We are all familiar with the term “cybercrime,” even if we aren’t fully knowledgeable about all of its ramifications. We regularly read about hackers who steal financial or personal information from individuals, institutions or businesses through which they gain access to money or valuable data. Sometimes, the theft stops with the targeted taking. Other times, the cyber invasion includes installation of viruses, worms or malware, designed to disrupt the operations of the targeted victim.
Last week we learned of a cyber theft hacking of the Jewish Federation of Greater Washington’s Endowment Fund, and the theft of some $7.5 million from one of its accounts. Although many of the facts regarding the theft and its investigation are being withheld at the request of law enforcement, the overall description, pursuit and impact of the crime are disturbingly familiar.
It appears that sophisticated hackers took advantage of Federation’s coronavirus-imposed remote operations to gain access to the organization’s computer system and to orchestrate a series of actions that enabled the wiring of funds to foreign accounts. The numbers are staggering. Although Federation has made clear that no other accounts or donor information were compromised, and that the endowment theft will not impact day-to-day Federation operations, annual allocations or activities, the targeted theft of such significant charitable dollars is unnerving.
Data and access breaches are, unfortunately, a painful reality of our cyber world. Institutions and individuals learn daily that the security of their systems are only as strong as the weakest link in their own systems and those of others with whom they interact. Whether it is through weak or stolen passwords, sophisticated trickery or employee negligence, practiced hackers regularly figure out ways to outsmart or outmaneuver many of the security protections that have been put in place.
That doesn’t mean that we need to accept the painful reality of hacking and its consequences. Indeed, the opposite is true. As The Federation and other examples of systemic hacking have taught, we all need to be more careful and more vigilant. As individuals, we need to be more password conscious, less trusting of emails and attachments that we don’t recognize or that don’t look quite right, less quick to click “yes” or “accept” in response to pop-up prompts that appear on our screens each day, and more thoughtful in how and what we communicate. And our businesses and communal organizations need to invest in heightened security, increased training and compliance enforcement, and accept the fact that increased vigilance and security are a fundamental cost of doing business.
Federation’s response to the theft has, by all appearances, been focused, disciplined and professional. Legal, cybersecurity and other experts were brought in promptly, and immediate coordination was established with law enforcement, banking and insurance personnel. Federation’s openness and messages of unity, caution and optimism are particularly welcome in this real-life test of community resilience.
The months ahead will undoubtedly be focused on pursuit of the criminals, a full investigation of the circumstances and as full a recovery as possible of the stolen funds. We look forward to a comprehensive resolution of the matter, and to a full public report.