servers receive an email message, there's no reliable way for them to assure that the email actually came from the individual listed as the sender. As long as the email passes spam filters, it gets delivered into the recipient's inbox. The recipient, believing that the email is legitimate, clicks on the attachment, and the malware is installed, often stealthily so that the recipient is unaware that his computer has been compromised.

Czar Mail members have to present ID before they can get a mailbox, and criminals won't do that because their identity would be known. When spammers send spoofed emails to Czar Mail's open port, they are immediately rejected: they're never delivered to the recipient's inbox. Legitimate Czar Mail members log onto Czar Mail's secure port with a password (which is done automatically by their email client software), so their identity is verified. Spammers can't spoof Czar Mail members because they don't know the forged sender's password.

This is important: If Coca-Cola had been a Czar Mail member, the spoofed email would have been rejected at the email server, and would never have been delivered to its victim, the recipient would never had seen it nor clicked on its attachment, and the network would never have been compromised.