Wednesday, September 1, 2010

Cyberthieves Hit Another University

This post isn't PCI-related, but it does address your security and your money, so read on...

According to a report in Krebs on Security, cyber thieves made off with nearly $1 million from a University of Virginia satellite campus:

According to several sources familiar with the case, thieves stole the funds after compromising a computer belonging to the university’s comptroller. The attackers used a computer virus to steal the online banking credentials for the University’s accounts at BB&T Bank, and initiated a single fraudulent wire transfer in the amount of $996,000 to the Agricultural Bank of China. BB&T declined to comment for this story.

Sources said the FBI is investigating and has possession of the hard drive from the controller’s PC. A spokeswoman at FBI headquarters in Washington, D.C. said that as a matter of policy the FBI does not confirm or deny the existence of investigations.

The attack on UVA Wise is the latest in a string of online bank heists targeting businesses, schools, towns and nonprofits. Last week, cyber thieves stole more than $600,000 from the Catholic Diocese of Des Moines, Iowa.

What's wierd about this is that usually the funds are transferred in smaller amounts so as not to get the attention of banks or the victim.

I spoke about this risk at the Treasury Institute's Symposium earlier this year. Several attendees said it couldn't happen to them or their school. I hope they are right. But I wouldn't plan on it. I know some of the Treasury people at UVa, and they are sharp, professional, and very capable. If this can happen to one of their campuses, it just might be a warning to everyone.

Do you have, say, an extra million or so? Probably not, so it may make sense to have a conversation with your bank about when they will and will not authorize electronic transfers.

Just a suggestion. Now, I'm going back to PCI...

No comments:

Post a Comment