Hey, there! Log in / Register

Hacker electronically steals several hundred thousand dollars in town funds in Franklin

Franklin Matters posts a copy of an alert from Town Administrator Jamie Hellen that a town employee provided what should have been secure login information that enabled a hacker to drain $522,000 from town accounts.

Hellen says the hacker used "spear phishing," a form of "social hacking" in which a hacker learns enough about somebody to convince them through e-mail to provide login information. In this case, that meant providing access to the town funds.

Hellen did not provide further details, but said Franklin Police are now working with state and federal authorities to learn what happened and who's to blame, and that the town has hired an outside lawyer for a separate investigation.

Neighborhoods: 
Topics: 
Free tagging: 


Ad:


Like the job UHub is doing? Consider a contribution. Thanks!

Comments

Egbert Sousé?

Seriously, it's 2020 and if a simple login/password can access over half a million of a town's treasury without at least one person receiving any notification, then it was only a matter of time. They should also consider themselves lucky it wasn't emptied completely.

The thing is that now in America, crime pays. It's the new defacto law of Trümplandia. Top to Bottom, laws are for "suckers" are "losers", just like our Servicemen and women who die in combat.

So go for yours and grab anything that isn't nailed down. Because our govt is actively emptying the Treasury into Lobbyists bank accounts and Senators are gaming the stock market, so us little people need to find our bootstraps and fend for ourselves.

Take it all, folks. As much as you can.

Because Justice and Liberty are out window.

And we're all on our own.

Happy Friday!

up
Voting closed 0

from how it has always been.

up
Voting closed 0

Nothing except for having a career criminal as president. If you really don't think Trump is different from past presidents, I'm afraid you're deluded.

up
Voting closed 0

You can implement as many pieces of software as you like to protect data, but the weakness is always the users.

https://xkcd.com/538/

up
Voting closed 0

No need to pick a lock when you can easily get a helpful person to hold the door open for you.

up
Voting closed 0

resulting in a delayed count and result for the Congressional primary. Perhaps they need to replace their town government.

up
Voting closed 0

One would imagine that whoever did this is going to have a few trips to the HR department ahead of them.

Also, as I put it, they have recently instituted a new form of government. They are no longer the Town of Franklin. They are the (city of) the Town of Franklin.

up
Voting closed 0

Typically, the only people who take on the aggravation of serving in government in small towns are people who have some vested interest in its decisions: realtors, builders, lawyers for realtors and builders, and persons who see an opportunity in acting as an agent for those people. There are exceptions, but the ones who keep doing it year after year seem to be those vested interests. Actual competence at running governments is not their priority. See also: Republican Party.

up
Voting closed 0

schlub to let you in the back door than to try to knock down the portcullis. Chances are they'll never find the perp, and if they do, he'll be operating from a country that doesn't extradite to the US.

I've seen people who should know better fall for this and get canned. Every organization, public or private, needs to train employees to spot social engineering attacks. This is a big, profitable, global criminal enterprise, with state actors helping in many cases. Kim Jong-un practically funds his regime with ransomware. It's only going to get more prevalent.

up
Voting closed 0

I used to have up-to-date knowledge about phishing and online fraud; I've been out of that space for a while, but my understanding is that a well-constructed spear-phishing attack against a sophisticated target (e.g., bank employees who are trained in cybersecurity) still gets a pretty high response rate.

up
Voting closed 0

with similar training (he was C-suite), still got phished (a convincing-looking email from his boss), resulted in expensive consequences, lost his job.

The targeting is getting more sophisticated and aiming for higher-value targets (it's called whale-phishing), because people higher up the org chart have more authority to wire big sums of money, broader access to sensitive data, higher tech admin privileges, etc.

But there's still value in compromising littler fish. Con an employee out of their credentials and you can more convincingly impersonate them to work your way up the chain. And too many organizations don't manage admin privileges effectively, baseline computer and network and data transfer activity in order to be able to detect anomalous behaviors, enforce good password discipline, use two-factor authentication on sensitive accounts, require two-person authorization for big financial transactions, have a programmatic process to install security patches and similar updates in a timely fashion, etc. Lots of vulnerabilities to exploit.

up
Voting closed 0

I used to work for a small company where this ALMOST happened. The emails were very realistic. After that the rule was no money transfers without picking up the phone and talking to the person.

up
Voting closed 0

are using AI to iterate and refine emails to zero in on what works. It’s an arms race, and the attackers always have the first-mover advantage over the defenders.

up
Voting closed 0