Hackers siphon $644,000 from EoD

New York Department of Education

Another day, another $644,000 dollars. Well, almost. This time hackers managed to embezzle well over half a million dollars from the New York Department of Education bank account over the course of four years utilizing the bank's petty cash account.

A report by the Special Commissioner of Investigation for the New York city school district found that the cash was siphoned from a Small Item Payment Process (SIPP) account at JPMorgan Chase between October 2003 and February 2007 using electronic fund transfers (EFTs).

"It is difficult to understand how the DOE accumulated years of account statements, reflecting hundreds of thousands of public dollars spent to pay bills, but did not review them," the report, which was written by Special Commissioner of Investigation for the New York City School District, stated. "A cursory examination would have shown that the charges were not normal school expenses."

Slipping under the radar

The man responsible for the theft, Albert Attoh, was able to give accomplices the details of the account, along with routing information to enable them to pay bills with Department of Education money. In return, Attoh took cash payments.

The scam was successful because Attoh was able to take advantage of an oversight within the account, which meant that although it was supposed to be limited to purchases of less than $500, there was no limit on EFTs used for paying bills because the Department of Education failed to set up a block.

"It is difficult to understand how the Department of Education accumulated years of account statements, reflecting hundreds of thousands of public dollars spent to pay bills, but did not review them. A cursory examination would have shown that the charges were not normal school expenses," says the report.

The scam was finally uncovered when an unidentified woman alerted Chase that someone was attempting to pay bills using the SIPP account. The perpetrators were identified and led authorities to Attoh.

After pleading guilty, Attoh was sentenced to 364 days imprisonment, and ordered to pay $275,000 in restitution.

Related articles:

Hackers penetrate mid-level bank IT network | US Treasury attacked by hackers | Financially motivated hacking: the non-vulnerability challenge

Like this article? Get the RSS feed: