Meath Council targeted in 'sophisticated' €4.3m cyber attack
A major international investigation is under way following a cyber 'CEO fraud' attack aimed at stealing over €4m from Meath County Council.
Some €4.3m has been frozen in a bank account in Hong Kong after the local authority was targeted in a "sophisticated" online scam.
The attempted fraud was carried out on October 28.
The Council said the attack involved impersonating the identity of chief executive, Jackie Maguire.
It is believed cyber criminals contacted a junior member of staff pretending to be Mr Maguire - and requested the transfer of some €4.3m to an account in Hong Kong.
However, the attempted fraud was detected before the transaction was completed, and the money has been secured. So-called 'CEO fraud' is the latest cyber threat facing businesses and other organisations which hold bank accounts.
The fraudster first gains access to a company's finance- related emails - to establish the role of certain individuals within a particular company - and their technical methods of communication. Usually the fraudsters hijack the CEO's email account, or create one that is near identical.
A junior employee is then sent a fake email that looks like it's from a superior asking to transfer money from one account to another.
The funds are usually sent to a foreign bank account.
The email may also indicate that the request is "urgent" or "confidential" in the hope of getting the funds moved quickly and quietly.
Industry experts say criminals use social media, among other online tools, to cultivate targets over time. These scams are typically for large amounts and have reportedly occurred in over 80 countries worldwide.
In a statement, Meath County Council said its bank was alerted and the matter was reported to the gardai, who provided assistance through the Financial Intelligence Unit in the National Economic Crime Bureau, and through Interpol.
"The funds have been secured and the matter is now the subject of criminal investigations, and legal proceedings, in Ireland and abroad.
"In light of the ongoing investigations, the Council has been advised to make no further comment on the matter at this time."
Fianna Fail TD Thomas Byrne expressed his shock at the attempted theft, describing it as a "disgraceful act".
"I hope the perpetrators are identified and brought before the courts to account for their actions.
"I will be seeking assurances that cyber security procedures within Meath County Council are at their highest possible level. I will also be looking for assurances that vital public services are not at risk, either temporarily or permanently, as a result of this attempted theft. It is also important that other local authorities across the country examine their own internal cyber security procedures to ensure they do not fall victim to a similar attack."
Fianna Fail councillor, Sean Drew, who is a member of the audit committee on Meath County Council, says he will be looking for a full review of the local authority's internal controls and security measures. "This attempted theft is shocking. We are lucky that the suspicious activity was identified and acted upon by An Garda Siochana. The detection and prevention of the attempted theft will allow for a full international criminal investigation to take place. As a member of Meath County Council's audit committee I will be looking for a full review of our internal control and security measures.
"It's important that any potential security issues are identified. We must be vigilant."
In January a number of Government-related and public sector websites were knocked offline by an apparent cyber attack. Websites including those of the Central Statistics Office, the Department Of Justice and the Courts Service were targeted.