19 Aug 2011

Hackers steal $217,000 from Nebraska company

Hackers recently used a social engineering technique to steal $217,000 from the Nebraska-based Metropolitan Entertainment and Convention Authority.

The company's chief financial officer, Lea French, told the computer security blog Krebs on Security that MECA, a corporation that runs ball parks and arenas in Omaha, Nebraska, was victimized by a socially-engineered malware attack. In this type of attack, a worker at a targeted company opens an apparently trustworthy email attachment that is actually malicious.

French said the attackers were apparently familiar with MECA's payroll system, and swiftly initiated money transfers from MECA's bank, First National Bank of Omaha. The funds were transferred to individuals in Florida, who sent them on to locations in Eastern Europe. The American middlemen were likely recruited through "work from home" job offers and were unaware of their complicity in the fraud.

Some money was recovered by a successful reversal of one transfer, and insurance should cover the remainder of the loss, a MECA spokesperson told the Omaha World-Herald. However, the company must still pay a $25,000 deductible and pay for an investigation of the computer security breach.

The FBI has been alerted to the fraud, the World-Herald reports.

Eastern Europe has emerged as a hotbed of computer crime. Earlier this year, the FBI and Interpol arrested two Latvians accused of posting a malicious web ad to a Minnesota newspaper website, and Eastern European authorities rounded up suspects who allegedly masterminded a widespread botnet.