Can't help but feel like this is one of the bigger weaknesses of a decentralized system like the US' when it comes to information security. That said, these mules are in a good deal of trouble....
Can't help but feel like this is one of the bigger weaknesses of a decentralized system like the US' when it comes to information security.
That said, these mules are in a good deal of trouble. The thing about the US banking system is that it's pretty user-attributable to a point. That point is the juncture between a legitimate bank account (the mule's bank account, in particular) and a wire transfer to god knows where.
The thing that strikes me about this story is who is identified as being disproportionately impacted: first responders, government employees, and school (government) employees. The linking characteristic of those people? Their names are publicly available. That suggests something about the tactics the criminal org used to get the PII in the first place (that is, they probably also got the PII from the same state and local governments they would later defraud).
The main unanswered question for me--and the one that will likely stay unanswered unless indictments come from this--is how much did the organization actually get out the door from these states? I would hope that the fact this information is being released means the investigation is in its late stages. They may not have final loss figures yet (which is why they talk in terms of "potential" losses), but "massive" can mean a lot of things. Is it the number of people whose PII was involved? The amount of money lost? A combination? How important this story is depends on the answer to this question.
A well-organized Nigerian crime ring is exploiting the COVID-19 crisis by committing large-scale fraud against multiple state unemployment insurance programs, with potential losses in the hundreds of millions of dollars, according to a new alert issued by the U.S. Secret Service.
Can't help but feel like this is one of the bigger weaknesses of a decentralized system like the US' when it comes to information security.
That said, these mules are in a good deal of trouble. The thing about the US banking system is that it's pretty user-attributable to a point. That point is the juncture between a legitimate bank account (the mule's bank account, in particular) and a wire transfer to god knows where.
The thing that strikes me about this story is who is identified as being disproportionately impacted: first responders, government employees, and school (government) employees. The linking characteristic of those people? Their names are publicly available. That suggests something about the tactics the criminal org used to get the PII in the first place (that is, they probably also got the PII from the same state and local governments they would later defraud).
The main unanswered question for me--and the one that will likely stay unanswered unless indictments come from this--is how much did the organization actually get out the door from these states? I would hope that the fact this information is being released means the investigation is in its late stages. They may not have final loss figures yet (which is why they talk in terms of "potential" losses), but "massive" can mean a lot of things. Is it the number of people whose PII was involved? The amount of money lost? A combination? How important this story is depends on the answer to this question.
From the article: