Hackers rip off Ephrata Borough
Lancaster New Era
Staff Writer
Ephrata Borough has been robbed.
Internet hackers apparently gained access to a borough general fund account about a month ago and transferred about $100,000 to a Midwest bank. The money was then moved from the bank to an unknown destination.
Ephrata Mayor Ralph Mowen said the hackers might have been Russians because the names on the accounts the money was initially wired to were "of Russian extraction."
Russians, he said, have "replaced the Nigerians" in running international fraud schemes.
Mowen believes the money has left the country.
"The money went to banks out in the Midwest," Mowen said. "When it hit those banks, it immediately went out and across the big water."
The borough, however, did not lose all the money.
The siphoning of cash from the borough's account had been going on for a few days when it was discovered through normal bookkeeping procedures.
Borough officials contacted Ephrata National Bank, which holds the accounts. The bank then contacted the Midwest banks, and about $20,000 was frozen "and sent back," Mowen said.
"We locked it down and stopped any further loss," Mowen said. "The end result was a loss of about $80,000 that we had to file with our insurance company."
An independent consultant was called in to try to discover how the borough's computers were hacked. In the meantime, increased safety measures are being installed.
"You guard against it by increasing your firewall, which is what we are in the process of doing," Mowen said.
Mowen, who works as head of security for Susquehanna Bank, said he sees this type of fraud "all the time."
He said businesses pay invoices and bills through an automated government clearing house, which in turn moves money "from bank to bank to bank." Professional hackers, he said, "periodically" get into these accounts and siphon off funds.
"I know the $80,000 we lost seems like a lot of money, and it is, to us," Mowen said. "But in the scheme of things, that's peanuts. There are billions lost every year to international fraud."
We welcome opinions and information from all points of view. They enrich our news coverage.
We ask that your comments respect the opinions of others. Personal attacks and hate speech are not acceptable and, when reported, will be edited or removed. Offenders will be banned from making comments.
To post comments, you must provide us your real name and contact information. Sign up takes only a moment. You can do it here.
Click Here to create and publish your ad in minutes! Best of all, it's FREE for the next 10 days.
Look, I can think of dozens of ways this could have been done via a technical attack and dozens more involving no technology at all. None of these ways would be stopped by some appliance. If you don't have any details on how the unauthorized access to the bank account was gained then you can't claim an appliance would have prevented it or that it was an inside job. There is no such thing as a secured network, given enough determination and time.
Report Abuse
I mean, what are the specific technical details in the Ephrata case?
Report Abuse
Yes there are dozens of ways, an appliance would have allerted the IT manager for 99.9% of all attempts from the outside, true there are some very skilled hackers out there. I'm sure Ephrata Boro would be a prime target for them, BTW that's sarcasim.
An appliance woudl have tracked all and I maean all internet use from the inside. Again allerting the IT manager of impropper use from the inside or of unauthorized use.
This is not magic. Unfortunately with no appliance tracking the network traffic finding out now what happened may cost more then was stolen.
Report Abuse
Joedog the only person or persons who know the exact details are those responsible. However with that said logic can be applied, a network is not that complicated in terms of security. Even with the basic hardware/software firewalls such as you most likely have at home there are three possibilities.
One, someone actually uses superior knowledge to hack into a system from the outside, pure skill, usually applied by someone who feels they have something to gain or just for malice.
Two someone does something improper from the inside causing an insures situation to happen. A worm, Trojan or some sophisticated software to be loaded inside the system that compromises passwords and user names to those outside the firewall.
Three a misappropriation of the funds.
Scenario one is rare, not unknown but in terms of what I see daily of infections and improper use I would place scenario two and three in the 99.999% range.
How many times do you see porn, on line gambling or even benign but non-business use of company computer systems? I see it every day.
Do I know for sure? No but after 15 years of computer management I have what is a better than just an educated guess. For free I will tell the local officials that a properly configured an monitored network appliance will reduce scenario 2 and 3 to below 1%.
Report Abuse
If you are certain an Internet appliance would have prevented this theft of their funds, then you must know how exactly the money was stolen. Can you explain it?
Report Abuse