Cyber criminals AKA teenagers who are just more organized than the IT staffs of their victims stole $415,000 from a sheriff’s department in Bullitt County, Kentucky. That’s right: Bullitt County. Kentucky.
The hacker found out that their phishing expedition had installed a keystroke logging Trojan with remote control capabilities onto the police computers and then lucked out when they were able to grab bank information from the treasurer. They began making multi-thousand dollar wire transfers to mules in the United States. They picked “mules” by hiring them to edit English documents for “grammar and flow” and then asked if they’d like to be official representatives for the front company in the US. They would receive the wires, keep a percentage, and send the rest along to the Ukrainians.
One mule was dumbfounded at her luck. A job in this economy!
The first person I spoke with, a 34 year-old woman from Miami, had been editing texts e-mailed to her by Fairlove representatives for a couple of weeks. Shortly after she inquired about when she would be paid for her work, she received an e-mail asking if she’d be interested in a position as a “local agent,” for the company. The Fairlove representative who contacted her via e-mail said something about how the company often had trouble getting money to its clients overseas as quickly as they needed it, and desperately needed help speeding up that process (at least they were honest on that claim). A description of the local agent job position, as sent to this woman, is available here.
The hackers were essentially able to take over the police departments bank accounts simply by tunneling through their treasury PC to the bank’s website.
Listen, folks: this is a series of lucky breaks for these guys assisted by a treasury official who quite clearly trusted his or her bank more than they should have. The sheer fact that they were able to take complete control of the department’s computer as well as take over their bank account online is an indictment of the fools at the bank, not the prowess of the hackers.