Scumbag hackers lift $1m from children's charity A group of criminal asswipes have managed to steal $1m from the Save the Children Foundation. The global children's health charity said in its 2017 fiscal report (PDF) to the IRS that, back in April of last year, some total sleezebag was able to get control of an employee's email account and then convince the organization to …
How can someone at STC authorise a transfer of near $1m without there being an existing project or programme that the charity has previously done its due diligence on and agreed to fund?
And if this transfer request was disguised as part of an existing project then the criminals must have near insider[1] levels of information in order to time the request just right, know that solar panels were a necessary part of the project, know that disbursement approval had already been granted and that it was just a matter of requesting the funds etc.
Icon: nearest thing to me holding my nose because something stinks.
[1] The insider could be a part of the receiving organisation of course, not STC.
How can someone at STC authorise a transfer of near $1m without there being an existing project or programme that the charity has previously done its due diligence on and agreed to fund?
Hello, my name is Carl and I'm calling from Microsoft Helpdesk. Apparently, your computer has a virus ..."
I remember listening to a podcast some years back of a couple of security researchers talking about what the new year holds, and one of them said "there would be more corporate breaches", but the other corrected him, "there will be more corporates 'finding out' they've been breached"
In other words, most organisations have no idea what is going on inside their networks.
If I were a hacker, once in, I would pivot around for persistence, carefully shimmy around between the walls, listening to conversations and get an understanding of organisational relationships.
With this knowledge, I would formulate a plan to monetise my efforts
Literally all it would take is access to a admin O365 account with no 2FA enabled, which is probably all O365 admin accounts, considering Microshits shenanigans
Phishing is so much easier this way
Why use a net when you can use a sniper rifle
I have seen a lawyers bill for 400000 EUR, exactly the number with no extraneous decimals and digits, the bill stating "Legal services for project xxx", no hours stated, no breakdown of work tasks, and no requisition number.
The reason I have seen it is because I rejected it and PHB higher up approved it as-is!
What is suspicious is that PHB-of-Finance back then left without a going away do, and 'we' are on the third PHB-of-Finace with no one the wiser.
Got similar with an invoice for £100K. Asked for a breakdown of what was being paid for and got shuffling of feet - so rejected it outright. They are on their 3rd attempt at the invoice - a reputable company but I've told them we're not an open check book.
"I have seen a lawyers bill for 400000 EUR, exactly the number with no extraneous decimals and digits, the bill stating "Legal services for project xxx", no hours stated, no breakdown of work tasks, and no requisition number."
I can actually believe that was genuine. The legal profession take the piss with their charges and (in the UK anyway) they seem to be the only profession that can get away without having to give you an estimate of how much their work will cost beforehand even when its a standard procedure such as conveyancing. They also seem to think its perfectly ethical to charge £5 per email or phone call even when its YOU contacting THEM because they haven't bothered to keep you up to date!
Lawyers understand the letter of the law but they seem to have a complete lack of understanding of the spirit of it IMO.
No, you got that wrong @robinson: he was paid $299,136 - he probably earned about half that. This is a common misconception.
Just to correct a misconception here: Helle Thorning-Schmidt is a female ex-Prime Minister of Denmark, married to Stephen Kinnock (Neil Kinnock's son). Stephen Kinnock is currently MP for Aberavon.
Whether USD 299,136 is a reasonable amount for a year's salary for her is not something I am competent to comment on. Presumably her paymasters think she is worth it.
Whether USD 299,136 is a reasonable amount for a year's salary ...
Don't knock it, it was pretty hard to get her to Just Leave so maybe that amount is well worth it.
Think the female Tony Blair ... and the way Tony Blair is hanging around, like that turd on just cannot flush, and the new xxx-friend one want to impress will be arriving any minute. Yup. 300 kUSD is cheap!
Their justifications for such salaries do not wash either
They say it's because they need to attract the best CEO talent in the market
Well that's fine, just don't expect other people to pay for it
This is the first thing I look at when deciding whether or not to donate my hard earned money to a cause
Gone are the days of charity, all we have now are businesses posing as charities
Some of them use the money to go into manufacturing and product design to further create revenue, it's fucking disgusting
It would be interesting to learn just how they managed to fall for this. Did an email arrive in the PHB's account which was then forwarded to the accounting department with a note say's, "Pay this please"? Did the PHB do it, or maybe they never even saw it?
How many other scams have they fallen for? Do they even know?
Try buying commercial insurance ... while you have a point for one claim like this, their rates will now go sky high and the insurance company will plan to recoup the expense by increasing rates policy wide.
If an insurance company offers a $1,000,000 liability policy for $20k a year and sells 100 policies and gets one claim a year, then they make $1,000,000 a year. It's Christmas, triples all round chaps!
This post has been deleted by its author
Given the way most large charities seem to be run as businesses (executive pay, perks and admin costs, not to mention chuggers on commission) and treat their alleged "clients" as little more than an afterthought, please pardon my lack of sympathy.
Even "worthy" charities such as the RNLI (and why does Britain need a charity to rescue sailors?) are going rapidly down this route, so I now refuse to give to anything other than small local charities which actually care about the causes they represent.
I agree with other comments about lack of due diligence and proper procedures, which should not have allowed this to happen.
It's interesting you (OP) mention the RNLI. When my old man turned 60 (about 10 years ago so pre GDPR) he asked people to send donations to the RNLI (among some other charities) in lieu of presents. I sent off some cash to the RNLI and made sure I got the boxes right to not opt in and opt out (!) of future contact and mailings.
I was then helpfully added to their supporters email news letter list anyway, and started getting begging letters in the post too. I unsubscribed from the emails which then started up again a few months later, leading to a phone call asking them to make it all stop. It didn't and in the end the only way I got it to stop was calling their HO and tearing someone off a strip about it.
I now only support small local charities that I know well, know where they're spending the money, and that rely mostly on volunteers with few if any paid staff. If I support a big charity (I make one exception with a big animal charity) I take in food for the animals at the rescue centre as that should stop them using it to fund their CEO's six figure pay and benefits package (unless he likes eating Winalot!).
Cancer Research UK also have lavishly paid managers and aggressive fundraisers. I raised thousands for them in sponsored events over the years, and they still bombarded me with guilt trips for not doing even more. Not a penny more from me. Shelter are quite bad as well. Like others have said I focus my giving on small local charities run by volunteers now.
"RSPCA is one of the worst offenders for this, they have executives on massive salaries and the local centres are franchises that have to do their own fundraising."
One of the worst? NO, the RSPCA is THE worst. It is not just the massive salaries, it is the levels they will sink to in order to increase revenue.
Your deceased father left a small legacy to the RSPCA and the rest of his estate to you? The RSPCA have challenged such wills in court, demanding a larger share of the estate.
https://www.dailymail.co.uk/news/article-1252213/Judge-slams-RSPCAs-court-attempt-double-300-000-left-generous-animal-lover.html
"The RSPCA said later in a statement: 'All the RSPCA has done is try to honour what we believe was Mr Mason's clear intention to avoid anyone paying inheritance tax.'"
Aye, that will be the clear intention that stated "£60,000 to him, £400,000 to them, and £300,000 to the RSPCA." I can't see it being any clearer, yet the RSPCA's translation was "The RSPCA argued that Mr Mason's will should be considered in such a way that it would receive £651,820."
Neighbour leaves a plot of land for wildlife, on the proviso that it was to be left as is, for the wildlife? The RSPCA sell the land to property developers because the will did not explicitly it was not to be developed.
https://www.manchestereveningnews.co.uk/news/greater-manchester-news/fury-as-rspca-sells-land-in-alderley-687444
Money-grubbing little brutes, the lot of them. From the obnoxious in-your-face "hi-how-are-you-doing-can-you-spare-2-minutes" street muggers to the overpaid, self-serving hypocrites at the top.
Given their involvement in numerous incidents of Sexual Harassment which has lead to them having their government funding suspended, the charity appears to be doing more harm than good, and stealing money off them to prevent them doing more harm is probably a good thing.
There seems to be some confusion amongst both the comments and the article author. The article is about Save the Children Federation (not "Foundation"), also known as Save the Children USA (founded 1932), and modelled after the UK Save the Children Fund (founded 1919). They are not the same organisations.
One way......
By sending a e-mail to users (From an already hacked external source), asking them to review & consider an attached PDF.
The attached PDF is actually a link to a website, made to look like a "one drive" sign in portal, & it prompts for credentials at this point (Instead of using the credentials which would normally be shared by the sender with the intended recipients) .
At this point about 15 of our users happily entered their credentials. A few e-mailed the mimic for verification to be told "Go Ahead". Only one person had the brains to stop & think this doesn't smell right, did not enter in his credentials & actually notified us in Mission Control 1 full minute before the actual person logged a ticket asking if she had been hacked (Yes on Friday she had entered her credentials into the webpage as directed by a externally sent e-mail by one of our venders).
Nobody even looked at the url which was along the lines of "****.****beerisgood.com"
to describe the lawmakers, on both sides of the pond, who squander vast sums of tax payers money. Scumbags and a*******s is very appropriate.
If he's after the "think of the children" justification, the lawmakers have far more of an adverse impact as a result of their waste and incompetent management than the the theft of a mere $1M ever had.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
