Cybercriminals Steal $415,000 From County in Kentucky
Monday, July 06, 2009
Sophisticated international cybercriminals stole $415,000 from a bank account belonging to Bullitt County, Ky. last month — and got two dozen regular citizens to help them.
"It's stolen just the same way as if someone had come and took a .45 [caliber] pistol and held up a teller," county attorney Walt Sholar told TV station WLKY.
A gang based in the former Soviet Union used viruses to secretly take control of computers used by county officials, including the country treasurer and a local judge, according to the Washington Post.
Then they secretly re-routed e-mails containing one-time passwords that both the treasurer and the judge would have to use to authorize wire transfers from the account, which belonged to Bullitt County Fiscal Court in Shepherdsville and was used to make payroll.
Beginning on June 22, the hackers began sending transfers, each under $10,000 so as not to alert federal watchdogs, to the bank accounts of 25 different Americans who'd been unwittingly recruited as "mules" by the Eastern European criminals.
The mules, who'd responded to ads for temporary at-home editing work on the job-placement Web site CareerBuilder.com, were instructed to keep 5 percent of the transfers as "commissions" and wire the rest of the money to accounts in Ukraine and Russia.
One mule found herself out thousands of dollars once Bullitt County got wise to what was happening and its bank started recalling the transfers.
County officials stressed that police, fire department and EMS workers would still be paid on time, and that the bank itself, First Federal Savings Bank, was never hacked into or compromised.
But the entire episode unsettled county residents.