If Carson Treasurer Karen Avilla had had a nagging feeling she was being watched whenever she got on her laptop computer, she would have been right.
Cyber-thieves were able to shift nearly $450,000 from the city's general fund last week by using a program that was able to mimic the computer strokes made by Carson's financial officer. Each time Avilla logged on to her city-provided laptop in the morning, someone was -- virtually -- looking over her shoulder, recording every single keystroke.
Armed with the spyware program, the hackers obtained bank passwords. They wired $90,000 to a "Diego Smith" in North Carolina. One day later, on May 24, the thieves got bolder and wired $358,000 from the city's bank account to a bank in Kalamazoo, Mich.
Avilla and her deputy discovered the theft just in time to have all but $45,000 of the funds frozen. But the experience left city leaders rattled.
"As I sat there with the detectives and the forensic folks from the bank, I thought, 'I don't even want to touch a computer,' " Avilla said Thursday. "I felt violated. It made me think, 'Who's out there?' "
The crime raised concerns about the security of municipal coffers, especially when wireless networks are used. Although such city hacking cases have been isolated, some experts said many municipalities lack the large information technology staffs and large budgets for computer security.
"If you go after a local municipality, they're more likely to have fewer people dedicated to computer security," said Eric Schultze, chief security architect for Shavlik Technologies in Minnesota and a widely cited expert in anti-hacking circles.
Avilla said she still doesn't know how her computer was targeted. She said she doubts it had the latest security software patch protections -- something sheriff's detectives and bank investigators told her is essential in safeguarding her computer.
She said that as soon as word got out, Carson fielded calls from officials in other cities, asking how they could protect themselves.
South Gate City Manager Gary Milliman said he has seen all sorts of fraud perpetrated against cities in 32 years, but nothing like this. "I think it's a concern," Milliman said. "It's something we're going to check into to make sure there isn't a vulnerability in our system."
Earlier this year, the finance director of the Northern California city of Willows discovered that a hacker had taken $4,000 from a city fund. Avilla said cities may not always notice smaller thefts.
