Hackers Rob Carson’s Bank Funds
Intruders hacked certain computer systems in the Carson City and stole $450,000 from its general fund account, the city disclosed on a Wednesday of May 30, 2007.
According to the security consultants in the city, the hackers installed a WiFi Internet connection to load Trojan spyware software on a certain laptop in the city. The software tracked the keystrokes that enabled the thieves to capture the passwords.
On May 29, 2007 the first indication of something missing became noticeable. The discovery of thefts followed at the time City Treasurer Karen Avilla could not access the city's bank account on the website. On reporting the problem, the bank told her that there had been changes in the original passwords on Sunday May 27, 2007. On Sundays, Avilla takes off from work. So, although Avilla changed the new passwords, the hackers were still able to access the city's bank account.
Avilla said the stolen money was wired in two transfers. She noticed that the first money transfer on Thursday May 31, 2007 amounted to $90,500. The transfer had occurred on May 30, 2007 to one North Carolina bank account.
The transfer was obviously unauthorized so Avilla informed the bank, the Sheriff's unit, and the city manager of a likely theft. While Avilla was finding about the first unauthorized transfer, she discovered another one, also unauthorized of the amount $358,500. This transfer went to Detroit's Broadbase Financial.
Avilla is unable to understand how the Trojan entered her laptop. While in the city office, she uses a T1 high-speed connection but in her residence and other places she uses a wireless connection. It is possible the latter helped the attackers to plant the Trojan on her laptop. ComputerWorld published Avilla's statement on May 31, 2007.
After Avilla informed the city's bank about the stolen money, the bank withheld 90 percent of the funds. Meanwhile the Sheriff's deputies and the Secret Service agents are still searching the remaining $45,000.
The city's bank has firmed up its security to stop such attacks in future. Accordingly, the city must now register the computers before using them for online banking transactions.
Related article: Hackers Redirect Windows Live Search to Malicious Sites
» SPAMfighter News - 12-06-2007