|
By Jaikumar Vijayan
www.itnews.com
May 26, 2010
Five people were indicted this week on wire fraud and other criminal charges
stemming from a 2007 cybertheft in which nearly $450,000 was stolen from the bank
accounts of the city of Carson, Calif.
The federal indictment, handed down in the U.S. District Court for the Eastern
District of North Carolina, charges John Quinn and Anthony Bobbitt of allowing their
bank accounts in North Carolina to be used as conduits for accepting stolen money
and for sending it to bank accounts belonging to three other suspects, Jennifer
Woodward, Deago Smith and Lance Holt.
Karen Avilla, treasurer for Carson said the money was siphoned out of the city's
coffers via two unauthorized money transfers in May 2007.
The first transfer, from the city's bank account at the City National Bank (CNB) of
Carson, was for an amount of $90,500, which was sent to Quinn's account at Branch
Banking & Trust in Wilson, NC.
The second transfer, a day later from the same CNB account, involved $358,500 that
was sent directly to a National City Bank account in Detroit belonging to a company
called Broadbase Financial that was owned by Holt.
The alleged thieves used valid login credentials to access the city's bank account
and initiate both the money transfers, Avilla said. The city later recovered about
$304,000 of the stolen money and was reimbursed $100,000 more by its insurance
provider. But it is still short of about $44,000 as a result of the theft, she
added.
Gregory Evans, CEO of Ligatt Security, hired by Carson officials to conduct a
forensics investigation of the incident, said the city's login credentials were
stolen via spyware installed on Avilla's city-issued laptop computer.
It's not entirely clear how the alleged thieves managed to install the spyware on
the city treasurer's laptop, Evans said. The laptop, which was owned by the city,
was securely protected while it was connected to the city network, but did not
appear to have the same level of protection when it was not directly connected to
it, Evans added.
"There was no spyware protection or antivirus protection on the laptop when it was
not plugged into the city's network," Evans said. It's a scenario that's fairly
common within corporate environments as well, he added.
Avilla said she doubts that the spyware was installed by the five alleged
conspirators against whom the indictments were handed down this week.
Rather, she believes that someone else stole the login credentials and then sold it
to the individuals now accused of stealing the money.
Avilla said CNB should have done a much better job of detecting and alerting the
city to what was going on.
What's not clear is why it might have taken law enforcement three years to hand down
indictments in the case, Avilla said. Unlike other instances where cyber crooks
simply transfer stolen money to bank accounts outside the U.S., making it hard to
track them down, the alleged conspirators in this case used domestic bank accounts.
One reason why it might have taken this long is because the investigations were
being handled by two agencies, the FBI in NC and the Secret Service in Detroit, she
said.
Partly to blame for the delay could also be that the case involves other victims as
well, she said. Avilla said that the indictment indicatse that the five accused
individuals may have taken at least one other victim.
The unnamed victim or victims, maintained accounts at Citibank in Washington DC,
from which two unauthorized wire-transfers totaling over $60,000 were made to the
Coastal Federal Credit Union account of Bobbitt in North Carolina.
"I'm thrilled that they have finally indicted some people and that we can go public
with what's been going on," Avilla said. "[Investigations] have been going on for
quite a while but we were not able to talk about it because it was still an ongoing
investigation," she said.
Since the thefts, the city has moved its account from CNB and now maintains it with
Wells Fargo Bank.
The city has also implemented new security measures for wire transfers. Every time a
wire transfer is initiated, it has asked its bank to send out messages in three
different formats: e-mail, text and fax, to Avilla and three other city employees.
The measure stems from a lack of confidence in a banking organization's ability to
detect and stop fraudulent transactions on its own, she said.
A request for comment from Thomas Murphy, the assistant U.S. attorney handling the
case, was not immediately returned.
Since the thefts, there have been dozens of similar heists involving the use of
stolen login credentials to illegally transfer money out of bank accounts. Such
thefts are believed to have resulted in hundreds of millions of dollars being
siphoned out of U.S. bank accounts and transferred overseas.
Most of the thefts have targeted small businesses . But there have been several
incidents where small cities and towns have been attacked.
In February, the town of Poughkeepsie , N.Y., for instance, revealed that cyber
crooks had looted more than $375,000 from its bank account. About $95,000 of that
amount was later recovered.
Security blogger Brian Krebs, who has been chronicling many of these attacks over
the past several months, lists other incidents in which small towns have been
similarly victimized. One involves the Duanesburg Central School District in upstate
New York, which lost nearly $500,000 after cyber thieves looted its bank account.
Jaikumar Vijayan covers data security and privacy issues, financial services
security and e-voting for Computerworld . Follow Jaikumar on Twitter at @jaivijayan
or subscribe to Jaikumar's RSS feed . His e-mail address is
jvijayan@computerworld.com.
http://www.itnews.com/finance/18310/five-indicted-cybertheft-citys-bank-accounts
|
