G4S shares sent tumbling by fake website that cost £12 to build

British security services company G4S saw shares decline yesterday following a hoax emailed message and website.

Low-price shares available - if you want them...
Low-price shares available - if you want them...

Shares in G4S plc (formerly Group 4 Securicor), a British multi-national security services company headquartered in Crawley, West Sussex, dropped by 2.1 pence yesterday after an elaborate hoax, where it was falsely claimed that the company had fired its finance director and had a £386 million hole in its profits.

The emailed message - drafted to resemble a formal stock exchange announcement on a fake website - said that restated accounts following an internal audit meant the company had dipped into the red for 2013 and the first half of this year.

The report on the fake website - which reportedly cost just £12.70 to set up - added that Himanshu Raja, CFO of the company, which has 620,000 staff in 125 countries around the world, had been sacked, whilst group general legal counsel Soren Lundsberg-Nielsen had resigned. Ashley Almanza, G4S' chief executive, was reported to have been to be "shocked by these discoveries".

The end-of-day share price appears to have been saved as Raja was on a call to analysts as the fake Web site and reports started appearing from a group of hacktivists, calling for "No nation, no border, fight law and order", and who claimed responsibility for inducing G4S' shares to temporary fall down.

According to the Daily Telegraph
, G4S shares - which closed up 2.1 percent on the day at 270 pence (GBP) - "became noticeably more volatile when the contents of the statement were distributed on Twitter. The stock was trading at 268.9p when the statement was sent, then slipped as low as 266.3p after the Tweets appeared before recovering when the release was declared false."

G4S rapidly confirmed the press release and website were fake, saying: "We have been made aware of a fraudulent website and press release purporting to be from G4S plc which has been released to members of the media this afternoon."

"The website and the announcement contain wholly inaccurate information," added the firm, which revealed that the hoax email was received at 3.18 pm on Wednesday afternoon.

Saving grace

The effect on the company's share price could have been far worse, SCMagazineUK.com notes, were it not for the fact that the press release - which apparently contained spelling errors - was supposedly from a press officer that has already left G4S. The telephone number on the release, meanwhile, was also answered by an automated message that told callers the press office was currently unable to take their calls.

Sarb Sembhi, a director of Storm Guidance, said that the fake website and allied incident was the first of its type that he has come across, but added that he expects this was a `proof of concept' test run, given the professional nature of the hacktivists activities.

"There was a slight change in the share price of G4S, but I think the change could have been a lot worse, given the circumstances. I think this was a test run, given the fact that the website was a complete replica, and was very professionally done," he said.

Sembhi, who is also a leading light in not-for-profit IT security association ISACA, added that the solution to this type of attack is a difficult one to assess, but would almost certainly centre on the company concerned being aware of their website IP addresses, and what is happening to them throughout the day, in order to stave off a similar hoax.

"Corporates clearly need to be aware of this type of attack and take steps to ensure they do not fall victim. There is a clearly a need for effective threat modelling to tackle this problem," he explained.

Bob Tarzey, an analyst and director with Quocirca, the business analysis house, said that the key result of this type of attack is almost certainly going to be short selling.

"If you cause a share price to be suppressed for a short period of time by such hoax, a lot of money can be made. I cannot think of any other motivation for doing this, apart from some ideological dislike for G4S - most people would never has heard of the company if it were not for London 2012," he said.

"I guess the real question is, are some organisations more susceptible to such hoaxes than others? The hoaxers may well have chosen G4S because it is just about well-known enough after 2012 for the media to take an interest, but not so well know that it would be immediately obvious it was hoax. It will be interesting to see if a fraud case is bought against the Dutchmen who reportedly carried out the attack," he added.

According to Nigel Stanley, practice director for cyber-security, risk and compliance with OpenSky UK, the attack methodology used is interesting from several angles, not the least of which is the fact that it was a low-cost website being used, and the two Dutch people made little or no attempt to hide their real identities.

"The problem also lies in how you prevent this sort of thing happening to your corporate website. Monitoring a site costs money, but if the firm doesn't grasp the risk involved, they are unlikely to pay for site monitoring," he said, adding that the saga appears to have escalated after some of the journalists reporting on the matter did not verify all of their facts with G4S.