As the custodian of the people's property and their most confidential information, the government has the responsibility to have secure and safe cybernetic systems, with maximum internal controls and administrative protocols that effectively prevent any fraudulent action.
Online scams targeting government agencies could total $4 million of the already scarce funds that belong to the people. So far, at least $2.9 million may have been reportedly frozen by authorities.
The unusual chain of online scam became public late on Wednesday after a complaint reporting a newly discovered transaction, however, dating back to January 17. This attack, detected at the Department of Economic Development and Commerce, and which could extend to the Employee Retirement System and other agencies, needs to be thoroughly investigated to find those responsible and to ensure that the gaps that allowed it to happen are closed.
The government's initial explanations have been vague and ambiguous regarding the wire transfer of $2.6 million from the Industrial Development Company to a fraudulent offshore account. It was first alleged that the transfer was in response to an email instructing to redirect remittance payments to a new account. On Thursday, the government attributed the transaction to an intrusion into the systems, known as "hacking".
The transparency of those in charge of this issue is critical to dispel suspicions. Citizens, investors, and federal authorities must be sure that the local government protects public assets, as well as sensitive data.
Shortly after the scam at the Industrial Development Company was made public, authorities reported that, under a similar scheme, the Tourism Company was the target of another $1.5 million fraud directed to an account in the United States. Those responsible for the fraud have reportedly falsified a letter regarding a change in the Employees Retirement Systems account. In this case, the finance division allegedly proceeded to issue the payments without verifying the information or their origin. Not following processes aimed at protecting essential public assets cannot be acceptable behavior in government entities.
So far the incidents raise serious questions about administrative protocols, cyber controls and the ability of the staff in charge, at the level of finance and information systems, to handle situations such as those described.
This is not the first time that the government has been the target of attacks on its information systems that drain the people's coffers. Two years ago, cyber-hackers hijacked the Treasury's systems and demanded payments in crypto-currency. Daily losses were estimated back then at $30 million, from revenues and sales. The government then reported that the attack erased 50 terabytes of Treasury data. That same year, the Child Support Office and the Municipal Revenue Collection Center systems were also attacked.
According to estimates, cybercrime costs about $45 billion globally. The vulnerability of public systems to these attacks not only erodes people's resources but also casts shadows on the credibility of government agencies.
We hope that ongoing investigations will identify the origin of these attacks and recover the money stolen. Furthermore, we expect to hold those responsible -for their acts or omissions- accountable to the full extent of the law, civilly and criminally.
In the meantime, it is urgent to fully review the government's information systems and accounts with the most competent staff, with proven and up-to-date systems. Strict protocols and internal control mechanisms to ensure compliance are part of sound administration practices that must always prevail in government agencies.
