“Providing you secure piece of mind, Ensuring your privacy,
Protecting your information”
Sandwich loses nearly $50k to hacker
Scheme may have international ties
By Milton J. Valencia
Globe Staff / November 26, 2008
The same type of data security breach that has menaced retail stores, restaurants, and other businesses has made its way into the Sandwich treasurer's office, where a hacker with possible international ties stole tens of thousands of dollars from town coffers in a complex computer-fraud scheme.
Sandwich officials have warned their counterparts in surrounding towns of the computer breach.
Police believe the hacker used a virus to attack Treasurer Craig Mayen's computer and implant a logger that monitored any keystrokes he entered. With technology similar to what is known as a sniffer, a device that tracks computer information, the hacker was able to record Mayen's security code and password as he typed them, and used that information to make withdrawals from town bank accounts.
The money was then transferred to four accounts - three in Florida and one in Georgia.
Police Chief Michael J. Miller said yesterday that Mayen discovered the breach two weeks ago, and notified police detectives. Investigators were able to determine that the scheme netted close to $50,000.
Miller said yesterday that detectives will ask the state attorney general's office and the FBI for help in what he called a complex case. "That's the problem with tracking all this stuff, we don't have that ability," the chief said. "At this point, it's outside our realm of expertise."
Police have been working with the town's banks and a white collar crime-fighting collaboration of law enforcement and bank security officials. Miller said police in Florida were able to question a man who opened one of the accounts there, as he was trying to make a withdrawal.
However, police do not believe the man is criminally involved in the scheme.
The chief said the man in Florida, who was not identified, told authorities he answered an advertisement offering to pay him to open an account. The hacker would then move funds from Sandwich into the account, and the Florida man would then wire it through Western Union to St. Petersburg, Russia.
Miller would not say how much money was stolen from town coffers, but said it was less than $50,000.
He said the culprits have been systematic in the account transfers in that each has been in amounts of less than $10,000 - the threshhold that banks use to notify FBI officials of significant monetary transfers.
Mayen noticed the problem when he was conducting a bank transaction for the town and noticed a series of unauthorized withdrawals, beginning on Nov. 4, under his security code.
Gail Marcinkiewicz, a spokeswoman for the FBI, would not say yesterday whether her agency would assist in the investigation. The FBI has jurisdiction to participate in such investigations, but any number of factors could determine whether the agency gets involved.
A spokeswoman for Attorney General Martha Coakley's office would not comment yesterday.
The elaborate scheme is part of a larger, underground computer fraud economy that has netted hundreds of billions of dollars through identity theft, credit card fraud, and other breaches, said Dean Turner, director of global intelligence network for Symantec, a security software company.
Miller downplayed reports that police are investigating whether the hacker has ties to Russian organized crime, because of where the money was being sent. But Turner said computer fraud is a booming industry in Russia and Eastern Europe, with organized crime rings offering all types of information, and hacking equipment, on the black market.
"This is only a small slice of what's going on in the economy," he said.
The data breach that occurred is similar to the type of scheme that attacked retailers such as TJX and BJ's Wholesale Club, in one of the largest computer fraud cases in the country, Turner said.
In this case, a hacker was able to implant a malicious code in the treasurer's computer.
That could have been done in several ways: by e-mail or through a website that was carrying the virus.
From there, the hacker could have begun reading the keyboard strokes.
Turner said hackers sell tool kits that can accomplish such fraud on the underground market.
"This is, what this really is, is a data breach - an ability to compromise information," he said. "In this case, it's banking information.