Hackers Stole $3.8 Million from Duanesburg Central School Bank Account
The Federal Bureau of Investigation along with New York State Police is probing into a theft of about $3.8 Million from the bank account of Duanesburg Central School District in Schenectady County (New York, USA).
During December 18-22, 2009, Internet fraudsters carried out several illegal funds transfers from the NBT Bank account of the school to a bank outside the country. During the process, the criminals transferred $1.8 Million on December 18, 2009, and subsequently more transfers amounting to some $1.2 Million on December 21, 2009. The district revealed details of money transfer through its Internet site.
On the day following December 22, 2009, the thieves again attempted to send $759,000 to a number of foreign accounts. However, NBT Bank, where the school has its account, felt suspicious and promptly stopped the transfer. The school also reported the incident to the district authorities.
The district states that there is no extra information regarding the way theft occurred. However, it seems that probably a banking Trojan compromised a school administrator's PC.
Over the past few months, cyber security experts have been warning again and again about the risk from Internet banking trojans such as Zeus and URLzone.
Last year (2009) in the month of November, the Internet Crime Complaint Center (IC3) stated that the FBI had observed an enormous rise in frauds as hackers exploited legitimate Internet banking credentials of school districts, small-and-medium businesses, and municipal governments.
Meanwhile, following the recent attack, the school posted on its website that the district had temporarily stopped Net-based access to all the accounts. Consequently, it was requesting that people used paper checks to conduct their payment transactions, the posting indicated.
The posting also indicated that the district had summoned external experts to audit the bank statements and match them with all of its December transactions. The district would also start reviews, twice every week, of all bank activities and cash transactions, the posting added.
About $2.5 Million has been retrieved, while efforts are on to catch the perpetrator(s) and retrieve rest of the stolen amount, the district informs.
Related article: Hackers Redirect Windows Live Search to Malicious Sites
» SPAMfighter News - 16-01-2010