[infoshare] Cyber Crooks Target Public & Private Schools
- From: "Luis Guerra" <free_speech@xxxxxxxxxxx>
- To: <"Undisclosed-Recipient:;"@freelists.org>
- Date: Tue, 15 Sep 2009 12:54:29 -0400
The following is from Security Fix a very good and current source of info on
computer security.
http://voices.washingtonpost.com/securityfix/
Posted at 8:00 AM ET, 09/14/2009
Cyber Crooks Target Public & Private Schools
A gang of organized cyber criminals that has stolen millions from businesses
across
the United States over the past month appears to have turned its sights on
public
schools and universities.
On the morning of Aug. 17, hackers who had broken into computers at the
Sanford School District in tiny
Sanford, Colorado
initiated a batch of bogus transfers out of the school's payroll account.
Each of
the transfers was kept just below $10,000 to avoid banks' anti-money
laundering reporting
requirements, and went out to at least 17 different accomplices or "money
mules"
that the attackers had hired via work-at-home job scams.
sanford2.JPG
A school employee spotted the bogus payments on the morning of the 19th,
when the
school district learned that $117,000 had been siphoned from its coffers by
cyber
crooks.
Sanford Superintendent Kevin Edgar
said the school successfully reversed two of the transfers totaling
$18,000, but
that rest of the stolen money remains in limbo.
"We've been told that if we do get any more of these reversed, it may take
30 to
45 days to get that money back," Edgar said. Meanwhile, the school
district's bank
is playing hardball, insisting that the school is at fault for the
unauthorized transfers.
The attack could mean fewer resources for the rural school district, which
serves
just 340 children. "That amount of money comes down to financing projects,
such as
maybe buying a new school bus, or updating our playground," Edgar said.
"Those are
the types of things that this missing money will have an impact on."
Technically, the bank is correct. Consumers typically have up to 60 days
from the
receipt of a monthly statement to dispute any unauthorized charges. In
contrast,
organizations and companies that bank online are regulated under the Uniform
Commercial
Code, which holds that commercial banking customers have roughly two
business days
to spot and dispute unauthorized activity if they want to hold out any hope
of recovering
unauthorized transfers from their accounts.
Some schools that have been hit by similar attacks have been luckier: They
happen
to bank with institutions that have decided that the potential public
relations hit
from being stingy with a school district may be more costly that simply
eating the
cost of the fraud.
sandsprings1.JPG
Such was the case with the Sand Springs, Okla. school district, which was
attacked
by a cyber gang the week prior on Aug. 11. Sand Springs Superintendent Lloyd
Snow
said thieves stole roughly $150,000, after breaking into the company's
online bank
account and setting up two batches of fraudulent transfers.
Snow said the school was able to prevent about $80,000 worth of those
transfer from
going through, but that their bank agreed to cover the rest of the losses.
For now, Snow said, the school district is accessing its bank accounts via a
dedicated,
stand-alone system running a Live CD distribution of Linux, in a bid to
minimize
the chances that future malware may steal banking credentials (Live CD-based
operating
systems prevent the installation of rogue software, and automatically wipe
all changes
when the system is shut down).
marianu.JPG
"In our business, we're about teaching and learning, and in some cases we
get lessons
where we're the ones who need to learn a thing or two," Snow said. "This is
one of
those cases."
Also hit was
Marian University
, a Catholic university in Fond du Lac, Wisc. On Aug. 5, the thieves stole
more than
$189,000 by initiating bogus payroll transfers to 20 money mules. Marian
Provost Dan Maloney
said the school was able to recover just $54,000.
The thefts all appear related in at least one respect. With the help of the
victims
interviewed in this story,
Security Fix
was able to track down mules who said they were involved in each of the
scams. All
said they had been recruited via e-mail to sign up as "financial agents" at
a company
called Focus Group Inc. According to
a write-up
by money mule site tracker
Bob Harrison
, the Focus Group Web site may look legit, but is "just the latest of the
numerous
highly generic Russian scam websites that has been set up to form a front
for a money
laundering fraud job advertisement."
No one from Focus Group replied to Security Fix's attempts for comment.
At least two other mules contacted by Security Fix acknowledged receiving
sub-$10,000
payments from accounts at the
Sycamore Community Unit School District #427
in Sycamore, Ill, in mid-July.
Sycamore Superintendent Wayne Riesen
confirmed that the school district had experienced a breach at that time,
but declined
to comment further, except to say that the FBI was investigating the
incident.
Update, 11:15 a.m. ET: The
Senate Homeland Security and Governmental Affairs Committee
is holding a hearing right now on this very topic, how "the latest trend in
cybercrime
is directed at small to medium sized companies that have been robbed of both
data
and dollars."
Other related posts:
- » [infoshare] Cyber Crooks Target Public & Private Schools - Luis Guerra
