Zeus Bot blamed for theft of Salem County funds

SALEM — Computer hackers have broken in and stolen approximately $19,000 by way of an illegal wire transfer from a Salem County bank account that held over $13 million in funds.

The illegal transaction happened in mid-December and as of late last week Salem County Chief Finance Officer Douglas C. Wright said the county has yet to recoup the money that was stolen.

Wright said the county is working with law enforcement officials, who believe the county system was attacked by a computer virus called a “Zeus Bot.”

Zeus Bot is a “Trojan horse” computer virus that steals banking information by keystroke logging and form grabbing. It is spread mainly through drive-by downloads and computer network phishing schemes.

According to online data from Prevx Security, the virus that helped hackers get access to Salem County’s account has allegedly compromised over 74,000 accounts of such companies as the Bank of America, NASA, Monster.com, ABC, Oracle, Play.com, Cisco, Amazon and BusinessWeek.

Wright said the hacker was able to access the county’s online banking system through the Microsoft Exchange server.

Exchange is an email-based collaborative communications server for businesses.

“They were able to jump in our account and essentially blocked us from logging on,” said Wright. “When they were logged in, they wired out $19,000 to an account with JP Morgan Chase out in California.”

Exactly $19,380.70 was stolen from the county account.

In all the account that was entered held more than $13 million in county funds, so the county may be lucky the theft was not devastating.

Wright said unfortunately the Information Technology (IT) Department at the county was unable to trace the Zeus Bot back to its origins.

“The virus changes and become undetectable in your system,” Wright said. “It’s very difficult to catch.”

This is not the first time this has happened to a county government agency  in New Jersey. Wright said Monmouth County was hit last year.

“We have reached out to the other counties in the state and the local municipalities to inform them, so they can be aware,” said Wright of the hacking and theft incident.

As a precautionary measure, the county is no longer using its online banking system, CashLink, which is run by Fulton Bank of New Jersey.

Wright said the computer that was attacked with the virus has also been removed and sent to a crime lab for analysis.

The county will also be setting up a new secure computer solely for the use of bank transactions. This computer will have no email, public Internet access, no disk drive or USB ports.

“This system should be running sometime (this) week,” Wright said.
Wright said they are also working with Fulton Bank and the county insurance broker to find a way to recoup the moneys stolen by the hacker.

“We are doing everything we can to get the $19,000 back,” he said.

Salem County Prosecutor John Lenahan said his office along with the New Jersey State Police are investigating the theft.

He could not provide any further information as the investigation is ongoing.

Subscribe to our Newsletter

Search ALL Articles

Managed V. Non-Managed



US-CERT Latest Warnings

Latest US-CERT Released Warnings