Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie

Meath County Co hacked - €4.3 million taken - now in HK

Options
  • 18-12-2016 2:43pm
    #1
    Impetus
    Registered Users Posts: 1,667 ✭✭✭


    Meath County Council appear to have been 'hacked' - more likely a social engineering fraud, where a 'junior employee' appears to have been told by his/her 'boss' to transfer funds (EUR 4.3 mil) - which appear to be now in a Hong Kong bank account. The boss was probably not the real boss in this case, someone purporting to be same.

    At my distance, there appears to be a deficit in the system of internal control in this local government agency. Payments of this scale should involve multiple sign-offs by various people - including the person who from 'on high' allegedly initiated the transaction.

    In Canton Zurich, for example, (which is far richer than Meath), any expenditure in excess of CHF 10 million requires a public vote, open to the entire population of voters in the Canton. Not just a few 'officers' of the government agency.

    As a result, for example, no money was wasted on a metro system in Zurich - the metro proposal failed at two different public votes. Instead they spent the money on 16 tram lines, giving priority to public transport (removing control of traffic from the traffic signal boxes and putting it in the hands of a massive computer model - VS-Plus), and removing on-street parking in cities - which causes side tear delay to traffic and reduces the number of lanes for trams and vehicles.

    http://www.irishtimes.com/news/ireland/irish-news/meath-county-council-confirms-attempted-cyber-attack-1.2910180


Comments

  • Options
    #2
    Blowfish
    Registered Users Posts: 5,112 ✭✭✭Blowfish


    Yeah, it's a sign that they have terrible processes in place in general. Even ignoring the CEO fraud risk, the fact that a single junior person can transfer that much is ridiculous as they could just transfer it off somewhere and skip the country themselves.


  • Options
    #3
    TruthEnforcer
    Registered Users Posts: 62 ✭✭TruthEnforcer


    Its all a bit Odd to me ...

    I know that different people within any Co Co have different levels of 'financial approval' depending on their level of seniority .. but at the end of the day the 'person with responsibility for payment' will be the 'Finance Director Of Service' .. this as you would presume is NOT a 'Junior Member of Staff' so it would appear theres a 'bit of spin' being put out there to deflect the real problem / Story ????


  • Options
    #4
    TruthEnforcer
    Registered Users Posts: 62 ✭✭TruthEnforcer


    Just came across this tonight on the intranet thing .. bit strange ? that

    http://ie.china-embassy.org/eng/sgxw/t1290317.htm

    "Meath County Council twined with Guiyang, capital city of China's southwest Guizhou Province in 2014"

    I presume this has nothing to do with the 'recently announced' missing monies ??? that have ended up in a Hong Kong bank ?

    Mr. Wu encouraged both sides to jointly make greater efforts to translate good will and good wishes into concrete actions, practical schemes and tangible results .. Yeah right .....


  • Options
    #5
    Hotblack Desiato
    Registered Users Posts: 34,113 ✭✭✭✭Hotblack Desiato


    Blowfish wrote: »
    Yeah, it's a sign that they have terrible processes in place in general. Even ignoring the CEO fraud risk, the fact that a single junior person can transfer that much is ridiculous as they could just transfer it off somewhere and skip the country themselves.

    It's far more likely that what the 'junior' person did was change the payee details, this sort of fraud is as simple as emailing (or writing, or even phoning up - old school) the accounts department and letting on you're the payee and that you've 'changed bank'. Then just wait until the next payment to that legitimate payee and cash in. If you've done your homework it'll be easy to identify who receives large, regular payments from your mark, and possibly even when those payments fall due so you can pull off your scam just beforehand. Bonus points if you identify a bank holiday etc. falling due just afterwards to help you cover your tracks before anyone twigs. Usually this sort of thing is only detected when the legitimate payee rings up wondering where their money is.

    This sort of scam is as old as the hills and predates computers.

    The spin they've put on this is something else. "Hacked" eh probably not. "Our systems detected an issue" eh no, they instructed their bank to move the money and their bank did move the money all the way to Hong Kong. For all we know it was something flagged up by the systems in the Hong Kong bank (presumably not the final destination of the funds) which led to the funds being frozen for investigation.

    Fingal County Council are certainly not competent to be making decisions about the most important piece of infrastructure on the island. They need to stick to badly designed cycle lanes and deciding on whether Mrs Murphy can have her kitchen extension.



  • Options
    #6
    Skrynesaver
    Registered Users Posts: 1,109 ✭✭✭Skrynesaver


    I'll just leave this here


  • Advertisement
  • Options
    #7
    TruthEnforcer
    Registered Users Posts: 62 ✭✭TruthEnforcer


    Any developments of this story ?


  • Options
    #8
    BoB_BoT
    Registered Users Posts: 1,835 ✭✭✭BoB_BoT


    They got it back from what I recall. Frozen in the bank and had the transaction reversed.

    edit: here ya go: http://www.meathchronicle.ie/news/roundup/articles/2017/06/16/4141811-stolen-43-million-returned-to-council/

    also ffs, they're calling it a "cyber enabled theft"


  • Options
    #9
    Treepole
    Registered Users Posts: 486 ✭✭Treepole


    BoB_BoT wrote: »
    They got it back from what I recall. Frozen in the bank and had the transaction reversed.

    edit: here ya go: http://www.meathchronicle.ie/news/roundup/articles/2017/06/16/4141811-stolen-43-million-returned-to-council/

    also ffs, they're calling it a "cyber enabled theft"

    I could think of a better word than cyber for what enabled the theft.


  • Options
    #10
    L1011
    Moderators, Business & Finance Moderators, Motoring & Transport Moderators, Society & Culture Moderators Posts: 67,859 Mod ✭✭✭✭L1011


    It was extremely ancient social engineering; not "cyber theft"

    On a similar note, someone sent a letter to companies that had ads on UTV claiming to be from UTV Ireland asking them to divert future payments after UTV Ireland launched in Jan 2015 to a new bank account. Which did not belong to UTV Ireland, clearly. Targetted attack but absolutely zero "cyber" about it.


  • Options
    #11
    the_syco
    Registered Users Posts: 37,295 ✭✭✭✭the_syco


    BoB_BoT wrote: »
    They got it back from what I recall. Frozen in the bank and had the transaction reversed.

    edit: here ya go: http://www.meathchronicle.ie/news/roundup/articles/2017/06/16/4141811-stolen-43-million-returned-to-council/

    also ffs, they're calling it a "cyber enabled theft"
    I find it odd that the money went to HK, and sloppy that the money was still in the account when the Irish authorities went to reverse it. I would've thought someone on the HK side would have moved the money as soon as it came in, to another account in a country with a less co-operative banking system? I may have read too many crime stories.


  • Advertisement
  • Options
    #12
    BoB_BoT
    Registered Users Posts: 1,835 ✭✭✭BoB_BoT


    the_syco wrote: »
    I find it odd that the money went to HK, and sloppy that the money was still in the account when the Irish authorities went to reverse it. I would've thought someone on the HK side would have moved the money as soon as it came in, to another account in a country with a less co-operative banking system? I may have read too many crime stories.

    Unless HK have functioning banking regulations, stating that such a large sum is queried/flagged? :P

    Crime novels indeed! Should have sent it to a country, as you said, with dodgy banking, like into an AIB or BOI account.


Advertisement