author photo
By SecureWorld News Team
Thu | Aug 26, 2021 | 8:45 AM PDT

Peterborough, New Hampshire—a small town of 6,000 residents—just experienced a devastating cyberattack, which resulted in taxpayer money amounting to $2.3 million being transferred to foreign internet scam artists.

That is approximately 15% of the town's annual budget. 

Adding a wrench into the unfolding events, officials are still waiting to see if the town's insurance will cover the losses. Since the town's budget is about $15.8 million annually, the loss could affect projects within Peterborough and whether they will be completed in a timely way, among other budgeting dilemmas.

Another interesting twist: staff in the finance department are currently on paid leave until an investigation can be completed. 

Details of the BEC attack 

Town officials discovered documentation had been forged by cybercriminals located overseas on July 26th. Officials knew something was wrong when ConVal School District told the town it had not received a payment for $1.2 million.

As it turns out, the scammers used fake email to pose as ConVal, where the actors then routed the payment into their bank account. By the time officials learned this had happened, it was already too late to stop the transfer.

Additionally, two other large payments related to a bridge project were scheduled to transfer into the thief's bank account but were intervened.

Town Administrator Nicole MacStay said the thieves took much precision in learning how Peterborough's finances worked. MacStay said to NBC10 Boston:

"These email exchanges, you would have to look much closer than anyone would normally look at an email to see that they were in fact forgeries.

They really understand how these transactions worked and took the time to understand how we worked with the school district and the vendor to be able to divert the funds the way they did."

According to Stephen Dougherty, a leading Business Email Compromise (BEC) investigator at the United States Secret Service, the scenario in New Hampshire is straight out of a cybercrime playbook. 

"Boiling it down, BEC is a cyber-enabled financial fraud attack where criminal actors get into an organization's email accounts. They get information that I call contemporaneous and privileged, meaning only you know what it is and only the person you think you're working with would have that information. So therefore, you believe you're having a trusted conversation," said Dougherty in a recent SecureWorld keynote presentation. 

To date, the town has declined to share copies of the emails with media outlets.

Are government entities more susceptible to vulnerabilities?

In a story by Monadnock Ledger-Transcript, it was noted that public entities have become much more accessible to hackers because they must be transparent on spending and other government activities. This could leave governments more susceptible to cyberattacks. 

"We are public entities, and we do business very transparently. That is, unfortunately, the real downside of open government," says the Town Administrator. 

Also, the Institute for Defense & Business says on top of the transparency government entities must have, the data they have access to is very alluring for hackers.

"Government agencies' data is attractive to hackers because its interwoven systems contain vast amounts of information from citizens and other organizations that are linked through a variety of platforms. In addition to this, the public sector's information systems and technology are rapidly growing, with virtually offered resources and services also increasing.

This development creates a demand for innovation and a need to secure cloud database storage. As this storage becomes more complex, the government faces the challenge of developing technology to keep up, while covering any loopholes."

What is your take? Share your thoughts in the comments below to start a discussion.

Related to the topic of BEC, listen to our podcast episode, "The Enterprise Business Model of Cybercrime."

Here are some of the stories that shed further light on this type of cybercrime and the fallout from it.

$18.6 Million in a Week: Employees Fired After BEC Scam

Google and Amazon Lose More than $100 Million to BEC Scams

Security Un-Awareness: Company Suing Employee After She Falls Victim to BEC Scam