New York City's Department of Education was defrauded out of more than $644,000 by hackers who targeted an electronic bank account used to manage petty cash expenditures, investigators said. The DOE's small item payment process account at JPMorgan Chase was supposed to be limited to purchases of less than $500, but an oversight …
This twat ripped off more than half a million and only gets a year in the big house and made to pay a third of it back? Which judge's or politician's son did you say he was again?
Because DOE officials failed to block the use of electronic transfers, the account was wide open. All that was required what the account number and the bank routing number.
So... if I have a check from the DoE (acct. no. and routing no.), the default security is to allow me unlimited acces to your money.
... I see the minimal time these guys server, the more I am tempted...
Wouldn't happen here of course
we are way to smart to pay just any bill that is pushed acrosss the desk.
The EU's been leaking cash like this for ages
At first take, the failure of a public body to reconcile a bank account for three years seems almost unbelievable. But then the EU Court of Auditors has refused to sign off the EU accounts for the past fifteen years, and found accounting errors in two-thirds of the euro 105 billion budget.
Re : First WTF?
Not familiar with the case but from this article it appears that he wasn't so much engaged directly in the thefts / frauds than telling people how to; much like, "give us £50 and I'll tell you where there's a cash-point that pays out on a Tesco Clubcard".
Any apparent leniency of the sentence probably reflects his actual part in the crime. Is that wrong ?
Re: Re: First WTF?
"Any apparent leniency of the sentence probably reflects his actual part in the crime. Is that wrong ?"
Damn skippy there is! The enabler should get worse than the crooks that took, and the crooks that took should be paying three times what they took plus compounded interest. But that's not the end of what is wrong here. The so-called accounting department should be doing the perp-walk in front of the enabler. They're the ones who are *supposed* to be the ones watching out for the enablers and the thieves.
to the IDIOTS that should have been doing the accounting?
How many people related to them were in on the scam?
DOE innocent, go after Chase plx
The account was opened before EFT existed. To me this looks more like an oversight on Chase's side rather than a DOE snafu.
Is there a reason no one else is getting jailed? It seems heaps of comptrollers, CEO's and other folk also had a role in this. Why would Chase enable EFT on an account that is limited to 500 $ withdrawals and not enforce such a limit on that?
"hacker" my @ss
more like "inside job" or "hackers exploited the hole before we did". These guys can nail a fraudulent transaction in seconds if they choose to-so to find this supposed unobserved exploit stinks of "blaming someone else" and claiming "innocent mistake".
Someone deliberately left the account misconfigured so they could exploit it to lesser levels, and are "outraged" that someone raided the cookie jar before they did.