Cyberthieves steal $449K from city coffers

Computerworld - In a bold move, a thief or thieves stole $449,000 from the city of Carson, Calif., but the eagle-eyed city treasurer noticed the actions and called police.

The incidents occurred last Wednesday and Thursday, when City Treasurer Karen Avilla noticed that $90,500 was transferred out of the city's general fund bank account to an unknown recipient, according to police reports filed by the Los Angeles County Sheriff's Department.

Avilla hadn't made or authorized the transfer, so she contacted officials at City National Bank in Beverly Hills, who told her that the money had been transferred to a person named Deado Smith using BT&T North Carolina Bank.

The second unauthorized transaction, for $358,500, was made the next day, when a transfer was made to a company called Broadbase Financial using National City Bank, according to the sheriff's department report. Again, Avilla said she did not authorize or make the transfer.

Avilla said today that she discovered both illegal transfers when she made her daily inspections of the city's bank account balances online.

Once she reported the thefts to the banks, a computer forensics team at the city's bank looked at the hard drives from her city-issued laptop computer and identified the likely entry point for the thefts as a Trojan horse virus that had been placed on the machine, she said.

Somehow the thief or thieves captured the city's log-in name and password to access the account. Avilla told police that the city's user name and password for the bank account might have been compromised when she was unable to log into the account on May 22. Bank officials told her that the password had been changed on May 20, according to their records, but she didn't change it, she said.

Avilla said she's not sure how the Trojan got onto her laptop computer. In her city office, she uses her laptop while hooked up directly to a T1 high-speed line, but at home and remotely she uses the laptop wirelessly, which could have allowed the machine to be infected by attackers.

"They're not sure if it was a random or targeted attack," she said of forensics investigators.

So far, 90% of the stolen money has been frozen by the receiving banks and will be returned to the city, she said. The remaining $45,000 is still out there, but is being tracked by authorities. "The Secret Service actually knows who got it," Avilla said. "They're tracing that."

Avilla said the discovery of the thefts came through routine spot checks.

"We're vigilant in checking our [bank] balances daily," she said. "I think the only thing you can do is look at it with your own two eyes" to keep your accounts as secure as possible.