Email Phishing CyberWar on Governments Around the World has Begun
Puerto Rico has gone through much more than its fair share of tragedy over the last 3 years. The 2017 Hurricane Season brought the devastation of Maria, which led to an island-wide blackout that in some areas lasted several months and was either directly or indirectly responsible for the deaths of thousands of residents.
The aftermath of Hurricane Maria brought to light many of the issues adversely affecting the Island.
Whether it was the corruption of the Puerto Rico Electric Power Authority (PREPA), to the ineptitude of local officials in executing the distribution of much-needed basic supplies. In fact, the subsequent discovery of multiple warehouses’ worth of undistributed supplies may have been one of the most disappointing details of the post-Hurricane recovery.
In just the past couple of months, tragedy has once again struck the US territory.
An extended period of seismic activity caused damage to thousands of homes and immediately rendered thousands of island residents homeless. The rolling earthquakes also damaged roads, caused landslides, cracked bridges and resulted in damage to critical infrastructure, including the Costa Sur power plant, which provides power to approximately a quarter of the island.
On the heels of Puerto Rico’s recent earthquake related difficulties, news broke last month that the commonwealth was hit by cyber criminals, as it was discovered that a government agency, the Industrial Development Company, a government-owned entity that works towards procuring local and foreign investment for the purpose of driving economic development on the island, was fleeced for $2.6 million dollars as part of an email phishing operation that saw the money transferred directly into an account managed by the perpetrators.
Email phishing involves the distribution of emails that claim to be from reputable entities in order to compel individuals to reveal personal and financial information, many times successfully stealing passwords, credit card numbers and identifying details of victims, including social security numbers and birth dates.
Although phishing is actually one of the oldest and most historically profitable forms of cyber-crime, as it dates back all the way to 1995 and is one of the more common avenues utilized in executing identity-theft crimes. According to the FBI’s IC3 annual cybercrime report it was the most common type of cyber-crime executed in 2019 with over 114,000 reported incidents.
Apparently, the agency transferred the money after receiving an email claiming that a change in how remittance payments should be processed necessitated the immediate transfer of the money. This is according to a statement made to the police by the director of the Industrial Development Company, Rubén Rivera
It is currently unknown whether the police or the Industrial Development Company have been able to recoup any of the money. The police also have not been able to figure out exactly who the perpetrators were of the scam.
When incidents like this occur, communication and a rapid response is key to mitigate potential losses that could potentially be attributable to similar attacks executed by the same group of criminals against other targets.
In Washington, legislators are currently mulling over a new piece of legislation that would require each state to appoint a lead cybersecurity coordinator. As our lives have gone online, so have our crime. Our local governments must do more to combat this issue. We have a whole new multi-decade struggle ahead of us.
The bill that is up for discussion in Washington is known as the Cybersecurity State Coordinator Act. There appears to be bi-partisan support and it will speed up response times to incidents in the event of a cyberattack or a hacking incident.
The bill is co-sponsored by Senators Maggie Hassan (D-NH), Sen. Gary Peters (D-MI), John Cornyn (R-TX) and Rob Portman (R-OH). The legislation looks to be a positive step forward towards protecting American interests in the ever-evolving cybersphere, as both parties understand the need to establish a state-level, federally funded program that can begin to address the multifaceted issue of cyber defense on the local level, while working in tandem with the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA).
One thing that is not immediately clear regarding the bill will be the impact that it has on US territories and commonwealths like Puerto Rico.
Incidents like this one should serve to remind Congress that America needs eyes in every corner she reaches, as Puerto Rico, which has been hit with a seemingly never-ending string of tragic events and is suffering through financial dire straits, cannot afford to be victimized in this manner.
Cyber-attacks for financial gain or as a form of militaristic aggression will only continue to grow as the world continues to become more dependent on technology. How we respond and adapt to that fact is key to the survival of not only America, but in many ways the entirety of the free world.
Julio Rivera is a business and political strategist, the Editorial Director for Reactionary Times, and a political commentator and columnist. His writing, which is focused on cybersecurity and politics, has been published by websites including The Hill, Real Clear Politics, Townhall and American Thinker.