Nat Rothschild has an 18.2% voting stake in Bumi. His ‘opponents’, including chairman Samin Tan and the wealthy Indonesian Bakrie family own more than 50% and have a 29.9% voting share. Rothschild was instrumental in creating Bumi with the Bakries in 2010; but the two sides fell out, Rothschild resigned, share value tumbled by 70%, the company has been investigated for financial irregularities, and Rothschild has forced an extraordinary meeting for February 21 during which he will seek to replace 12 of the 14 directors (ironically, the other two told the Financial Times that they would resign if he succeeded).
Hidden within this financial skulduggery is email hackery. “Documents used as the basis for an investigation into alleged financial irregularity at mining companies part-owned by Bumi, the London-listed group,” reported the FT in December, “were stolen, hacked or doctored or all three, says the Indonesian family at the heart of the scandal.”
Documents supposedly indicating financial irregularities were obtained and made public by a whistleblower. Among these documents, reports the Times, “was a copy of the due diligence that Mr Tan had conducted on Bumi Resources, the mining company part-owned by Bumi plc that is at the centre of allegations over financial irregularities. These alleged irregularities, which Bumi plc says it is investigating, form the centrepiece of a vicious global corporate battle over the future of Bumi plc involving its founder, Nat Rothschild.”
Suspecting that they had been obtained illegally, the Bakrie family contracted Context Information Security (one of the initial four companies forming GCHQ’s new Cyber Incident Response Scheme in the UK). Context investigated and provided a confidential report to the Bakries (subsequently obtained by the Times and published behind its paywall).
The report suggests that the documents were indeed obtained by classic spear-phishing. The theory is that chairman Tan, and some other directors, were approached by a hacker pretending to be a Wikipedia researcher using a falsified Wikipedia email address. The social engineering element claimed that 'Steve' from Wikipedia was working on a new entry for chairman Tan, and invited him to check articles already written. These were the malicious links. “After clicking on these links,” says the report, “the chairman was redirected to webpages where it was likely that his computer became infected with malicious software.”
That ‘malicious software’ is thought to be the way in which the documents were stolen, although it seems that having got what he wanted, ‘Steve’ withdrew and removed evidence of his incursion. Context found no malware, and the malicious sites have since disappeared.