14 DAY TRIAL // The TriSummit Bank stands accused of negligence and breach of contract by TEC Industrial (formerly known as Tennessee Electric Company Inc.) in an cyberattack that saw $327,804 / €245,000 transferred into the accounts of the criminals.
The incident occurred on May 8, 2012, according to the complaint filed by TEC Industrial to a Tennessee court, provided by security blogger Brian Krebs, who also alerted the company of the possible heist two days later, leading to its discovery.
Cybercriminals managed to take over the bank account of the contractor and wired the sum to their accounts, from where it was withdrawn through a network of money mules.
The bank was successful in recovering about $135,000 / €101,000, leaving TEC Industrial with a deficit of $192,656 / €144,000.
The contractor would make large weekly payments, which consisted in the payroll of between 350 and 400 employees. An agreement between the two entities required the bank to seek verbal confirmation of large payment orders.
At the time of the incident, the contractor’s controller encountered trouble logging into the bank account for uploading the payroll batches, and contacted the financial institution for more information; the reply was that the technical issue was probably on account of maintenance operations, and as an alternative, the files could be uploaded at the bank’s local branch.
It is worth noting that, if access to the bank account is protected by two-factor authentication, cybercriminals often have on the victim’s computers malware that can send the security code to them instead of the financial institution and disrupt the session for the user. This way they gain full access to the bank account.
The court complaint says that despite the agreement between the two parties regarding verbal confirmation when transferring higher amounts of money, the bank did not do so in the case of the stolen $327,804 / €245,000.
It appears that the money was fraudulently transferred to a total of 55 accounts across the United States, the sums ranging from $550 / €412 to $11,000 / €8,240.
From the information provided by Brian Krebs at that time, the perpetrators accessed the bank account from Russia or Ukraine.
In the complaint, TEC Industrial discloses that they spoke with multiple TriSummit Bank representatives after the fraudulent transfer had been approved without verbal verification, as per agreement, and they did not inform of the unauthorized transaction.
When the contractor found about the illicit transfer, they immediately asked the bank not to honor it. However, not all the money could be recovered because mules had already withdrawn them from the accounts.
Regarding the cause of the incident, Eric Chiu, president of HyTrust, said via email that "organizations need to get serious about security to ensure that appropriate access controls as well as monitoring and alerting are in place. In addition, automated approvals such as the two-man rule should be mandated for transactions above a certain amount or dangerous operations. Lastly, consumers need to ensure that they keep their personal information safe and take precautions to secure systems that are used to access work networks and financial websites."