Cybercriminals Steal $415,000 From County in Kentucky

Sophisticated international cybercriminals stole $415,000 from a bank account belonging to Bullitt County, Ky. last month — and got two dozen regular citizens to help them.

"It's stolen just the same way as if someone had come and took a .45 [caliber] pistol and held up a teller," county attorney Walt Sholar told TV station WLKY.

A gang based in the former Soviet Union used viruses to secretly take control of computers used by county officials, including the country treasurer and a local judge, according to the Washington Post.

Then they secretly re-routed e-mails containing one-time passwords that both the treasurer and the judge would have to use to authorize wire transfers from the account, which belonged to Bullitt County Fiscal Court in Shepherdsville and was used to make payroll.

Beginning on June 22, the hackers began sending transfers, each under $10,000 so as not to alert federal watchdogs, to the bank accounts of 25 different Americans who'd been unwittingly recruited as "mules" by the Eastern European criminals.

The mules, who'd responded to ads for temporary at-home editing work on the job-placement Web site, were instructed to keep 5 percent of the transfers as "commissions" and wire the rest of the money to accounts in Ukraine and Russia.

One mule found herself out thousands of dollars once Bullitt County got wise to what was happening and its bank started recalling the transfers.

County officials stressed that police, fire department and EMS workers would still be paid on time, and that the bank itself, First Federal Savings Bank, was never hacked into or compromised.

But the entire episode unsettled county residents.

"I'd like to find out who did it and where it went and how they're going to get it back into our county," resident Leslie Carlton told TV station WDRB Fox 41.

• Click here to read more from WDRB Fox 41.

• Click here to read how the criminals did it in the Washington Post's Security Fix blog.

• Click here to visit's Cybersecurity Center.