Slashdot Mirror

← Back to Stories (view on slashdot.org)

Tech Firm Ubiquiti Suffers $46M Cyberheist

Posted by Soulskill on from the why-you-should-always-read-your-TPS-reports dept.

An anonymous reader writes: Brian Krebs reports that Ubiquiti Networks, known for their wireless networking hardware, has lost $46.7 million to a scam in which thieves were able to impersonate employees and initiate fraudulent wire transfers. Ubiquiti was able to recover only $8.1 million of the amounts transferred, and an additional $6.8 million is subject to legal injunction. Krebs explains, "Known variously as 'CEO fraud,' and the 'business email compromise,' the swindle that hit Ubiquiti is a sophisticated and increasingly common one targeting businesses working with foreign suppliers and/or businesses that regularly perform wire transfer payments. ... CEO fraud usually begins with the thieves either phishing an executive and gaining access to that individual’s inbox, or emailing employees from a look-alike domain name that is one or two letters off from the target company’s true domain name." The theft was disclosed in Ubiquiti's quarterly financial report.

2 of 54 comments (clear)

  1. Look no further by Rumagent · · Score: 5, Informative

    Look no further than the sorry state of email today. This problem was fixed 25 years ago:

      https://en.wikipedia.org/wiki/Pretty_Good_Privacy#Digital_signatures

    One is almost tempted to think that someone is trying to keep private communications open and accessible...

  2. Why are transfers so hard to trace? by nuckfuts · · Score: 5, Interesting

    Something I always wonder when fraud occurs involving bank transfers - why can't the money be traced? The whole system works on computers, which are inherently good at keeping records. Even if multiple hops are involved, I see only one reason why law enforcement agencies should not be able to trace funds to their destination - the unwillingness of banks to cooperate.

    There needs to be an international banking agreement that facilitates tracking. If some shady offshore bank refuses to sign on with the agreement, participating banks should refuse to transfer money to them.

    The fact that such an agreement is not already in place points to the corruptness of our finanacial institutions. There is simply no motivation to impede movement of funds by criminals.