Skip to main content

Analysis | The Cybersecurity 202: Unemployment claims are the latest target for coronavirus fraudsters

By Joseph Marks

with Tonya Riley

A fraud campaign that has wrested millions of dollars from state unemployment agencies shows how states' poor information security protections have left them highly vulnerable during the coronavirus pandemic.
The scammers took advantage of weak systems states use to verify the identities of people applying for unemployment benefits to file thousands of fraudulent claims, as the New York Times’s Mike Baker reports.
Those systems are even more vulnerable now because states are rushing to get funds out to millions of newly unemployed people and, in some cases, foregoing lengthy reviews that weed out phony claims.
“There’s a dire need to get money out quickly. This makes us an attractive target for fraudsters,” Suzi LeVine, commissioner of Washington State’s Employment Security Department, which has been hit hard by the scammers, told the Times.
The crimes are going to cost states whose resources are already stretched to the breaking point by the pandemic. “This is a gut punch,” LeVine said.

A woman wearing a face mask walks past a sign in the window of a food store announcing that the business is closed. (Olivier Douliery/AFP/Getty Images)
The phony unemployment claims could cost states hundreds of millions of dollars, the U.S. Secret Service warns. 
The Secret Service has spotted claims that are likely fraudulent in Washington state, Florida, Massachusetts, North Carolina, Oklahoma, Rhode Island and Wyoming, according to a memo reviewed by the Times. But the fraud could be far broader and the Secret Service is still investigating.
The scammers appear to be part of a well-organized Nigerian fraud ring, the memo states.
The unemployment systems mostly rely on easy-to-find information to verify people are who they say they are. 
This makes them especially vulnerable. In some cases, applicants don’t need to provide anything more than their name, Social Security number and some other basic information, cybersecurity blogger Brian Krebs notes. That information has all likely been exposed by numerous past data breaches, and scammers can easily find it for sale on dark corners of the Internet.
The scammers in this case appear to have run a particularly professional operation, gathering large troves of data, known as personally identifiable information, or PII. And they avoided misspellings and other common errors that alert officials to fraud.
“It is assumed the fraud ring behind this possess a substantial P.I.I. database to submit the volume of applications observed thus far,” the Secret Service memo said.

A composite photograph shows signs on shop fronts informing customers of temporarily closed restaurants and shops. (Hannah McKay/Reuters)
The surge of fraud during the pandemic makes state and local governments' cyberdefense jobs even harder. 
Criminal groups have locked up computer systems and held them for ransom in dozens of cities in recent years, including Atlanta and Baltimore.
Since the virus hit, hackers locked up medical files at an Illinois public health agency and the state's unemployment office inadvertently exposed citizens' personal information. The Texas state government has also been hit with multiple digital attacks in recent weeks.
And hackers have created phony coronavirus-related sites that appear to belong to state and local governments to harvest people’s personal data.
The federal government hasn’t been much help. Democrats on the House Homeland Security Committee urged Speaker Nancy Pelosi (D-Calif.) to include $400 million to help state and local governments improve their cybersecurity in the next round of coronavirus stimulus funding, but the money didn’t make it into the final bill, which passed the House Friday.
Washington state, which is among the states hit worst by the pandemic, is a major target for the unemployment fraud. 
The state shut down its entire unemployment system over the weekend after discovering $1.6 million in erroneous payouts, slowing the processing for a surge in legitimate unemployment claims, the Seattle Times reports.
About one in three workers in Washington state has applied for unemployment, and the state paid out about $1.8 billion in claims in April, the paper reported.
The scammers have also focused on filing phony claims for people employed by school districts, universities and municipal governments. One of the organizations hit hardest was Western Washington University, which told the Seattle Times that 410 members of its 2,463-person staff were targeted by fraudulent claims.
The operation also relies on a large number of “money mules” inside the United States, the Secret Service said. 
Those are people who accept digital transfers of the fraudulent money and then transfer it abroad to scammers so it’s harder for law enforcement to track.
They’re a critical component of other Nigeria-based scamming operations, which attempt to dupe victims into sending money abroad to collect a prize or inheritance or because they believe it’s going to a phony romantic interest living abroad.
Mules are sometimes victims of such online romance scams and don’t realize they’re committing fraud.

The keys
Officials in U.S. states, the United Kingdom and Canada are clashing with Apple and Google about restrictions on the companies’ contact tracing technology. 

Medical staff of a mobile unit take samples from a woman to test for the coronavirus. (Cecilia Fabiano/LaPresse/AP)
The companies have set strict limits on apps that use their Bluetooth-based system for tracking contacts of people infected by coronavirus, including blocking them from also tracking people's locations or sharing data directly with public health agencies. But those restrictions threaten to make the apps nearly useless for public health officials, Reed Albergotti and Drew Harwell report.
Apple and Google, meanwhile, say the restrictions are vital to protect privacy. “The companies are also concerned that easing the restrictions around apps’ Bluetooth use would drain phone battery life, which could irritate customers,” Reed and Drew report.
The companies’ explanation has irked public health officials who note big tech firms have long profited from collecting large amounts of people’s personal information.
If it’s between Google and Apple having the data, I would far prefer my physician and the public health authorities to have the data about my health status,” Helen Nissenbaum, a professor of information science and director of the Digital Life Initiative at Cornell University said.
European countries, on the other hand, are increasingly embracing Apple and Google's system, Sam Schechner and Jenny Strasburg at the Wall Street Journal report.
Germany, Italy and Ireland have switched to a system compatible with the companies’ technology in recent weeks. Even the European Union's top tech watchdog, Margrethe Vestager, has encouraged members to embrace the companies' model so that the region can have a common approach that will allow for tracing contacts between citizens as they cross borders.
Top counterintelligence official William Evanina will take over briefing political campaigns about cybersecurity threats. 

William Evanina, director of the National Counterintelligence and Security Center. (Bill O'Leary/The Washington Post)

The briefings used to be run by the FBI and Department of Homeland Security, CNN's Alex Marquardt and Zachary Cohen report. Both agencies will still be involved in coordinating and sharing threat information, but with the intelligence community in the lead on briefings now.
The shake-up follows mounting reports that Russia is attempting to interfere in the 2020 election and growing concern among  Democrats that the White House is politicizing intelligence about the threats. Top election security official Shelby Pierson told lawmakers in February that the Kremlin wanted to see the president reelected — only for the agency to say that Pierson overstated Russia's preference in a follow-up briefing.
Evanina was confirmed by the Senate as director of the National Counterintelligence and Security Center earlier this month but has been the center’s acting director since 2014.
Hackers targeted supercomputers used for coronavirus research in Switzerland, Germany and the United Kingdom.

According to the Juelich Research Centre, three high-performance computers have been attacked by unknown hackers and have been shut down since May 14. (Sascha Steinbach/EPA-EFE/Shutterstock) 

It's unclear whether the attacks were connected or who was behind them, but the nature of the attack indicates hackers may have been trying to steal research, William Turton at Bloomberg news reports. The malware affected login systems for the computers, which are capable of vastly more complex calculations and at far faster speeds than consumer devices, but not the computer's internal machinery or data.
Affected systems in Switzerland and the United Kingdom were still down this weekend for repairs.
The attacks occurred the same week the U.S. government warned about China-based hackers targeting coronavirus research at U.S. labs.

Government scan

Senate Intel's final report for its three-year Russia investigation is headed for a declassification review.

Sen. Richard Burr (R-N.C.). (Jim Lo Scalzo/EPA-EFE/Shutterstock)

Burr (R-N.C.) submitted it on Friday to the intelligence community shortly before temporarily stepping down from the committee's chairmanship while officials investigate questionable financial sales he made in the early days of the pandemic.
Among other topics, the report digs into contacts between Russian operatives and the Trump campaign, the Associated Press reports.
More government cybersecurity news:

Chemical facilities are vulnerable to crippling cyberattacks due to outdated government cybersecurity guidance, the Government Accountability Office (GAO) concluded in a report released this week.
The Hill

Cyber insecurity

Hackers want $42 million to not release documents related to President Trump. But there’s no proof they have what they claim.

President Trump. (Chris Kleponis/Polaris/Bloomberg News)

The group did release other documents stolen from the law firm Grubman Shire Meiselas & Sacks that appear to be legitimate, Kevin Collier and Diana Dasrath at NBC News report.
Trump has never been a client of the firm, however. The law firm confirmed that it had been breached and said it was working with law enforcement.
The law firm boasts high-profile clients including Bruce Springsteen and Lady Gaga. Hackers released documents they claim involved the firm's work with Lady Gaga last week after it refused to pay the ransom, Rolling Stone reports.

Global cyberspace

China's Commerce Ministry warned it will retaliate against the United States' recent ban on Huawei if necessary. 

The logos of Huawei. (Andy Wong/AP)

The ministry urged the United States to halt a ban the Trump administration announced Friday on global computer chip suppliers selling to Huawei and other companies that the United States deems national security risks, Reuters reports. Possible countermeasures could include new restrictions on U.S. companies including Apple and Qualcomm, Beijing warned.
More global cybersecurity news:

The information includes sensitive information and encrypted passwords.
Politico Europe

Chat room

Online scammers routinely pretend to be someone they're not. But it takes a lot of chutzpah to pretend to be U.S. Cyber Command Chief Gen. Paul Nakasone and start flirting with people on Facebook Messenger. CyberScoop's Jeff Stone has the story:
Someone ran a Facebook page as Stephen Lyons, a US Army general, to introduce women to other “generals,” including NSA’s Paul Nakasone.
“I’m single and my eyes are always open,” a teacher stuck at home told me. “If I see a good looking guy in uniform, I’m going to click.”
— Jeff Stone (@jeffstone500) May 15, 2020
“I Googled this guy and I’m like, ‘Are you kidding me?’ ” Susan, who asked to be identified by only her first name, told CyberScoop. “And it was very flirtatious, but I’m a married woman." But Susan and her friend Cindy kept digging:
That’s around the time one of Nakasone’s pen pals became suspicious, and contacted us. We urged her to trick him by asking wonky legal questions that the real Nakasone discusses. (This scammer then copy & pasted descriptions from military journals.)
— Jeff Stone (@jeffstone500) May 15, 2020
The scammers wouldn't cop to it, though.
the best part of this ridiciulous story is these sources found me by Googling “Nakasone,” which turned up this old gem.
— Jeff Stone (@jeffstone500) May 15, 2020


  • The Center for Strategic and International Studies will host an online event “Who Makes Cyberspace Safe for Democracy?” on Tuesday at 12:30 pm.
  • The Senate Commerce Committee will mark up the CYBER LEAP Act on Wednesday at 10 a.m.


Popular posts from this blog

Analysis | The Cybersecurity 202: How the shutdown could make it harder for the government to retain cybersecurity talent

By Joseph Marks 13-17 minutes THE KEY President Trump delivers an address about border security amid a partial government shutdown on Jan. 8. (Carolyn Kaster/AP) The partial government shutdown that's now in its 18th day is putting key cyber policy priorities on hold and leaving vital operations to a bare bones staff. But the far greater long-term danger may be the blow to government cyber defenders' morale, former officials warn. With the prospect of better pay and greater job security in the private sector, more government cyber operators are likely to decamp to industry, those former officials tell me, and the smartest cybersecurity graduates will look to industry rather than government to hone their skills. That’s especially dangerous, they say, considering the government’s struggle to recruit and retain skilled workers amid a nationwide shortage of cybersecurity talent. About 20 percent of staffers are furloughed at the De

Democrats call for investigation into Trump’s iPhone use after a report that China is listening:Analysis | The Daily 202 I The Washington Post. By James Hohmann _________________________________________________________________________________ President Trump and Chinese President Xi Jinping visit the Great Hall of the People in Beijing last November. (Andrew Harnik/AP) With Breanne Deppisch and Joanie Greve THE BIG IDEA: If Democrats win the House in two weeks, it’s a safe bet that one of the oversight hearings they schedule for early next year would focus on President Trump’s use of unsecured cellphones. The matter would not likely be pursued with anywhere near the gusto that congressional Republicans investigated Hillary Clinton’s use of a private email server during her time as secretary of state. Leaders of the minority party have higher priorities . But Democratic lawmakers made clear Thursday morning that they will not ignore a New York Times report that Trump has refused to stop using iPhones in the White House, despite repeated warnings from U.S. intelligence offici

RTTNews: Morning Market Briefing.-Weekly Jobless Claims Edge Down To 444,000. May 13th 2010

Morning Market Briefing Thu May 13 09:01 2010   Commentary May 13, 2010 Stocks Poised For Lackluster Open Amid Mixed Market Sentiment - U.S. Commentary Stocks are on pace for a mixed start to Thursday's session, as a mostly upbeat jobs report continued to relieve the markets while some consternation regarding the European debt crisis remained on traders' minds. The major index futures are little changed, with the Dow futures down by 4 points. Full Article Economic News May 13, 2010 Weekly Jobless Claims Edge Down To 444,000 First-time claims for unemployment benefits showed another modest decrease in the week ended May 8th, according to a report released by the Labor Department on Thursday, although the number of claims exceeded estimates due to an upward revision to the previous week's data. Full Article May 13, 2010 Malaysia's Decade High Growth Triggers Policy Tightening Malaysia's economy grew at the fastest pace in a decade in