According to the Nanaimo Daily News, the Royal Canadian Mounted Police are investigating a report that funds had been transferred out of the church’s bank account over the course of an ongoing effort.
“Somehow their account at one of the local financial institutions was compromised through the Internet,” Cpl. Tim Desaulniers of the Ladysmith RCMP detachment told the paper. “It’s very preliminary right now. It looks like it originated down East.”
Those alleged Eastern Canadian perpetrators waged their attack over the holiday season, but church authorities didn’t become suspicious until Dec. 27, when they reported the missing money to the police. Canadian Mounties say over a 10-day period in late December, there were six withdrawals from the church’s account made via online requests.
CTV News said that police are busy following the digital footprints of the culprits, and so far it appears that the hackers gained access via a church employee’s home computer, where they managed to sniff out log-in credentials and passwords for the church’s online banking site.
Desaulniers explained the fact that the attack was on a church over Christmas is likely an isolated situation, and that the attackers don’t appear to be particularly geared toward hitting churches.
It’s very likely that hackers were simply using a banking trojan in a consumer-focused info-stealing campaign and just happened to ensnare the church’s account details from the home computer. The incident brings into focus the necessity for staunch security measures when carrying out corporate or work-related activities online from a home or, worse, a public computer.