Even though Brian Krebs, author of the Krebs on Security blog, knew that the Town of Eliot, Maine was likely to have its account raided by cyber thieves, he was unable to stop it.
Krebs
TD Spokeswoman Jennifer Morneau would not discuss the incident with Krebs or with American Banker for reasons of customer privacy.
Norma Jean Spinney, the town controller, said the bank requires a user name, password and the answer to a challenge question for account access. Krebs noted that these methods are no longer considered adequate for protecting business accounts, according to new rules from the Federal Financial Institutions Examination Council.
A forensic analysis determined that Spinney's computer was infected by two malicious programs when the transfers occurred. Krebs advises using an operating system other than Windows for account access. "The attacks I've written about to date involved malware that will not run on anything but a Windows PC," he wrote.