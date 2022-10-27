The ConocoPhillips Alaska’s Community Investment fund is trying to recoup $25,000 stolen by an unknown hacker, according to a complaint filed in U.S. District Court in Anchorage last week.
The company is hoping to learn the hacker’s identity by subpoenaing bank records.
The thief hacked into the email of the executive director of the Anchorage-based ANCSA Regional Association or ARA, which was supposed to receive the money, and redirected it to a different financial institution.
The grant was going to help pay for a 30-minute video highlighting the Alaska Native Claims Settlement Act (ANCSA) and Alaska Native regional corporations in celebration of the 50-year anniversary of ANCSA.
ARA is a nonprofit whose board of directors is made up of 12 CEOs of Alaska Native corporations, including Aaron Schutt, president and CEO of Doyon, Limited.
A complaint filed in U.S. District Court Alaska against “John Doe” reads that the ARA’s computer and email were hacked in June and July of 2021.
Someone “impersonated ARA’s executive director and forged ARA’s executive director’s signature on an EFT [electronic funds transfer] authorization and W-9 with the purpose of inducing ConocoPhillips Alaska to authorize payment to a bank account held by defendant instead of the intended recipient, ARA,” the complaint reads.
ConocoPhillips’ cybersecurity department discovered the fraud. The money went to the Navy Federal Credit Union and was withdrawn before the account was closed.
The fraudulent email hacking scheme violates the U.S. Computer Fraud and Abuse Act and Alaska law, according to ConocoPhillips.
An email was sent to the FBI about whether there is a criminal investigation.
“By this complaint and subpoena to NFCU, plaintiff seeks discovery of information leading to the identity of defendant and eventual recovery of the stolen funds,” the complaint reads.
An employee of ARA solicited ConocoPhillips Alaska’s Community Investment department — it’s charitable-giving arm — on April 2, 2021, asking for financial support for the production of the ANCSA video.
ARA was notified that the grant was approved 10 days later. ConocoPhillips and the nonprofit exchanged information in emails through June.
On June 21, 2021, at 1:34 p.m., an ARA employee sent the completed forms. About three hours later, this email was sent from the same account: “Kindly use our account at Navy Federal Credit Union as explained earlier, Been in a meeting and it is very hectic for me today. Attached the wrong file. Attaching it again right now.”
On July 8, 2021, ConocoPhillips Alaska sent an email to ARA acknowledging payment with an attached letter confirming the $25,000 transfer of funds.
“Several months later, on November 11, 2021, ARA employee sent an email to ConocoPhillips Alaska inquiring when ARA would receive the $25,000 payment,” the complaint reads. “ConocoPhillips Alaska responded stating the award was paid in July, attaching the award letter and tracking number. ARA then contacted its bank, First National Bank Alaska, which confirmed that it had no record of a $25,000 deposit.”
ConocoPhillips holds that someone used “programming techniques to hide or delete both the emails defendant sent from ARA employee’s email to ConocoPhillips Alaska and the emails received from ConocoPhillips Alaska to ARA beginning from approximately June 21 at 4:29 p.m. through the July 8, 2021, award letter from ConocoPhillips.”
ARA was unaware of the unauthorized email access until making an inquiry about the nonpayment in November.
A call and an email to ARA were not returned in time for this story.