FBI officials quietly approached executives at Coca-Cola Co. on March 15, 2009, with some startling news.
Hackers had broken into the company’s computer systems and were pilfering sensitive files about its attempted $2.4 billion acquisition of China Huiyuan Juice Group, according to three people familiar with the situation and an internal company document detailing the cyber intrusion. The Huiyuan deal, which collapsed three days later, would have been the largest foreign takeover of a Chinese company at the time.
“We don’t credit the idea that no one would care,” says Meredith Cross, director of the SEC’s division of corporation finance. “We think reasonable investors could care depending on the specific facts and circumstances.”
The Coca-Cola report provides a rare and chilling account of the intricate and determined ways that hackers raided its files -- from pilfering internal e-mails to gaining the ability to access almost any Microsoft Windows server, work station or laptop on the network with full remote control.
“It’s very clear that Comment is behind it,” says Jaime Blasco, head of AlienVault’s security lab.
Take, for instance, an intrusion last year at BG Group that has never been disclosed to shareholders. The company, which posted $21 billion in revenue in 2011, discovered a breach in its computer networks described as massive by four people knowledgeable about it, with vast quantities of data taken.
In one case, officials estimated the cost of lost data from a British company while concealing the firm’s identity from the public. Jonathan Evans, head of Britain’s MI5 domestic security service, said in a speech in June that digital intruders targeting a “major London listed company” had caused a loss of 800 million pounds ($1.3 billion), in part because of the resulting disadvantage in “contractual negotiations.”
Chesapeake, whose ticker on the New York Stock Exchange is CHK, was in the midst of selling stakes in the Utica shale deposit in Ohio at the time, and is still trying to find buyers for assets in the Mississippi Lime in Kansas and Oklahoma.
Among their targets: Sudhir Maheshwari, the executive in charge of corporate finance, and mergers and acquisitions for the world’s largest steel maker.
Hackers showed similar prowess in penetrating the networks of Coca-Cola.
Once in control of the computer, the hackers installed various other programs, gaining access to the company’s corporate network and using Etchells’s machine as a staging point to store and download data taken from other computers.