Science & Technology Law

As Hackers Steal Up to $1B Annually from Biz Bank Accounts, Victims May Have No Recourse

  • Print.

Some $43 million was stolen in conventional bricks-and-mortar robberies, heists and stickups of U.S. banks last year. Meanwhile, cybercrooks stole hundreds of millions in what is being called a national security threat.

The exact amount isn’t known. But security experts say up to $1 billion annually is being taken by hackers through online schemes targeting commercial accounts. That’s particularly bad news for the businesses, including law firms, that own the accounts, because their losses, unlike thefts from bank accounts held by individuals, often aren’t covered by federal deposit insurance, Bloomberg reports.

Small businesses “just don’t have any clue, and everyone expects their bank to protect them,” Avivah Litan of computer analyst Gartner Inc. tells the news agency. “Businesses are not equipped to deal with this problem, and banks are barely equipped.”

Sophisticated software and appropriate anti-fraud procedures can offer significant protection against hacking, the article says, but businesses—and many banks—are operating with less-than-optimum setups.

As large sums of money are sometimes literally stolen by far-distant hackers under the shocked gaze of victimized business employees, neither banks nor law enforcement, seemingly, can do much to help. Using inexpensive malware that allows them to take over the computer’s operations as if they were sitting at the keyboard, cybercriminals, often based in Eastern Europe, can route large sums of money via the Internet to confederates or accounts they control.

Valiena Allison, CEO of Experi-Metal Inc., for instance, got a call from her bank one morning a couple of years ago about a wire transfer. She hadn’t authorized it, and said so. But the company’s infected computer had, and over $5 million had been stolen, in unauthorized transfer after unauthorized transfer, by the end of the day.

The bank recovered all but about $500,000 of the money. But that was the company’s loss, the bank said, because it had allowed its computer system to be taken over as a result of falling victim to a phishing scheme. A federal judge in Michigan last month disagreed, however, finding that the bank should have refused the transfer instructions due to facts including their frequency and the locations (Estonia and Russia) to which the money was being sent, Lori Desjardins of Pierce Atwood wrote in a recent Lexology (reg. req.) post.

A Maine-based business, Patco Construction Inc., saw $500,000 siphoned from its accounts over a couple of days in 2009, and has now gone back to paper checks, as an earlier post details.

A federal magistrate judge in a May recommendation said Patco had to take the loss concerning some $345,000 that the bank couldn’t recover. And a U.S. District Judge in Portland agreed, holding in a written opinion (PDF) today that Patco agreed with the bank’s security procedures.

Related coverage: “Law Firm Loses $78K in Massive Malware Scheme That Was Disabled by Feds” “Senate OKs Insurance for Attorney Trust Accounts Sought By ABA” “Almost 20% of Home Computers, 7% of Corporate Ones are Botnet Slaves, Expert Says”

Give us feedback, share a story tip or update, or report an error.