Somebody — or a lot of somebodies — stole $19 million from the Kern County treasury over the past three to five years.

Who did it?

How did they do it?

The answer to the first question won’t be known for months. Federal Bureau of Investigation agents are currently poring over thousands of fraudulent transactions trying to track down the culprits.

Those investigators aren’t talking about the answer to the second question either.

But interviews with officials from the Kern County Treasurer-Tax Collector’s office, the Kern County Superintendent of Schools office and a new cybercrime-fighter training program at Cal Poly San Luis Obispo offer some clues.

CYBER

Jon Von Flue, the assistant superintendent who is tasked with overseeing finances at the superintendent of schools office, has gone through all the fraudulent transactions since the breach of the accounts was discovered in early February.

He said he’s convinced most if not all of the pilfering came from outside his organization.

“It’s not somebody inside forging a check,” he said. “It appears to be a cyber-type attack from the outside. This is all cyber stuff.”

Kern County Treasurer-Tax Collector Jordan Kaufman, who first alerted the public to the loss, said the money wasn’t going to individual people.

“The majority of the fraud activity was made (paid) to larger institutions and corporations,” he said.

Early in the investigation, Von Flue said companies like AT&T, department stores and other entities were being paid out of the two clearing accounts that served the KCSOS and the Kern Community College District.

Still confused?

Think credit card fraud on a massive scale.

Someone gets ahold of your credit card — or even just the card number and three-digit verification on the back.

They can then use that card to pay their cellphone bills, buy new clothes or make other payments, whether they are in Los Angeles, Florida, the Middle East or Tahiti.

The only difference here is that the $19 million loss was coming from checking accounts powered by taxpayer funds from 47 school districts, the county superintendent’s office and the regional community college district.

THE CRIME

A little history might be in order before we go much further.

On Feb. 7, Kaufman’s office announced that it had detected long-term fraud on clearing accounts — essentially government checking accounts — held in the Kern County treasury on behalf of the KCCD and KCSOS.

After weeks of investigation, he announced that the loss totaled $19 million. The KCCD account lost $16.4 million and the KCSOS account lost $2.6 million. About 30 percent has not yet been recovered.

The money, Kaufman explained, was taken over the past two to three years, though most of the losses were experienced in the past three to five months.

Why wasn’t it caught in all that time?

The superintendent of schools office and KCCD regularly monitored the traffic in and out of their main funds in the county treasury and meticulously documented and funded their legitimate payments to employees and service vendors.

But the losses weren’t in those accounts.

They were in clearing accounts where all the checks they authorized were actually paid.

Over time, the funds that recorded the activity in those accounts built up larger and larger negative balances.

But neither district had access to the transaction-level data on those clearing accounts, at the time of the fraud. The Kern County Auditor-Controller’s office had previously notified both districts, in 2005, that it would no longer be reconciling those accounts.

A quick glance at that data would have revealed that money was being stolen.

But nobody was watching the money.

EXPLOITED

Over the past couple of years the fact no one was paying attention to those accounts became clear to thieves.

Kaufman said the fraudulent transactions started small and escalated slowly. They exploded “exponentially” in the past several months.

Von Flue said gaining access to the accounts is not that difficult.

The money came from payroll accounts, he said.

“Anybody who got a check has that account information on it,” he said.

It’s not a distant leap from there to criminal use of data.

“It sounds like somebody was probing the system,” said Bruce Burton, the program manager of Cal Poly San Luis Obispo's new California Cyber Training Complex.

The university program, a partnership with the California National Guard, is designed to train law enforcement officials and students to investigate cybercrime and build defenses against cybercriminals.

He said the State of California recorded $200 million in losses from cyberfraud in 2016. And an ongoing effort is being made to find and combat cybercriminals. But it’s challenging work.

“Many of these attacks are launched from foreign countries,” he said. “It’s very difficult to do something to bad guys that are 10,000 miles away.”

Bruce Pixley, an instructor at CCTC and a former Santa Barbara County Sheriff’s Office cybercrime expert who consults with the U.S. Department of Justice, said online thievery is just a new angle for a very old crime.

And thieves are very clever at routing money through the financial network to claim a financial benefit without getting caught.

They encrypt communications, collaborate with other criminals and come up with unique ways to turn access to a lucrative account into cash.

“They’re always looking for ways to keep their distance from something coming back to them,” Pixley said.

Von Flue said names are attached to the fraudulent transactions but that doesn’t mean anything.

“We don’t know what names are real or not,” he said.

He suspects multiple criminals are involved.

Someone found out the accounts were vulnerable and a lot of people exploited it.

“I think of it as ‘somebody breaks a window and everybody jumps through it,’” Von Flue said.

Catching those criminals means long, tedious hours picking through data, hunting down internet protocol numbers, pulling in data through search warrants and following the money through all the twists and turns, Pixley said.

“How did the information get leaked, what’s the vulnerability, what’s the exploit,” he said.

While FBI investigators track down those answers, the superintendent of schools office, the treasurer-tax collector’s office and the Kern Community College District work to get back as much of the lost funds as possible.

RECOVERY

The agencies have been trying to get the money back by reversing charges — essentially canceling the payments made using the compromised accounts and returning the money to the county treasury.

Ultimately, it will be those businesses that must shoulder most of the multimillion-dollar bill for the fraud.

So far, Kaufman said Friday, the county and the two districts have recovered $11.8 million of the missing KCCD money and $1.7 million of the Kern County Superintendent of Schools funds.

But nearly $5.6 million remains missing.

Efforts to pull back more money are continuing, Kaufman said.

(4) comments

Grancer
Grancer

“The Kern County Auditor-Controller’s office notified both districts, KCCD and KCSOS, in 2005 that it would no longer be reconciling those accounts but neither district had access to the transaction-level data on those clearing accounts”. Undoubtedly a lot of the remaining missing money will never be recovered but there shouldn’t be too much problem discovering who was at fault for allowing the auditing void which in turn allowed the theft to remain undetected for such a long period of time and become so large.

Jpb1055
Jpb1055

It's easy to understand that the original thrives were covering their tracks by probably giving others access to the way they stoled from the clearing accounts. But the whole theft could have been avoided all together. This level of theft at a local level is shocking to me. This is taxpayer money that should be safeguarded by these three public agencies. What total incompetence. There should be outrage in this community and the individuals who had stewardship over these accounts must be FIRED! Those responsible, the managers or department heads have no business keeping their high paid jobs. They should be ashamed. Yet all involved are blaming others, including the cyber thrives who found the glaring incompetence of our local idiots. I suspect that the majority of the money will never be recovered, and things will go on as usual. Taxpayers will keep paying taxes to pay for mistakes of others. God help us.

jfrancais
jfrancais

This is the saddest excuse for leadership...instead of taking ownership they are going to blame the computer or the system...leaders implement and are responsible for systems...

Violated Veteran
Violated Veteran

How many veterans were bilked out of their GI Bill tuition payments?

Welcome to the discussion.

Keep it Clean. Please avoid obscene, vulgar, lewd, racist or sexually-oriented language.
PLEASE TURN OFF YOUR CAPS LOCK.
Don't Threaten. Threats of harming another person will not be tolerated.
Be Truthful. Don't knowingly lie about anyone or anything.
Be Nice. No racism, sexism or any sort of -ism that is degrading to another person.
Be Proactive. Use the 'Report' link on each comment to let us know of abusive posts.
Share with Us. We'd love to hear eyewitness accounts, the history behind an article.