New Mexico Tech lost more than $200,000 to cyber-theft, the school discovered over the holiday break.
In the spring semester last year, thieves hacked into banking accounts at Tech and routed $204,000 to a private account before it was automatically bounced to an offshore account. Members of Tech's financial administration discovered the theft when reviewing all of the accounts receivable over the break.
"The cyber-criminals hacked into the banking systems' computers. How they did it we don't know," Tech spokesman Thomas Guengerich said. "New Mexico Tech's financial people caught the missing money during a routine reconciliation of our accounts receivable."
Guengerich said diligence is the best way to prevent similar losses at UNM.
UNM's Information and Technology Services said the University has protected itself against Internet thieves.
Vanessa Baca, spokeswoman for ITS, said UNM's Internet systems are adequate enough to deter cyber-criminals.
Get content from The Daily Lobo delivered to your inbox
"I know we are very protected," she said. "Unfortunately, systems breach is a reality not just for universities but for corporations and companies across the country. I can definitely say that UNM has very good defense systems in place."
Gil Gonzales, chief information officer for ITS, said reconciling funds is good business practice, especially for online transactions.
"It's an absolutely good practice to review your checking accounts and your balance audits monthly to make sure there are no suspicious transactions," he said.
Gonzales said ITS is good about managing funds and scrutinizing transactions.
"We have it on all fronts," he said of the defense system. "We have financial transactions with banks and with organizations that deliver services to us, so we have an obligation to audit our work, to be disciplined about how we communicate, and make sure what we're exchanging is what we agree to."
Officials have been able to recover only $160,000 of the money New Mexico Tech lost because of the complexity of the scam.
"There were two rounds of theft - one in late March of '08 and one in late April of '08," Gonzales said.
Guengerich said thieves hacked not only into Tech's banking systems but also used identity theft to accomplish their goal - a practice Gonzales says is becoming more and more common.
"We are constantly being attacked from the outside by bad people who want to gain access to confidential data," he said.
Identity theft affects large institutions but is also a risk for individuals, Gonzales said.
"That leads us into a discussion about 'cyber-infrastructure,' which is the hardening of all of these systems, because we realize that, long term, much of our business is going to be conducted over networks," he said.
Gonzales said students have to rigorously avoid identity theft to ensure they don't encounter worse.
"If you use online services for banking or anything else, verify that all those transactions are yours. Do it on a regular basis," he said. "There are limits to which the bank is liable if something does happen, so it's a whole new set of discipline and obligation of the student to protect themselves."
