[real-eyes] Cyber Crooks Target Public & Private Schools
- From: "Steve" <kcpadfoot@xxxxxxxxx>
- To: <real-eyes@xxxxxxxxxxxxx>
- Date: Mon, 14 Sep 2009 19:31:58 -0500
The following is from Security Fix a very good and current source of info on
computer security.
http://voices.washingtonpost.com/securityfix/
Posted at 8:00 AM ET, 09/14/2009
Cyber Crooks Target Public & Private Schools
A gang of organized cyber criminals that has stolen millions from businesses
across
the United States over the past month appears to have turned its sights on
public
schools and universities.
On the morning of Aug. 17, hackers who had broken into computers at the
Sanford School District in tiny
Sanford, Colorado
initiated a batch of bogus transfers out of the school's payroll account. Each
of
the transfers was kept just below $10,000 to avoid banks' anti-money laundering
reporting
requirements, and went out to at least 17 different accomplices or "money mules"
that the attackers had hired via work-at-home job scams.
sanford2.JPG
A school employee spotted the bogus payments on the morning of the 19th, when
the
school district learned that $117,000 had been siphoned from its coffers by
cyber
crooks.
Sanford Superintendent Kevin Edgar
said the school successfully reversed two of the transfers totaling $18,000,
but
that rest of the stolen money remains in limbo.
"We've been told that if we do get any more of these reversed, it may take 30 to
45 days to get that money back," Edgar said. Meanwhile, the school district's
bank
is playing hardball, insisting that the school is at fault for the unauthorized
transfers.
The attack could mean fewer resources for the rural school district, which
serves
just 340 children. "That amount of money comes down to financing projects, such
as
maybe buying a new school bus, or updating our playground," Edgar said. "Those
are
the types of things that this missing money will have an impact on."
Technically, the bank is correct. Consumers typically have up to 60 days from
the
receipt of a monthly statement to dispute any unauthorized charges. In contrast,
organizations and companies that bank online are regulated under the Uniform
Commercial
Code, which holds that commercial banking customers have roughly two business
days
to spot and dispute unauthorized activity if they want to hold out any hope of
recovering
unauthorized transfers from their accounts.
Some schools that have been hit by similar attacks have been luckier: They
happen
to bank with institutions that have decided that the potential public relations
hit
from being stingy with a school district may be more costly that simply eating
the
cost of the fraud.
sandsprings1.JPG
Such was the case with the Sand Springs, Okla. school district, which was
attacked
by a cyber gang the week prior on Aug. 11. Sand Springs Superintendent Lloyd
Snow
said thieves stole roughly $150,000, after breaking into the company's online
bank
account and setting up two batches of fraudulent transfers.
Snow said the school was able to prevent about $80,000 worth of those transfer
from
going through, but that their bank agreed to cover the rest of the losses.
For now, Snow said, the school district is accessing its bank accounts via a
dedicated,
stand-alone system running a Live CD distribution of Linux, in a bid to minimize
the chances that future malware may steal banking credentials (Live CD-based
operating
systems prevent the installation of rogue software, and automatically wipe all
changes
when the system is shut down).
marianu.JPG
"In our business, we're about teaching and learning, and in some cases we get
lessons
where we're the ones who need to learn a thing or two," Snow said. "This is one
of
those cases."
Also hit was
Marian University
, a Catholic university in Fond du Lac, Wisc. On Aug. 5, the thieves stole more
than
$189,000 by initiating bogus payroll transfers to 20 money mules. Marian
Provost Dan Maloney
said the school was able to recover just $54,000.
The thefts all appear related in at least one respect. With the help of the
victims
interviewed in this story,
Security Fix
was able to track down mules who said they were involved in each of the scams.
All
said they had been recruited via e-mail to sign up as "financial agents" at a
company
called Focus Group Inc. According to
a write-up
by money mule site tracker
Bob Harrison
, the Focus Group Web site may look legit, but is "just the latest of the
numerous
highly generic Russian scam websites that has been set up to form a front for a
money
laundering fraud job advertisement."
No one from Focus Group replied to Security Fix's attempts for comment.
At least two other mules contacted by Security Fix acknowledged receiving
sub-$10,000
payments from accounts at the
Sycamore Community Unit School District #427
in Sycamore, Ill, in mid-July.
Sycamore Superintendent Wayne Riesen
confirmed that the school district had experienced a breach at that time, but
declined
to comment further, except to say that the FBI was investigating the incident.
Update, 11:15 a.m. ET: The
Senate Homeland Security and Governmental Affairs Committee
is holding a hearing right now on this very topic, how "the latest trend in
cybercrime
is directed at small to medium sized companies that have been robbed of both
data
and dollars."
__________ Information from ESET NOD32 Antivirus, version of virus signature
database 4425 (20090914) __________
The message was checked by ESET NOD32 Antivirus.
http://www.eset.com
To subscribe or to leave the list, or to set other subscription options, go to
www.freelists.org/list/real-eyes
Other related posts:
- » [real-eyes] Cyber Crooks Target Public & Private Schools - Steve
