• Menu
  • Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

Before Header

  • About Us
  • Lexicon
  • Contact Us
  • Our Store
  • ↑
  • ↓
  • ←
  • →

Balloon Juice

Come for the politics, stay for the snark.

Wow, I can’t imagine what it was like to comment in morse code.

And now I have baud making fun of me. this day can’t get worse.

I’d hate to be the candidate who lost to this guy.

The poor and middle-class pay taxes, the rich pay accountants, the wealthy pay politicians.

Happy indictment week to all who celebrate!

Accountability, motherfuckers.

Reality always lies in wait for … Democrats.

Consistently wrong since 2002

The truth is, these are not very bright guys, and things got out of hand.

The cruelty is the point; the law be damned.

Schmidt just says fuck it, opens a tea shop.

This really is a full service blog.

Why is it so hard for them to condemn hate?

Perhaps you mistook them for somebody who gives a damn.

After roe, women are no longer free.

Let’s not be the monsters we hate.

Accused of treason; bitches about the ratings. I am in awe.

Seems like a complicated subject, have you tried yelling at it?

If you are still in the GOP, you are an extremist.

But frankly mr. cole, I’ll be happier when you get back to telling us to go fuck ourselves.

We cannot abandon the truth and remain a free nation.

Second rate reporter says what?

“Everybody’s entitled to be an idiot.”

Let there be snark.

Mobile Menu

  • Winnable House Races
  • Donate with Venmo, Zelle & PayPal
  • Site Feedback
  • War in Ukraine
  • Submit Photos to On the Road
  • Politics
  • On The Road
  • Open Threads
  • Topics
  • Balloon Juice 2023 Pet Calendar (coming soon)
  • COVID-19 Coronavirus
  • Authors
  • About Us
  • Contact Us
  • Lexicon
  • Our Store
  • Politics
  • Open Threads
  • War in Ukraine
  • Garden Chats
  • On The Road
  • 2021-22 Fundraising!
You are here: Home / Happens Every Day

Happens Every Day

by $8 blue check mistermix|  June 15, 20118:47 am| 42 Comments

This post is in: hoocoodanode, Security Theatre

FacebookTweetEmail

Here’s my local town spokeswoman, excusing the theft of $139,000 by “hackers” from the town’s online bank account:

“We had good firewalls, anti-virus software and even with all of those measures, it still happened,” she said. “No matter who you are, you will always be vulnerable because new viruses are coming out every day, and these people make it their business to come up with new ways to get the information.”

In addition to this kind of duty shirking, the whole article is full of black-box techno-voodoo explanations of the hacker attack, which I think some people might take as a better excuse than this lame version of hoocoodanode. I don’t — city offices are about 50 yards from a locally-owned bank, yet the town chose to bank online, and they got ripped off. Writing paper checks in longhand was an option when they made their bad decision, and it’s still an option today.

Update: That last sentence wasn’t clear. My point isn’t that they should have been using paper checks, but rather that every method of distributing money to employees and creditors has security risks. Once upon a time, the town wrote paper checks. One day, they decided to switch to online banking. What safeguards did they put in place when they did that? Are they insured against this kind of theft? Did they consider the new risks that were different from the old? Answer those questions, but don’t shine me on with talk of trojans, and other bad voodoo. And tell me why every other little town in this region hasn’t been the victim of this kind of theft – are they lucky? Or did they do a better job with their security.

FacebookTweetEmail
Previous Post: « OG
Next Post: Lesson Not Learned »

Reader Interactions

42Comments

  1. 1.

    stuckinred

    June 15, 2011 at 8:53 am

    Yea and logging on to this blog probably increased your chances of getting hacked 20 times!

  2. 2.

    cathyx

    June 15, 2011 at 8:54 am

    I’ve heard that passing checks through the mail was less safe than online banking.

  3. 3.

    cmorenc

    June 15, 2011 at 8:59 am

    Doing business banking transactions the old-fashioned paper way is becoming less easy to do by the month, as more and more entities demand going to electronic transactions as a condition of doing commerce. This is even becoming true on a level of individual transactions: think how much PayPal has become as a preferred trusted way of conducting sales between ordinary individuals who don’t know each other personally, over using paper cashier’s (now called “bank”) checks (checks guaranteed by the issuing bank). I have a friend who recently rented a house from someone who will be abroad for a year, and a condition of the transaction was that rent payments needed to be done electronically account-to-account. I referee soccer, and one of the main organizations I work games for recently insisted its referees go to the RefPay system rather than receive paper checks; payment for games goes directly (electronically) from the soccer club into my bank account.

    It isn’t easy to insist on going paper anymore, and that way has its vulnerabilities and flaws too.

  4. 4.

    Percysowner

    June 15, 2011 at 9:02 am

    Wow! I get my pay check via direct deposit. I pay almost all of my bills over the Internet. I’m always on time with my rent because I have my account set to write the check every month on the correct day. My cable, electric bill, and gas bills all have my bank number and get paid on time because I set it up that way. If my bank gets hacked you are going to blame ME for it happening? Yeesh, If the city were running checks over the carrier could be clonked over the head and have the checks stolen. The only person to blame here is the hacker. Blaming the victim is unfair.

  5. 5.

    stuckinred

    June 15, 2011 at 9:05 am

    My credit is so bad they won’t take my cash!

  6. 6.

    sb

    June 15, 2011 at 9:16 am

    Shorter mistermix: The fuckers got robbed and deserved it!

  7. 7.

    Carl Nyberg

    June 15, 2011 at 9:16 am

    What are the odds that one of the people involved in designing, implementing or using this vulnerable system was either the perp or working with the perp?

  8. 8.

    Carol

    June 15, 2011 at 9:20 am

    @Percysowner: I still use paper checks for some transactions, but I remember the days when muggers used to hang around looking for people who just cashed their monthly checks, and when checks were stolen out of apartment mailboxes-the thieves always knew better than we when the checks were coming.

    At least with electronic hacking, there’s a chance the money and the thief will be found. Paper? Well, all you could do was have a stop-check order issued and have a replacement issued, which took two weeks.

  9. 9.

    Special Patrol Group

    June 15, 2011 at 9:21 am

    Shorter local town spokesperson:

    It happens sometimes. People just explode. Natural causes.

  10. 10.

    Carol

    June 15, 2011 at 9:22 am

    @Carl Nyberg: Better than you think. No system can really be completely fool-proof against an insider ready to cash in from hidden trap doors.

  11. 11.

    taylormattd

    June 15, 2011 at 9:24 am

    I don’t get this post at all. You really think the solution is to write out checks by hand and have the person run down the street to the bank?

  12. 12.

    mistermix

    June 15, 2011 at 9:25 am

    @sb: Why is “the fuckers got robbed” an acceptable excuse in the virtual world, but if someone got $139K by, say, jimmying open a town safe, we’d be asking hard questions about their choices?

  13. 13.

    Carol

    June 15, 2011 at 9:26 am

    September 11, 2001. I was transfixed on what was on television, but had to pull myself away to hang around my inside mailbox to greet the mailman. Why? my unemployment check was mailed, and a previous check never showed up at the box. Now the front door was locked, but even a locked door had to be opened from time to time, and the old-fashioned 1920’s mailbox lock was designed for a time when nobody knewe hat a check was. So the lock was often pretty loose and hard to lock.

    Unemployment finally went to direct deposit this year, and I find it’s much safer. I can pull out only the money I need to pull out-no more running around with the proceeds from a just-cashed check.

  14. 14.

    gnomedad

    June 15, 2011 at 9:27 am

    If they were really responsible, they’d rely on barter.

  15. 15.

    Gin & Tonic

    June 15, 2011 at 9:33 am

    @Percysowner:

    The only person to blame here is the hacker. Blaming the victim is unfair.

    Bullshit. If you leave your front door open and some junkie comes in while you’re gone and takes your TV, I’m blaming you, not the junkie (well, laughing at you more than blaming.)

    There was a thread on this yesterday. Most “hacking” isn’t very sophisticated, and works because IT security is ignored (or given short shrift) by the target company.

  16. 16.

    mistermix

    June 15, 2011 at 9:33 am

    @gnomedad: Of course, the real issue that needs addressing is fiat currency. If they paid their employees in gold, this wouldn’t have been an issue.

  17. 17.

    4tehlulz

    June 15, 2011 at 9:41 am

    @mistermix: Banker detected. A real American demands silver.

  18. 18.

    dr. bloor

    June 15, 2011 at 9:47 am

    @taylormattd:

    Don’t bother. He’s on a roll this morning.

  19. 19.

    AAA Bonds

    June 15, 2011 at 9:56 am

    owned

  20. 20.

    Cat

    June 15, 2011 at 10:00 am

    if someone got $139K by, say, jimmying open a town safe, we’d be asking hard questions about their choices?

    huh??? If the town was robbed because the thieves defeated their security system and cracked the safe you’d really be questioning the town’s choices?

    And no, you don’t get to make a false metaphor comparing online banking security to say an unlocked filing cabinet. They followed basic security precautions.

    I’ll take them at their word that it was an organized ring which will be using software which will be unknown to the people they expected to keep their computer safe.

  21. 21.

    mistermix

    June 15, 2011 at 10:07 am

    @Cat: Yes, I would criticize the town for getting their safe cracked if thieves stole $139K from it, because, as I mentioned in the post, there’s a bank with a bigger, stronger vault 50 yards from the town offices. And, it just might be the case (and, actually, it is the case) that the same bank offers a commercial banking service that would allow the town to do electronic deposit without having a hackable online account.

    And, no, I won’t take them at their word because no other town in the area has lost $139K to some ring of techno-burglars.

    (P.S., I love how people gin up a false equivalency, like your filing cabinet one, and then act as if I said it. “You’re the kind of guy who would say that, therefore I’m justified in saying you did”.)

  22. 22.

    daveNYC

    June 15, 2011 at 10:13 am

    The issue here isn’t that the town was paying it’s employees via direct deposit, it’s that they were setup to access the town’s account online. There’s no reason why they couldn’t send someone down to the bank to do the transfers and whatnot from there as opposed to from the town offices.

  23. 23.

    Cat

    June 15, 2011 at 10:57 am

    @mistermix:

    Lets see if I have this right.

    They have 139k in cash to pay their employees and it gets stolen. “They should have paid them with checks.”

    They keep checks around and 139k in bad checks get written. “They should have paid them using direct deposit”.

    They pay them via direct deposit and 139k gets stolen via their online payment processing. “They should have written checks”.

    So what did the local government do to you that makes you want to blame the victim?

    And, no, I won’t take them at their word because no other town in the area has lost $139K to some ring of techno-burglars.

    A) This is what they said the FBI told them. Its a very bad lie, so I’ll give them the benefit of the doubt.

    B) There are several of reasons why you maybe unaware of another town getting robbed in this same way.

    1. Their town’s treasure is unaware it happened.
    2. They are keeping it quiet.
    3. You may have missed the newsreport.
    4. The reporter did a bad job and didn’t connect the two thefts together.
    5. Their town’s treasure is about to discover it.

    I’ve read of a small business all over being robbed this exact same way. I possible its a string of unrelated people using the exact same methods I suppose.

  24. 24.

    Commenting at Balloon Juice since 1937

    June 15, 2011 at 11:02 am

    Don’t access bank accounts using Windows and this won’t happen. I can’t comment on Apple products but if I ran the office, they would be using an obscure BSD variant.

  25. 25.

    mistermix

    June 15, 2011 at 11:12 am

    @Cat: No, you don’t have it right, but the good news about arguing with yourself is that one of you is almost certain to win.

  26. 26.

    Villago Delenda Est

    June 15, 2011 at 11:31 am

    @Gin & Tonic:

    There was a thread on this yesterday. Most “hacking” isn’t very sophisticated, and works because IT security is ignored (or given short shrift) by the target company

    Ignored because to do it costs money, and therefore cuts into sacred profit. “Fiduciary responsibility” is a very quaint notion in the modern world, because it cuts into profit.

  27. 27.

    dpcap

    June 15, 2011 at 11:32 am

    @Commenting at Balloon Juice since 1937: That wouldn’t work when things like this are still a possibility.

    With a little bit of “social hacking” or even disgruntled ex-employees, your system could be the most perfect in the universe and it can still be hacked.

  28. 28.

    dpcap

    June 15, 2011 at 11:33 am

    @Villago Delenda Est: of course “profit” implies that shareholders are getting something and as we’ve seen so often lately, CEOs are even willing to screw over their “owners.”

  29. 29.

    Gin & Tonic

    June 15, 2011 at 11:48 am

    @Villago Delenda Est: This is a municipal government that mistermix was talking about, so no profit to protect. I still blame the town, or their auditors, or whatever higher level of government they report to or cooperate with. All I know is from reading TFA, but they sound like idiots.

    At the risk of being repetitive — if you don’t lock your front door when you leave the house and somebody steals your TV, it’s your fault.

  30. 30.

    Villago Delenda Est

    June 15, 2011 at 11:56 am

    @Gin & Tonic:

    I was referring more to yesterday’s thread…but once again, the desire to “economize” by those who think government should be “run like a business” creates all sorts of false economies that lead to incidents like this.

    “Locks on the door cost money!”

  31. 31.

    alwhite

    June 15, 2011 at 12:13 pm

    I’ll bet you a dollar they did not use any “new virus” or yet undiscovered path to success. I’ll bet you another dollar that they used a well-known entrance, one for which there are tests and counter measures. A firewall is pointless if you are not doing other things correctly. Having worked on IT vulnerabilities for 20 years I am constantly amazed at how many companies buy ‘boxes’ and hire companies to monitor, spending tons of money but they won’t do some simple things or slightly inconvenient things that cost next to nothing but would have real results.

  32. 32.

    Carol

    June 15, 2011 at 12:17 pm

    @dpcap: So true-and in a lot of small towns, there may be only one or two IT people. If either is distracted or crooked, it’s a problem. Sometimes it’s more distraction, and someone gets in while the person responsible is on a coffee break.

    At work, we are told to log off for breaks, and freeze things if we have to say, go to the bathroom. Why? because anyone could then access the computer while you are away and do-whatever.

  33. 33.

    Count

    June 15, 2011 at 12:20 pm

    Speaking as a security administrator, small cities don’t have the money to do things securely.

    To think otherwise displays an ignorance that is stunning, but not unexpected. Someone with access to the bank probably had a keylogger on their computer installed via a trojan, or by social engineering. Try and prevent that with a minimal budget for security or security personal.

  34. 34.

    Ken

    June 15, 2011 at 12:46 pm

    mistermix, no problems that I’m aware of down the I-90 from you in Williamsville. So, when is Pittsford going to let the ‘professionls’ of their neighborhood bank handle their finances?

  35. 35.

    MM

    June 15, 2011 at 12:56 pm

    So there was a bank 50 yards away? Stop the presses! Do you even stop to consider that just MAYBE there were reasons that the Town didn’t do business with that bank? Maybe the other bank had better interest rates, or lower bank fees. or offered to process the Town’s electronic transactions at a lower rate than other merchant services. Maybe the bank 50 yards down said that they couldn’t process the Town’s deposits quickly enough for the Town’s satisfaction.

    Oh who cares. Backseat driving about things we don’t understand is way more awesome.

    That said, it wasn’t a new super virus, it was an exploit of something that already exists. It would likely have had next to nothing to do with which bank they used.

  36. 36.

    HyperIon

    June 15, 2011 at 1:15 pm

    @stuckinred:

    logging on to this blog probably increased your chances of getting hacked 20 times!

    Strangely, I have never logged on to Balloon-Juice.
    Is there something going on that I don’t know about?

  37. 37.

    dpcap

    June 15, 2011 at 2:09 pm

    @HyperIon: all your base are belong to us!

  38. 38.

    Datacine

    June 15, 2011 at 2:31 pm

    It’s all about the password.
    Kiddies check out:

    Kevin Mitnick

    see how he hacked
    soft information is the key

  39. 39.

    someone

    June 15, 2011 at 4:04 pm

    A whole thread and no one has mentioned the “e” word. As someone who’s seen it happen this sounds like embezzlement and an administration who doesn’t want to admit it. Hacked? Yeah, by someone who had access to the password and got the money out without being traced. Happens every day indeed.

  40. 40.

    Greyjoy

    June 15, 2011 at 4:12 pm

    As someone who has in the past worked for USBank in its online banking division, banks are required by the FDIC and the SEC to have Really Fucking Secure(tm) websites as well as internal networks, in order to protect customer data against exactly this sort of invasion.

    Here’s what I think happened:

    1. Town official with access to the account STUPIDLY uses the same laptop to check the city’s bank account that he uses to download porn and music.

    2. Pre-existing virus on laptop from said porn-downloading says, “Aha! Bank info. Great.” Hackers then use login info and clean out the account.

    3. Town officials who set policies in place to not do this shit on your virus-ridden home laptop are like “WTF? We have safeguards and rules. This sucks.”

    It’s the same kind of thinking that causes some twit with valuable data to leave his laptop containing 3.5 million Social Security numbers on the bus, or whatever. When all along he wasn’t even supposed to have that data on his laptop, let alone leaving it on the bus. Sadly there’s no way to protect against “I’m The Exception” stupidity.

    @someone: And yeah. If it isn’t the above, then it’s embezzlement. But my guess is that since the FBI is involved and they’ve only got $4800 back so far and none of the other town fathers has been arrested, my guess is hacking. I can’t imagine but that very few people would have access to that account, and it would be pretty simple for the FBI to take those 4-5 people and run a microscope over their finances to see if they suddenly came into $135K or made any unscheduled casual trips to the Caymans.

  41. 41.

    MM

    June 15, 2011 at 10:42 pm

    @someone:

    Embezzlement is definitely a possibility too. I just didn’t mention it on account of my interest in focusing on how ignorant mistermix is.

  42. 42.

    Jado

    June 16, 2011 at 1:45 pm

    Hey!

    HEY!!

    They SAID “hoocoodanode”. That’s the magic word, so back off Mr. Asksalottaembarrassingquestions.

    “This is a picture of Chewbacca the Wookie…”

    http://en.wikipedia.org/wiki/Chewbacca_defense

Comments are closed.

Primary Sidebar

Fundraising 2023-24

Wis*Dems Supreme Court + SD-8

Recent Comments

  • Baud on Late Night Open Thread: ‘Leader’ McConnell’s Troops Are Restless (Mar 23, 2023 @ 6:53am)
  • NorthLeft on Late Night Open Thread: ‘Leader’ McConnell’s Troops Are Restless (Mar 23, 2023 @ 6:49am)
  • Gvg on Open Thread: Inherit the Wind (Mar 23, 2023 @ 6:24am)
  • satby on Late Night Open Thread: ‘Leader’ McConnell’s Troops Are Restless (Mar 23, 2023 @ 6:18am)
  • NeenerNeener on Late Night Open Thread: ‘Leader’ McConnell’s Troops Are Restless (Mar 23, 2023 @ 6:16am)

🎈Keep Balloon Juice Ad Free

Become a Balloon Juice Patreon
Donate with Venmo, Zelle or PayPal

Balloon Juice Posts

View by Topic
View by Author
View by Month & Year
View by Past Author

Featuring

Medium Cool
Artists in Our Midst
Authors in Our Midst
We All Need A Little Kindness
Classified Documents: A Primer
State & Local Elections Discussion

Calling All Jackals

Site Feedback
Nominate a Rotating Tag
Submit Photos to On the Road
Balloon Juice Mailing List Signup
Balloon Juice Anniversary (All Links)
Balloon Juice Anniversary (All Posts)

Twitter / Spoutible

Balloon Juice (Spoutible)
WaterGirl (Spoutible)
TaMara (Spoutible)
John Cole
DougJ (aka NYT Pitchbot)
Betty Cracker
Tom Levenson
TaMara
David Anderson
Major Major Major Major
ActualCitizensUnited

Join the Fight!

Join the Fight Signup Form
All Join the Fight Posts

Balloon Juice Events

5/14  The Apocalypse
5/20  Home Away from Home
5/29  We’re Back, Baby
7/21  Merging!

Balloon Juice for Ukraine

Donate

Site Footer

Come for the politics, stay for the snark.

  • Facebook
  • RSS
  • Twitter
  • YouTube
  • Comment Policy
  • Our Authors
  • Blogroll
  • Our Artists
  • Privacy Policy

Copyright © 2023 Dev Balloon Juice · All Rights Reserved · Powered by BizBudding Inc

Share this ArticleLike this article? Email it to a friend!

Email sent!