Cyber Crooks Cooked the Books at Fla. Library – Krebs on Security

Jan. 7, 2010 was a typical sunny Thursday morning at the Delray Beach Public Library in coastal Florida, aside from one, ominous dark cloud on the horizon: It was the first time in as long as anyone could remember that the books simply weren’t checking out.

Sure, patrons were still able to borrow tomes in the usual way — by presenting their library cards. The trouble was, none of the staff could figure out how or why nearly $160,000 had disappeared from their bank ledgers virtually overnight. The money was sent in sub-$10,000 chunks to some 16 new employees that had been added to the usual outgoing direct deposit payroll.

Cyber Crooks Cooked the Books at Fla Library – KrebsOne of those phantom employees was 19-year-old Brittany Carmine, 900 miles to the north in Richmond, Va. Carmine had just  lost her job at a local marketing firm when she received a work-at-home job offer from a company calling itself the Prestige Group. She said after researching the company online, she decided it was legitimate, and filled out the paperwork to begin her employment. Just days later, she received a bank deposit of $9,649, with instructions to wire all but roughly $770 of that to individuals in Ukraine.

Carmine said she successfully wired all of the money to three different individuals overseas, via Western Union and Moneygram. I’ve always wondered why the thieves have their recruits break the money up into sub-$3,000 payments, and Carmine’s description of her experience seems to offer one possible, obvious answer: Breaking that threshold sometimes raises red flags at the money transfer offices.

“At one of the places, the transfer with the fees and everything was more than $3,000, and they said they had to call it in,” Carmine said, of her experience at one Western Union shop. “But I guess it checked out okay, because the money went through.”

Western Union did not return calls seeking comment. I will update this post in the event I hear back from them.

The next day, Carmine found she had a negative $9,649 balance at her bank, which froze her account and sent an investigator to hound her for the money. Brittany says she doesn’t have the money to pay back, but that the whole incident could have been worse. That’s because her mom also had signed up to be a financial agent with the aforementioned Prestige Group, only she hadn’t yet received any money transfers into her account.

The library would later learn that the attackers had swiped its online banking credentials with the help of a password-stealing computer virus, and then initiated a batch of sub-$10,000 transfers to Carmine and 15 other so-called money mules. Because staffers at the library noticed the fraud immediately, their bank was able to reverse most of the other bogus transfers and was willing to refund the library the remaining amount, said Karen Evanson, assistant director at the Delray Beach Public Library (by the way, I am having serious library envy: take a look at this ginormous library: It is two stories, stretches its 250,000 volume collection over 46,826 square feet, and has a coffee bar and a cafe, among other amenities.)

This story highlights a few very stubborn facts about these types of attacks and scams:

-Particularly in this economy, there is a boundless supply of potential money mules like Brittany Carmine and her mom.

-Currently, there is no prosecution or any other disincentive that might discourage people from becoming money mules.

-Very few money mules ever suffer directly for their participation in these crimes. Most get to keep their commissions (although it is highly likely that most of these mules will become victims of identity theft somewhere down the road).

-Any anti-fraud mechanisms that organizations like Western Union and Moneygram may have put in place to deal with this type of money laundering activity do not appear to be working.

-Most small to mid-sized businesses and organizations like this library remain at the mercy of their bank if they suffer one of these attacks. Most banks are not as gracious as the one serving Delray Public Library, and will blame the customer.

-These attacks will continue until the perpetrators in Eastern Europe are brought to justice.

-The organized criminals behind this attack are making off with millions of dollars a week from victims. New information I’ve obtained recently strongly suggests that the group that hit Delray Beach Public Library also was responsible for the $3,000,000 fraud perpetrated against Duanesburg Central School District in upstate New York late last year.

Deja un comentario