Tech

Hackers steal $ 650,000 from nonprofits and escape

Shortly before Christmas 2020, hackers began stealing the island of the same name in San Francisco Bay from One Treasure Island, a non-profit organization redeveloping the island of the same name as a haven for low-income and formerly homeless people. It was.

The following month, criminals stole $ 650,000 from a community organization. This fund is one of the affiliates for an affordable housing project on Treasure Island, an artificial land of less than a square mile, built in the 1930s and used as a naval facility until 1997. Was assigned as a loan to.

Sherry Williams, Executive Director of One Treasure Island, noticed something was wrong on January 27 when he spoke with a borrower who wasn’t receiving his first installment on time at Zoom.

Shelley Williams, Executive Director of One Treasure Island.


Photo:

Alan McLaughlin

Williams said he submitted a report to the Federal Bureau of Investigation and other organizations shortly after learning about the theft.

Ransomware and state hacks dominate the public debate on cybersecurity. The world was in the spotlight when the fuel pipeline went down after the attack on Colonial Pipeline Co. and the corrupted software spread to businesses and government agencies through an incident at SolarWinds. Co., Ltd.

And Microsoft Co., Ltd.

One Treasure Island was hit by a relatively low-tech hacking technique: an email breach attack. A hacker breaks into a nonprofit third-party bookkeeper’s email system and uses a similar email address to impersonate a nonprofit-related person to himself into an existing email chain. Has been inserted.

Email breache attacks cause great financial damage, but they are not in the spotlight. The FBI estimates that these attacks increased from about $ 1.78 billion in 2019 to a loss of about $ 1.87 billion in 2020.

These are just email breaches disclosed by the company, and the actual numbers are likely to be higher, Kelvin, executive director of the National Cyber ​​Security Alliance, a non-profit organization that promotes public-private cyber partnerships. Coleman said.

Founded in 1994, One Treasure Island is part of an effort to build about 8,000 new homes on the island of the same name, including about 2,000 affordable homes. About 2,000 people already live on the island.

This nonprofit is working to create jobs for formerly homeless people, former prisoners, and those who are struggling to find a job in the Bay Area.

The stolen money was intended to finance One Treasure Island member organizations to hire architects and engineers and to start new construction projects. As of the end of fiscal year 2019, the nonprofit had revenues of approximately $ 2.4 million and cash of $ 4 million, according to the most recent tax return.

After a hacker broke into the bookkeeper’s email system, they impersonated Williams in an email addressed to a member organization employee who was hoping for a loan. Hackers said in an email that the agreed December payments would be delayed.

One Treasure Island is part of an effort to build about 8,000 new homes on the island of the same name, including about 2,000 affordable homes.


Photo:

Eric Lisberg / Associated Press

The hacker then took the legitimate invoice that the member organization emailed to Williams and sent it back to her, changing the wire transfer instructions from the California bank to the bank in Odessa, Texas.

The hacker then sent two fake invoices to Williams, who sent $ 650,000 to Odessa’s bank in three installments.

Williams didn’t seem to have anything wrong. “They didn’t use weird words or jargon that they wouldn’t use in this situation,” she said.

One Treasure Island didn’t have cyber insurance, she said.

Shortly after discovering the scam in late January, Williams submitted a report to the FBI’s IC3 and San Francisco’s non-profit banks, as well as the Frost Bankers branch. Co., Ltd.

At the remittance destination Odessa.

Contacting the Federal Bureau of Investigation didn’t give Williams the results he wanted.


Photo:

Al Drago / Bloomberg News

Almost a month later, on February 25, the FBI assigned a special agent to the case. On March 3, the agent sent an email to Ms. Williams, stating that the San Francisco Federal Attorney’s Office refused to initiate the investigation. He didn’t explain and the FBI hasn’t been in contact since then, “she said.

Doree Friedman, Chairman of the Board of Directors of One Treasure Island, wanted nonprofits to get help. “I’m disappointed with the lack of response by law enforcement and I’m pessimistic about the recovery of these funds,” she said.

A spokeswoman for the FBI in San Francisco said the handling of complaints was confidential. She referred to the US Attorney’s Office for questions about her decision not to prosecute, but declined to comment.

There are many factors involved in the decision to file a proceeding, said John Bennett, managing director of the cyber risk division of consulting firm Kroll. Bennett, a special agent in charge of the FBI’s San Francisco office until August 2020, said the losses were at least $ 500,000 and the authorities were unlikely to file a proceeding unless the clues were exhausted.

John Bennett, a cybersecurity consultant at a press conference working at the FBI in 2020.


Photo:

Shmuel Thaler / Associated Press

“I’m going to get $ 15 million tomorrow, because it will take a lot of time and effort,” he said.

Such triage helps the FBI handle thousands of complaints. According to IC3 data, more than 19,300 email infringement crimes were reported nationwide last year.

Reported within 72 hours of the transfer increases the chances of recovery, said Sunil Yu, chief information security officer at cybersecurity firm JupiterOne Inc. Corporation handled a wide range of such cases. When criminals move money abroad, it becomes difficult to track. “Timing is paramount,” he said.

For Williams, noticing the theft and reporting it immediately had no effect. Dissatisfied with the FBI’s response, she launched her own investigation. She used her air miles to book a flight to Texas for herself and Vinicio Castro, the managing director of One Treasure Island.

The two arrived in Odessa near the New Mexico border on April 15, but it was cold and foggy. At a meeting the next day, they learned from a detective of the Odessa police that she could only investigate what happened within her jurisdiction. The detective said he would focus on the person who opened the Frost Bank account. She said it was up to the FBI to find the stolen money.

According to Williams, a detective in Odessa, Texas, told her that she could only investigate what happened within her jurisdiction and that it was up to the FBI to find the stolen money.


Photo:

Sengis Yar / Getty Images

After that, Williams and Castro drove to the Frost branch. The fraudster’s account was frozen when Williams made his first report. The branch manager contacted Williams with a fraudulent investigator at Frost Bank, she said.

Of the $ 650,000 that went missing, One Treasure Island regained about $ 37,000 from the frozen account. According to Williams, Odessa’s detective told her that the amount was likely the trump card for a money mule that moved the rest of the cash abroad, Williams said.

The two went home the next day.

“In the end, I was disappointed with the trip. I didn’t think I had achieved much,” Williams said.

Odessa police and Frost Bank declined to comment.

A maze of rules affecting local, state, and federal agencies could hinder investigations, saying he was the cyber executive advisor to cybersecurity firm Callfire Systems, responsible for victims of business email abuse. Joseph Newman said.

WSJ Pro Cyber ​​Security Details

“The US legal system is not known to be swift and agile and is now trying to chase 21st century technology with 19th century processes and tactics,” he said.

Ms. Williams is worried that cyber theft could have a negative impact on One Treasure Island’s fundraising efforts. The loss is putting off new home construction, she said. But she and Ms. Friedman, chairman of the board, want to drive change by discussing this episode.

“There’s an overall element of people who don’t want to go forward and inevitably don’t like to be the face of fraud. I’ll tell you I’m not really enjoying it,” Williams said. “It’s me who tells the wonderful story of those who got out of jail, got a construction job, and built a new life.”

Write to James Rundle at james.rundle@wsj.com

Copyright © 2020 Dow Jones & Company, Inc. All Rights Reserved. 87990cbe856818d5eddac44c7b1cdeb8

Hackers steal $ 650,000 from nonprofits and escape

Source link Hackers steal $ 650,000 from nonprofits and escape

Back to top button