The call from the bank came at noon on Friday. “Did you guys request to add someone to all your accounts as a signatory?”
That one phone call from Matt Hamilton, a relationship banker at American Community Bank & Trust in Woodstock, was the final check that worked, keeping hackers from draining the accounts of the McHenry-Lake Soil & Water Conservation District.
Critchell “Critch” Judd, chairman of the SWCD, wants to make sure other districts are aware of what almost happened, and to pass on suggestions for trying to keep the bad guys at bay.
Even after an extensive network search at the SWCD, no one quite knows what was clicked in an email, or what security door was left open, that allowed computer hackers to gain access to the districts’ network and email accounts. Over an unknown length of time, the hackers patiently researched and gathered the information needed to approach the bank.
The bank received an email from the main account of the SWCD about adding access for a new employee. The hackers followed up with all the needed forms, identification, copy of a utility bill, copy of a passport of a fictitious new employee and a forged authorizing signature from the Executive Director.
And none of the emails came to the district inbox or showed up in the outbox at the SWCD offices. All the correspondence was flying under the radar.
Critch Judd, chairman of the McHenry-Lake Soil & Water Conservation District.
Critch said the saving grace was having accounts at a local bank, and having an established relationship with the bankers. Critch said if the district had an account at a large national bank, he’s sure all the boxes would have been checked and access to the account would have been granted.
But Matt Hamilton from the bank thought something didn’t look right, and called Spring Duffey, executive director and resource conservationist at the district, and asked if she knew the new employee. After saying she had no idea who that person was, Critch instructed the bank to not make any changes unless he signed off. Critch got together with the bank after the weekend, and they looked at all the seemingly legitimate documents and were glad the attack had been stoped.
Some ideas on what you can do to protect your local SWCD.
- Have a relationship with a small bank who knows you and your business. Critch had dealt with his local bank for years for his own business and his Scout troop, and bank personnel knew the SWCD, its staff and their business. The banker was not hesitant to call and check on something that was unusual. “You really have to know who you’re doing business with,” Critch said. ”I have a feeling if it was a big bank, this would have sailed through, and all of our accounts would have been drained over the weekend.”
- Review your electronic safety protocols. Keep up on training and relationships with your coworkers and contacts so you know not to click on an unexpected link or file.
- Take technical steps to harden your network. Keep software updated and run software patches. Two-factor authentication might slow things down, but it pays off when an attack is thwarted. Limit access to the network by phone. And set geographic limits to block overseas access.
The tech consultant for the McHenry-Lake SWCD district came in to investigate afterwards, and found a couple thousand files out of 60,000 on various computers that might have been locked in a step towards a ransomware scheme. The tech said the activity was beyond virus scan, and could have been going on for a year or two.
Matt Hamilton from American Community Bank & Trust talked to his security team and also had suggestions:
- Have a robust password policy.
- Use long passwords and change them periodically.
- Have an account lock-out policy (3 strikes).
- Run antivirus software.
All of these steps are relatively inexpensive and within reach of smaller organizations. “Fraud is becoming more and more prevalent,” Matt said “The hackers are always trying to stay one step ahead of what we do, and what clients do to protect their funds.”
One point that really surprised Critch is there’s no law enforcement help. He went to the local police to file a report. But, since the hackers didn’t get anything there was nothing they could do. He also contacted the Illinois Attorney General’s Office, to make sure there wasn’t a reporting requirement because of the SWCD’s connections to state government. But he never heard back from the cybersecurity team. “It seems law enforcement can’t do anything unless something is stolen,” he said.
Critch started with McHenry-Lake Soil & Conservation District as a board member and has been chairman since 2000. He came to SWCD service after a career working for FS and selling seed just across the border in Wisconsin. He said visiting with farmers, getting on the farm and getting to see their work, was what he loved most about his job.
Photo and Story by Steve Warmowski – AISWCD Communications Coordinator
