Home | Ketchikan | Alaska | Sports | Waterfront | Business | Education | Religion | Scene
Classifieds | Place a class ad | PDF Edition | Home Delivery

On Monday, the University of Alaska Board of Regents voted 10-1 to declare...

A man who joins the U. S.

Robert L. “Bob” “Orpalo” “Tudoc” Valerio, 85, died June 30, 2019, in Seattle.
Cyber theft targets city government

Daily News Staff Writer

The City of Ketchikan has been a victim of cyber theft.

In late November, the Port and Harbors Department fell prey to an email phishing scam, losing almost $20,000.

The spoofed emails borrowed verbiage, as well as phone numbers, names, titles and even logos, from previously exchanged emails between the department and the infrastructure firm Moffat & Nichol, according to city documents.

The only noticeable difference was one of the 24 characters in the email address was different from the legitimate Moffat & Nichol address. An “i” was changed to an “l.”

When City Manager Karl Amylon reported the fraud to the Ketchikan City Council on Dec. 6, he said, “Suffice it to say, what I’ve learned this week, has just got my head spinning.”

He added that, “We’re putting some interim measures in place to try to tighten that up. And we’re also going to be bringing in specialized training for the departments and the people involved in this."

Since then, the city's insurance covered all but $2,500 of the loss. The city received the payment Feb. 8.

Curtis Thomas, director of IT for the city, said that the City of Ketchikan's IT infrastructure wasn't compromised. He said the email wasn't caught by the city's spam filter system (which blocks out about 100,000 emails a month) because it was a part of an existing email thread.

Moffat & Nichol declined to comment, other than to say their systems were not compromised.

According to city documents, it all started on Nov. 14, when Moffat & Nichol sent a real email of its latest invoice to the Port and Harbors Department Director Steve Corporon. The body of the email contained info for Automatic Clearing House, or electronic, payments. It also contained an address for payments to mail via check, which is how the city usually paid them. The email, from Noranne Harris of Moffat & Nichol, also included Shaun McFarlane of the same firm as another contact regarding the invoice.

Later that same day, the first fraudulent email arrived at Port and Harbors with the same Moffat & Nichol names, information and invoice number. The email, which looked like it was from Harris, stated the company was implementing a transition in its accounts-receivable division because of some “abnormally high tax imposed on domestic/international transfers,” and was using its “subsidiary company account to receive further payments.”

The next day, Nov. 15, Corporon opened another fraudulent email that looked like it was from McFarlane. The email was basically a follow-up, to which Corporon responded that he sent the request for payment to the city's Finance Department.

Another fraudulent email claiming to be from McFarlane was sent to Corporon minutes later, asking for the payment to be sent via ACH.

Next, Corporon sent an email to the city’s accounts payable coordinator, asking to change the payment method. This email was forwarded to the City Finance Director Bob Newell for approval to make the payment through ACH. Newell approved the request that same morning.

Six days later Corporon submitted the ACH transaction through a Wells Fargo ACH CEO online banking portal.

On Nov. 23 the transaction was processed.

In early December, the real Moffat & Nichol again emailed an invoice for the $19,500 payment requested in November.

The department responded, saying the payment had been processed, and asked if they could go back to paying by check in the future.

At which point, the firm called the department and said it hadn't received any electronic payments and moreover, it didn’t ask for one.

Once a fraud was realized, Newell suspended any new ACH requests or changes to vendor payments.

The issue has been turned over to the Ketchikan Police Department which is investigating.

There hasn't been an arrest in the case, according to KPD Lieutenant of Investigations, Andy Berntson who noted the rise and increased sophistication of cybercrimes.

"It's weekly that we're getting calls on some kind of internet related fraud or crime," said Andy Berntson, KPD lieutenant of investigations, "And often it's after a loss of some significant money."

The FBI's Internet Crime Complaint Center's most recent data on cybercrimes tallies 2017 losses at $1.4 billion compared to $240 million a decade earlier.

"It's disturbing because it's hard for the world to keep up and learn how to combat this," said Berntson. It's like a virus, as soon as you figure out how to stop one, then they kind of use a different way in."

Ketchikan isn't alone in having to deal with such issues.

Last week in Juneau, Alaska Chief Justice Joel Bolger addressed the Legislature about the need to upgrade cyber security for the Alaska court system.

Bolger mentioned a recent virus that knocked out the Nome courthouse computers for several days. It was the same type of computer virus that infected the Matsu Borough offices last year, according to Bolger.

"Our staff was able to contain the problem quickly, and we narrowly avoided huge statewide losses," Bolger said. "We are currently very concerned about cyber security."