Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

Hackers Rob $400,000 From Washington Town

Small Washington State town lost funds from its own Bank of America account, as well as employees' and residents' bank account information.

Hackers have successfully compromised multiple computer systems administered by the town of Burlington, Wash., which has a population of about 8,400.

The thieves' spoils include many town employees' and residents' bank account details, raising the prospect that the information may be used for identify theft purposes. In addition, the thieves were able to successfully make fraudulent wire transfers from a Bank of America account used by the town, although the actual amount of money they stole isn't yet clear.

"Although a total is not yet known, over $400,000 in funds have reportedly been electronically transferred to multiple personal and business accounts across the United States over a two-day period," said Dave Stafford, assistant chief of the Burlington Police Department, in a statement.

"The [town's] finance department notified local authorities immediately after learning of the illegal transfers and the account was frozen," Stafford said. "Computer hacking is suspected and computer forensic examinations are being conducted."

[ Cybercrime now costs a U.S. business $8.9 million per year. See Cybercrime Attacks, Costs Escalating. ]

The ramifications of the related breaches--which occurred on Oct. 9 and 10, and which were spotted by city employees Oct. 11--are widespread, and not yet fully known. But the city has already warned any employees that participate in its payroll deposit program that their personal details were compromised. "Employees are encouraged to contact their banks to flag or close the accounts associated with the electronic payroll deposit and to notify appropriate credit reporting agencies that they may be victims of identity theft," said Stafford.

The town also issued a notice on its website saying that its "Utility Billing Automatic Withdrawal Information (for sewer and storm drain charges) has been compromised," and told anyone enrolled in the automatic payment program that "you should assume that your name, bank, bank account number, and routing number have been compromised."

"We apologize for the inconvenience," read the note.

The U.S. Secret Service Puget Sound Electronic Crimes Task Force is investigating the data breaches, and a neighboring town's police force will help. "As Burlington Police investigators are also potential victims in the case, Mount Vernon Police will be assisting federal investigators," said Stafford.

Unlike consumers, towns such as Burlington aren't covered by laws that hold banks liable for any such fraud, although some lawmakers have introduced legislation that would extend such protections to government entities.

As that suggests, this is far from the first fraudulent wire-transfer attack that's been perpetrated on a small town. Furthermore, the frequency and severity of such attacks has been on the increase. Last month, the FBI, Financial Services Information Sharing and Analysis Center, and the Internet Crime Complaint Center released a joint warning that criminals have been targeting bank account information using "spam and phishing e-mails, keystroke loggers, and remote access trojans (RATs)," as well as variants of the Zeus financial malware. The alert noted that stolen credentials have been used by attackers numerous times to fraudulently transfer between $400,000 and $900,000--at one time--into overseas accounts.

U.S. government officials, in anonymous interviews, have blamed Iran for launching those banking attacks, which they said began over a year ago. But the attack against Burlington, Wash., would seem to differ, since the money was reportedly transferred not overseas, but into U.S. bank accounts.

Regardless, don't expect these types of attacks to cease anytime soon. Security firm RSA recently warned that accounts across 30 different banks were set to be targeted as part of "Operation Blitzkrieg," in which as many as 100 botnet operators planned to join forces to steal money from organizations in the financial services, retail, healthcare, and government sectors. In particular, RSA said that the attackers planned to infect large numbers of PCs with a Trojan application that would allow them to steal banking credentials, which they planned to use to make fraudulent wire transfers.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
JonM777
50%
50%
JonM777,
User Rank: Apprentice
10/17/2012 | 6:16:40 PM
re: Hackers Rob $400,000 From Washington Town
The town of Burlington should have purchased a crime policy that covers cybercrime or EFTGuard. Businesses and organizations that bank online are always at risk. They don't understand that Bank's are not liable for such losses as they do not have Regulation E coverage that protects ordinary consumers.
PJS880
50%
50%
PJS880,
User Rank: Ninja
10/17/2012 | 12:00:29 AM
re: Hackers Rob $400,000 From Washington Town
I have read of many attack where they have caused damage that amounts to a loss of funds ,but have never heard of a hack where they actually got the cold hard cash out of accounts! I would be beyond thrilled to receive that email and furthermore the 'your shit out of luck' essence of the letter. Cmon this is Bank of America who has already been repeatedly attacked, and they still do not have the security measures in place to obviously avoid these attacks. If I was a Bank of America customer, after reading this I would be running to the door and seeking a bank elsewhere that can do there job and protect my money and sensitive information! One time the bank can blame the breech on their lack of security, the second time, it is my responsibility to find a bank that can do the job correctly.

Paul Sprague
InformationWeek Contributor
Navigating Security in the Cloud
Diya Jolly, Chief Product Officer, Okta,  12/4/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-16772
PUBLISHED: 2019-12-07
The serialize-to-js NPM package before version 3.0.1 is vulnerable to Cross-site Scripting (XSS). It does not properly mitigate against unsafe characters in serialized regular expressions. This vulnerability is not affected on Node.js environment since Node.js's implementation of RegExp.prototype.to...
CVE-2019-9464
PUBLISHED: 2019-12-06
In various functions of RecentLocationApps.java, DevicePolicyManagerService.java, and RecognitionService.java, there is an incorrect warning indicating an app accessed the user's location. This could dissolve the trust in the platform's permission system, with no additional execution privileges need...
CVE-2019-2220
PUBLISHED: 2019-12-06
In checkOperation of AppOpsService.java, there is a possible bypass of user interaction requirements due to mishandling application suspend. This could lead to local information disclosure no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVers...
CVE-2019-2221
PUBLISHED: 2019-12-06
In hasActivityInVisibleTask of WindowProcessController.java there?s a possible bypass of user interaction requirements due to incorrect handling of top activities in INITIALIZING state. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction ...
CVE-2019-2222
PUBLISHED: 2019-12-06
n ihevcd_parse_slice_data of ihevcd_parse_slice.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android...