SANDWICH- Police and town officials are remaining tight-lipped about a security breach that resulted in thousands of dollars being transferred from the town’s bank accounts into bank accounts in Florida, Georgia, and even Russia.
“It is a police matter that is under investigation. We are doing everything we can to protect the town’s funds,” was all that Town Manager George H. Dunham would say on the issue Wednesday morning.
On Tuesday, however, Chief of Police Michael J. Miller had stated that the amount of money illegally transferred was less than $50,000 and even suggested that, because one transfer was made to a Russian bank account, the incident could be connected to the Russian mafia.
According to earlier media reports, before the town news blackout, computer hackers had gotten into the town’s computer system and using a virus, known as a sniffer, obtained the town treasurer’s passwords and security information. The sniffer allows a logger to monitor any keystrokes entered. Once the thief or thieves obtain the password and security code, withdrawals can be made. According to the website, www.allbusiness.com, sniffers can be a powerful tool for creating efficient and safe computing environments but thieves also rely on them to gain unauthorized access to even the most secure systems.
The illegal transfers from the town’s bank accounts are believed to have started on November 4 and over the course of 10 days, four wire transfers were made. Each of the transfers was less than $10,000, which is the amount that would trigger notification to FBI officials.
On Friday, November 14, town Treasurer Craig F. Mayen had attempted to pay some of the town’s bills when he learned that there was not enough money in the account. That is when he questioned the four bogus transfers and was told that he had authorized them.
Mr. Mayen immediately contacted police, the town secured its computer network, and police began an investigation. Detective Albert J. Robichaud followed the trail of wire transfers back to banks in Florida, Georgia, and St. Petersburg, Russia.
When a man in Florida attempted to withdraw money from one of the accounts established in that state, police questioned the man and learned that he had been hired to wire the money to Russia, via Western Union. He told police that he had answered a job advertisement to open a bank account and to move money between accounts for a fee.
This type of security breach is nothing new. In January 2007, Framingham-based retailer TJX announced that it had been a victim of a security intrusion, during which hackers gained critical information pertaining to the company’s customers’ credit and debit cards. According to a January 2007 press release issued by TJX Companies, the investigation into that security intrusion involved a number of law enforcement agencies, including the Secret Service and United States Department of Justice.
Because the money transferred from Sandwich accounts were made across state and international borders, other agencies, including state and federal, could become involved in this investigation.
Mr. Dunham said he has spoken to other town managers to alert them to this security breach.
Town officials would not give the name of the bank where the security breach occurred. David W. Curtis, president of The Community Bank, called the intrusion “a new twist on an old scam” and said there are a variety of ways for skilled software engineers to get access to other people’s data.
“We have internal and external people constantly monitoring scams and making adjustments to try and stop them,” he said.
Mr. Curtis gives credit to Mr. Mayen for monitoring the town’s accounts so closely and catching the bogus transfers early in the scam.