A Texas based bank is suing a customer over 1.66M stolen in a 2012 cyberheist. The bank had initially believed that the cash had been routed out of the country but now believes it is within the country. The cash is believed to be held in an account in a U.S bank that has already been frozen by the FBI pending completion of the cyber heist crime.
In June 2012, unknown cybercriminals hacked into the computer systems of Luna & Luna. The firm is a real estate escrow entity based in Garland, Texas. The hackers stole the password and username which the firm was using to access and manage its bank account held at Texas Brand Bank (TBB) which is also located in Garland.
The hackers stole around $1.75 million via a number of wire transfers while using the stolen Luna username and password. These transfers were carried out between June 21st and July 2nd, 2012. Initial investigations showed that Jixi City Tianfeng Trade Limited Company which held an account at Industrial and Commercial Bank of China was the recipient of two of the wire transfers. A third transfer that went to a U.S based company and which was later recovered totaled $89,651.
Heilongjiang Provence is said to lurk with financial institutions that readily accept wire transfers of any large amounts from any corner of the world without any form of verification. Jixi, one of the recipient companies of the Luna’s stolen funds is located in this Northern Province bordering Russia. Incidentally, a year before the Luna attack, the FBI had issued a warning that the now infamous cyberheist destination Chinese province was the recipient of more than $20M the previous year. Most of the cyberheist funds are from small and medium-sized companies and routed towards Chinese economic and trade companies in this northern frontier Province of Chinese.
It was not until the bank informed Luna & Luna on July 2, 2012 that they were about to overdraw their account that they realized they had been victims of a cyberheist. The money that the criminals took from Luna’s account was being held in Escrow/trust for the U.S Department of Housing and Urban Development (HUD). However, much as the criminals had put Luna in a hard corner, they had practically robbed the U.S government. Luna had to approach the bank and make it understand that the money stolen belonged to the government and had to be replaced fast.
In their initial complaint, Luna reasoned that the theft affected TBB and HUD but more so TBB. TBB in its original complaint wrote that based on the fact that it stood to lose more than the siphoned monies, it had agreed to reimburse Luna. It agreed to reimburse the cash on condition that it could legally place a claim to recover the monies from Luna. Afterwards, TBB as it had promised demanded repayment from Luna but Luna refused to pay. On July 1, 2013, Luna sued to recover funds which now included legal fees and interest.
Much of the year that followed, Luna and TBB spent it haggling on where the trial should be held. Luna went ahead and filed a counterclaim lawsuit which alleged that TBB’s security system was highly inefficient. It claimed that the bank was in a position at the time of the theft to tell that payment to China, especially of large amounts was highly suspicious.
It is a defense against the Luna allegations, TBB clarified that stated that Luna agreed in writing that the bank should go ahead and execute hundreds of wire transfers to third parties from the client’s accounts. Moreover, the bank claims that it had expressly offered Luna the safer dual-controls security. This security measure requires that a customer has a different set of password and username for sending a wire transfer and for approving.
When in a conversation with an FBI agent, Luna learnt that $1.66M of stolen money was actually in an account at JPMorgan Chase. JPMorgan Chase was the receiving bank for these cyberheist funds.
In August, Luna went to a US District Court for Northern District Texas and reported what they had learnt from the FBI agent. Together with the TBB, Luna is requesting the government to release the said funds which will be used to settle the dispute once and for all.
The FBI didn’t want to comment on the matter. Northern District has investigations underway relating to criminal claims as well as fraudulent wire transfers. However, the court’s attorney refrained from commenting only saying that as of now no criminal charges have been drawn. It will be interesting to see how this puns out especially because both the firm and the bank can’t claim to be blameless.