Cyberthieves loot $400,000 from city bank account
Cybertheft comes just days after RSA issued a warning that criminal gang planned massive attacks against U.S. banking customers
Computerworld - Burlington, Wash. officials have notified hundreds of employees and residents that their bank account information was compromised last week when hackers broke into city systems and stole more than $400,000 from a city account at Bank of America.
Among those impacted by the breach are employees participating in Burlington's electronic payroll deposit program and utility customers enrolled in the city's autopay program for sewer and storm drain charges.
In an alert issued this morning, city administrator Bryan Harrison said all autopay customers should assume that their name, bank account number and routing number was comprised following an intrusion into a city utility billing system.
He urged affected customers to immediately contact their bank to flag or close their accounts.
All employees participating in the city's electronic payroll deposit program have also been asked to close out their old accounts and establish a new one as a result of the breach, Harrison told Computerworld Monday.
The employees have also been asked to notify major credit-reporting agencies about the breach and to alert them about the potential for identity theft.
"At this point, we don't know the full extent of the exposure,'' Harrison said. The U.S. Secret Service and other law enforcement agencies are investigating the breach, he added.
According to Harrison, the city first learned of the online heist last Thursday when an east coast bank sought information about a series of suspicious transfers from a Burlington city account.
"They called our finance department and said there are all these funny transactions going on. [They asked:] Did you move money to these accounts?" Harrison said.
The city immediately reviewed the activity and noticed at least three "significant transactions" from its Bank of America account to accounts at the east coast bank. In all, over $400,000 was illegally transferred to business and personal accounts around the country over a two-day period, Harrison said.
The theft could have been much worse because the affected account contained a lot more cash, he said.. "There was much more in that specific account. We don't know if [the hackers] just didn't have the time" to steal more funds.
Investigators are trying to figure out how the intruders gained access to the Bank of America account. The account has been frozen and all of the city's money has been temporarily moved out of Bank of America as a precaution.
Numerous other small town, municipalities and small businesses have been victimized by similar online heists over the past three or four years.
In most incidents, the cybercrooks first stole usernames and passwords used by to gain access to bank accounts. The stolen credentials were then used to log into the online accounts and wire transfer money to mule accounts in the United States and abroad.
The FBI has estimated that U.S. businesses and banks have lost hundreds of millions of dollars due to such thefts in recent years.
The Burlington theft came just days after security firm RSA warned of cybercriminals plotting a massive and concerted campaign to steal money from the online accounts of thousands of consumers at 30 or more major U.S. banks.
In an advisory posted earlier this month, RSA said it had information suggesting that a criminal gang planned to unleash a Trojan program called Gozi Prinimalka that would infiltrate computers belonging to U.S. banking customers and to initiate fraudulent wire transfers from their accounts.
According to RSA, the organizers of the attack are currently recruiting about 100 botmasters to launch and coordinate the attacks.
Since RSA's alert, several other security experts have reported seeing the signs of preparation of an imminent and massive attack against U.S banking customers.
Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan, or subscribe to Jaikumar's RSS feed . His e-mail address is firstname.lastname@example.org.
- Feds declare big win over Cryptolocker ransomware
- Hackers hit more businesses through remote access accounts
- P.F. Chang's post-breach move to manual processing is telling
- Microsoft withholds monster IE update from Windows 8.1 dawdlers
- In baffling move, TrueCrypt open-source crypto project shuts down
- 'Oleg Pliss' hack makes for a perfect teachable IT moment
- Give IE the heave-ho until Microsoft patches zero-day
- Hackers find first post-retirement Windows XP-related vulnerability
- Researcher claims two hacker gangs exploiting unpatched IE bug
- Update: Third of Internet Explorer users at risk from attacks
Read more about Cybercrime and Hacking in Computerworld's Cybercrime and Hacking Topic Center.
- EndPoint Interactive eGuide In this eGuide, Network World, Computerworld, and CIO examine two endpoint trends - BYOD and collaboration - and offer tips and advice on...
- Mobile First: Securing Information Sprawl Learn how the partnership between Box and MobileIron can help you execute a "mobile first" strategy that manages and secures both mobile apps...
- Cybersecurity Imperatives: Reinvent your Network Security The Rise of CyberSecurity
- Surescripts Case Study- Securing Keys and Certificates Surescripts implemented Venafi's Trust Protection Platform™ to secure digital keys and certificates, ensure the privacy and confidentiality of electronic clinical information for its...
- Responding to New SSL Cybersecurity Threat The featured Gartner research examines current strategies to address new SSL cybersecurity threats and vulnerabilities.
- Deep Dive into Advanced Networking and Security with Hybrid Cloud Security and networking are among the top concerns when moving workloads to the cloud. VMware vCloud® Hybrid Service™ enables you to extend your... All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!