RAT Drains California Escrow Firm Out of Business

The firm had its remaining cash locked up in a state-established conservatorship overseen by a court-appointed state receiver
The firm had its remaining cash locked up in a state-established conservatorship overseen by a court-appointed state receiver

Security researcher Brian Krebs uncovered that it took just three fraudulent wire transfers to run Efficient Services Escrow Group out of business. 

The first transfer, in December 2012, sent $432,215 to Moscow. Then in January, two more siphoned a combined $1.1 million out of the account and sent it to the Chinese province of Heilongjiang, a cybercrime haven that was the subject of an FBI alert in 2011. That warning noted that $20 million stolen from small to mid-sized businesses had been sent to Chinese companies near the Russia-China border in 2010.

Working with its bank, Efficient Services recovered the bogus wire to Russia, but had no such luck with the $1.1 million that was sent to China. But despite the fact that Efficient Services was clearly victimized, the state of California was unforgiving in its policies, considering that the escrow accounts are entrusted with keeping people’s money safe.

California law requires that the company report the crime to state regulators, which it did, and was subsequently given just three days to replace the stolen booty. Unsuccessful in that endeavor, the firm soon found its remaining cash locked up in a state-established conservatorship overseen by a court-appointed state receiver.

The bank originally issued a report deeming the heist a case of embezzlement by one of Efficient Services’ employees. By the time that a state-appointed a forensics expert found that the company was actually a victim of a RAT, the company was already out of business.

Escrow companies are an attractive target for financial crime, Krebs points out, since they move large amounts of money around every day. In May, California issued an alert covering threats to escrow accounts, making it clear that responsibility lies with the escrow agent to protect itself: “The Department of Corporations has been informed of two escrow companies who were the victims of cyber-hacking this year, together losing an estimated $2,000,000 in trust funds. Both cases involved unauthorized wires to foreign bank accounts. One company took extraordinary efforts to replace the funds and is still in business. The other company was not able to replace the funds and is currently in conservatorship. This is an important reminder that each escrow agent must be vigilant in protecting trust accounts.”

The whole affair has taken a litigious turn, unsurprisingly. The receiver plans to sue the company's bank over the situation, partially for allowing the out-of-character bank transfers in the first place (Efficient Services had never sent money overseas before). Also, there’s a question as to security practices. Although the bank’s business customer accounts are typically protected by a username, password and dynamic token code, apparently the token wasn’t working at the time of the fraudulent transfers.

“At the end of the day, we want our clients to get their money back, but after that, we lost our business,” Efficient’s co-owner, Daniel J. Crenshaw, told Krebs. The company was set to clear a half-million in profit for the year.

He added that the company’s 20 former clients who are still owed money have been “very supportive” of the lawsuit. “We lost everything, and it’s entirely likely that my brother and I can get back what we lost and the interest on that, and maybe that will cover at best the attorney fees,” Crenshaw said. “But we’re still nine people out of a job.”

What’s hot on Infosecurity Magazine?