Special to El Rrun-Rrun
"If this is an instance of phishing, then BPUB has cyber security insurance that can cover most if not all of the damages that the company has incurred." COB District 1 Commissioner Nurith Golonsky
Let's think about that one.
Some cyber phisherperson(s) somewhere in the world who dedicate themselves to stealing on the internet - say in China or Nigeria, or Who Knows Where, SPI? - stole $1.3 million from the Brownsville Public Utility Board.
Phising is defined as "the fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers."
That explanation has been floated as how - about two months ago - the PUB Finance Dept. transferred $1.3 million to an account at Bank of America in payment to Texas Noble Builders.
That explanation asserts that the PUB administration, its Finance Dept., Noble Builders, and the Bank of America were infiltrated by the phiserpersons and retrieved knowledge which allowed them to deduce that:
1. PUB owed Noble a $1.3 million payment for the salary draw on the company's share of the $16.4 million contract to build the utility's new administration building and was issuing a payment in the near future. Payment to vendors always have to come before the board to the PUB board and has to be approved. So that first step could be borderline credible. Those cyberthieves in Beijing or the Ukraine are probably scouring all the agenda of local entities to phish for leads. Then,
2. Before the (electronic) check was cut and issued, the phishers were able to infiltrate Noble Builders (or PUB) to learn the bank account number at their bank (Lone Star National Bank), use their email to direct the PUB Finance Dept. to redirect the payment to a bank account at Bank Of America (at a new account they set up, when?).
Later, the PUB requested a hard letter from noble confirming the email directives to redirect the payment, and the (phishers?) had one sent.
Later, the PUB requested a hard letter from noble confirming the email directives to redirect the payment, and the (phishers?) had one sent.
3. That once the letter was produced - allegedly by someone at Noble - the Finance Dept. sent the $1.3 million to the Bank of America account. Once there, it flew faster than an electric impulse on the PUB grid.
4. That's when Noble told PUB it hd not received the payment, the swindle surfaced and that - once Noble insinuated litigation - Bruciak, in consultation with board president Anna Oquin and its legal counsel, had a second $1.3 million payment issued to Noble under the authority of the board's previous payment and never went before the board for approval of the new expenditure.
Consider this: The additional $1.3 million payment was not part of the original payments approved by the board. It was $1.3 million more than what the board had approved. And Bruciak, the PUB counsel, and the chair saw fit to act unilaterally and spend $1.3 on their own without board approval of the additional cost.
Why do we appoint boards again?
Now, the "Phisher Theory" asserts that online criminals had time between the posting of the PUB meeting agenda (72 hours before the meeting) and the passing of the vote before putting their plan into action.
Commissioner Galonsky has stated that it's "been less than two months since the incident in question happened and the BPUB Board has decided to wait until the FBI investigation is concluded. If this is an instance of phishing, then BPUB has cyber security insurance that can cover most if not all of the damages that the company has incurred."
Perhaps a situation where the help (Bruciak) can issue a $1.3 million payment over the amount approved by the board on their own accord and with the mere acquiescence of a board chairman and legal counsel is business as usual to the commissioner, but we beg to differ. Administrators have been hauled off from their offices in handcuffs for approving payments for other things - like wind and medical insurance - on their own.
There is also, the "Inside Job" Theory that someone (with conspirators) with inside knowledge of people, times and places, bank account numbers, etc., staged the heist.
"I trust that the FBI will identify everyone involved in the crime and prosecute them accordingly, the commissioner said. "Meanwhile, BPUB’s internal auditor has done her own audit and given recommendations on what policies and procedures should be adopted to avoid the same situation happening again. Consequently, it is my opinion that having the City Commission initiate its own audit and/or investigation at this time is premature or duplicative."
That Bruciak, who has been the PUB's CEO for the last 22 years and is paid handsomely for it ($303,000) as is CFO Saenz ($2736,603), needs more time to learn and "adopt" safeguards "to avoid the same situation happening again" is more than charitable. It seems to be more of a deliberate abeyance of an elected official to their fiduciary duty to safeguard the public's interest.
Insurance will pay for it? And who pays for the deductible and premiums? Bruciak? The board? The city commission?
If the $1.3 million was your money and your banker lost it, would you forgive and forget and hope he learned his lesson and it doesn't happen again?
The theory that the $1.3 million theft can be attributed to a phishing crime seems a bit fishy to us. The people who foot the bills need to know the truth.
"I trust that the FBI will identify everyone involved in the crime and prosecute them accordingly, the commissioner said. "Meanwhile, BPUB’s internal auditor has done her own audit and given recommendations on what policies and procedures should be adopted to avoid the same situation happening again. Consequently, it is my opinion that having the City Commission initiate its own audit and/or investigation at this time is premature or duplicative."
That Bruciak, who has been the PUB's CEO for the last 22 years and is paid handsomely for it ($303,000) as is CFO Saenz ($2736,603), needs more time to learn and "adopt" safeguards "to avoid the same situation happening again" is more than charitable. It seems to be more of a deliberate abeyance of an elected official to their fiduciary duty to safeguard the public's interest.
Insurance will pay for it? And who pays for the deductible and premiums? Bruciak? The board? The city commission?
If the $1.3 million was your money and your banker lost it, would you forgive and forget and hope he learned his lesson and it doesn't happen again?
The theory that the $1.3 million theft can be attributed to a phishing crime seems a bit fishy to us. The people who foot the bills need to know the truth.