Capitol - Your Illinois News Radar » IDES account hijacking, Raoul’s ransomware attack
SUBSCRIBE to Capitol Fax      Advertise Here      Mobile Version     Exclusive Subscriber Content     Updated Posts    Contact
To subscribe to Capitol Fax, click here.
IDES account hijacking, Raoul’s ransomware attack

Monday, Aug 2, 2021

* Joe Mahr at the Tribune

IDES has said it cannot by law discuss individual cases. In what little IDES has said about account hijacking, the agency has suggested that beneficiaries are falling for scams that allow thieves to steal their login information and redirect the cash, as opposed to hackers breaking into computer systems used by IDES.

Even if that’s true, IDES has yet to explain how it has been unable to stop repeated thefts from the same accounts, even after fraud was reported.

That’s the case with Winston. Winston, who lives about 45 miles southeast of Quincy, on the state’s western border, provided records to the Tribune showing that payments were being sent to his bank near Springfield through late March.

When an IDES email alerted Winston in April that his direct deposit information had been changed, he called IDES to report the fraud, then dug into it more himself.

Logging into his account, he saw his bank’s name had been erased from the direct deposit screen, and the routing and account numbers had been replaced.

Winston traced the routing number to a bank registered in Sandy, Utah, tied to Go2Bank. That’s an affiliate of the branchless Green Dot financial services firm that scammers have used to quickly transfer cash online or siphon it out through prepaid cards.

IDES told Winston to reenter his banking information online, and he did. Winston said he changed his IDES account password, to better protect himself, and also reported the fraud to Green Dot. So both IDES and the bank were on notice, according to a complaint Winston later filed with the state. Yet weeks after the first fraudulent transfer, another one was sent to the same Go2Bank account, Winston’s records show.

And then it happened yet again.

* Meanwhile, here’s Jared Rutecki and Ray Long

Illinois Attorney General Kwame Raoul said he has spent more than $2.5 million in crisis management after a massive ransomware hack crippled the agency in April and potentially exposed gigabytes of personal and confidential records on the dark web.

The taxpayer money is being used to rebuild computer systems, notify individuals their personal information may be at risk and get the office fully back online following the April 10 attack, carried out under a name linked to a notorious gang of cybercriminals based in Russia.

The breach came just eight weeks after state auditors met with officials at the attorney general’s office to warn of deficiencies in the agency’s cybersecurity programs.

In the meantime, many of the basic functions of the office — including consumer complaints, public records disputes and financial aid for crime victims — are being conducted by mail and telephone as online access remains shut down. The office has established a call center to handle identity theft issues and other public inquiries.

In his first detailed interview about the attack, Raoul told the Tribune and the Better Government Association his office never considered paying the blackmail demand from the hackers. He declined to say the amount of the ransom demand or how it was conveyed because of the ongoing federal investigation.

* Related…

* How Unemployment Insurance Fraud Exploded During the Pandemic - Bots filing bogus applications in bulk, teams of fraudsters in foreign countries making phony claims, online forums peddling how-to advice on identity theft: Inside the infrastructure of perhaps the largest fraud wave in history.

* Organization warns about continues scams in Illinois amid pandemic confusion: Illinois residents should be on high alert for potential scams. That’s the word from the Better Business Bureau, which says the state has become a hot spot for identity theft attempts. “In particular, they’re claiming to be from the Secretary of State’s office,” said Steve Bernas, president and CEO of the BBB in Chicago and Northern Illinois. “They’re basically asking you to click on a link or a text message, because something is wrong with your account or you need to update your driver’s license information or something of that kind.”

* IDES news: Illinois Republicans seek review of potentially fraudulent jobless payouts

- Posted by Rich Miller        

  1. - Chicagonk - Monday, Aug 2, 21 @ 9:46 am:

    A bipartisan IDES committee would make a lot of sense right now - Ignoring the issue won’t win Dems any votes.

  2. - Candy Dogood - Monday, Aug 2, 21 @ 9:52 am:

    ===The taxpayer money is being used to rebuild computer systems===

    Well, who else would be paying for this?

    After all we’re the ones that basically decided as an entity of 12 million people to not spend money to stay on top of all of the cyber security protocols and risks and to not consistently update our systems. This is without even accounting for the human component and the number of people working for the State and government in general that lack true proficiency in computer skills and haven’t been trained, or literally avoid security best practices because they find them inconvenient.

  3. - thisjustinagain - Monday, Aug 2, 21 @ 1:05 pm:

    I got a text message late one evening about my unemployment claim (that I never filed for, because I don’t work anymore), and directing me to a fake site to entire my IDES account information. I reported it to the Feds and the telco’s reporting system. But the massive failure of IDES to secure their systems or handle this mess sits firmly on JB’s lap at this point. This is one of his major “Get Better/Do Better” items left undone.

  4. - Candy Dogood - Monday, Aug 2, 21 @ 4:26 pm:

    ===But the massive failure of IDES to secure their systems or handle this mess sits firmly on JB’s lap at this point.===

    There’s at least three decades worth of fingers to be pointed here. Lets spread the blame appropriately. The system still relied on COBOL.

  5. - Jacinto Jerome - Monday, Aug 2, 21 @ 10:25 pm:

    COBOL is not to blame here.

    Lack of investment and maintenance in personnel, policy and procedures are.

    As has been noted, that failure lies at all of our feet.

TrackBack URI

Sorry, comments for this post are now closed.

* SUBSCRIBERS ONLY - Partisan breakdown of newly proposed congressional map
* *** UPDATED *** Democrats release new congressional map - More Latino strength - Newman, Casten in same district - Kinzinger, LaHood mapped together - Miller, Bost mapped together
* Reader comments closed for the weekend
* Question of the day
* The debate continues over the labor force participation rate
* *** UPDATED x1 *** Pritzker expands vax/test mandate to workers at licensed day care centers
* COVID-19 roundup
* Despite pleas and even threats, IDOC worker vax rate remains about the same
* Can't somebody at the state step in and help Dixmoor with its water problem?
* Giannoulias hit for accepting campaign money from his brothers, others
* Illinois: Tell Congress To Count All Copays
* Open thread
* Yesterday's stories

Visit our advertisers...









Main Menu
Pundit rankings
Subscriber Content
Blagojevich Trial
Updated Posts

October 2021
September 2021
August 2021
July 2021
June 2021
May 2021
April 2021
March 2021
February 2021
January 2021
December 2020
November 2020
October 2020
September 2020
August 2020
July 2020
June 2020
May 2020
April 2020
March 2020
February 2020
January 2020
December 2019
November 2019
October 2019
September 2019
August 2019
July 2019
June 2019
May 2019
April 2019
March 2019
February 2019
January 2019
December 2018
November 2018
October 2018
September 2018
August 2018
July 2018
June 2018
May 2018
April 2018
March 2018
February 2018
January 2018
December 2017
November 2017
October 2017
September 2017
August 2017
July 2017
June 2017
May 2017
April 2017
March 2017
February 2017
January 2017
December 2016
November 2016
October 2016
September 2016
August 2016
July 2016
June 2016
May 2016
April 2016
March 2016
February 2016
January 2016
December 2015
November 2015
October 2015
September 2015
August 2015
July 2015
June 2015
May 2015
April 2015
March 2015
February 2015
January 2015
December 2014
November 2014
October 2014
September 2014
August 2014
July 2014
June 2014
May 2014
April 2014
March 2014
February 2014
January 2014
December 2013
November 2013
October 2013
September 2013
August 2013
July 2013
June 2013
May 2013
April 2013
March 2013
February 2013
January 2013
December 2012
November 2012
October 2012
September 2012
August 2012
July 2012
June 2012
May 2012
April 2012
March 2012
February 2012
January 2012
December 2011
November 2011
October 2011
September 2011
August 2011
July 2011
June 2011
May 2011
April 2011
March 2011
February 2011
January 2011
December 2010
November 2010
October 2010
September 2010
August 2010
July 2010
June 2010
May 2010
April 2010
March 2010
February 2010
January 2010
December 2009
November 2009
October 2009
September 2009
August 2009
July 2009
June 2009
May 2009
April 2009
March 2009
February 2009
January 2009
December 2008
November 2008
October 2008
September 2008
August 2008
July 2008
June 2008
May 2008
April 2008
March 2008
February 2008
January 2008
December 2007
November 2007
October 2007
September 2007
August 2007
July 2007
June 2007
May 2007
April 2007
March 2007
February 2007
January 2007
December 2006
November 2006
October 2006
September 2006
August 2006
July 2006
June 2006
May 2006
April 2006
March 2006
February 2006
January 2006
December 2005
April 2005
March 2005
February 2005
January 2005
December 2004
November 2004
October 2004

Blog*Spot Archives
November 2005
October 2005
September 2005
August 2005
July 2005
June 2005
May 2005


RSS Feed 2.0
Comments RSS 2.0

Hosted by MCS SUBSCRIBE to Capitol Fax Advertise Here Mobile Version Contact Rich Miller