On a nondescript November afternoon in 2018, our bustling Cape Cod Community College campus was rocked by news that wound up making national headlines and took us on a journey into the shadowy world of cybercrime. Using powerful malware tools aimed at the college’s financial operations, together with sly social engineering tricks, hackers robbed our institution of more than $800,000 (£650,000).
The diligence of law enforcement and bank investigators led to the recovery of nearly $700,000 of the stolen funds but, four years on, our modern American crime story was still missing its closing chapter: catching our antagonist. But now, thanks to the tenacity of our criminal justice system, that chapter has been written.
In a federal courtroom in New York City on St Patrick’s Day, Djonibek Rahmankulov stood for his crimes. Along with being convicted as a leading conspirator in the theft of our funds, Rahmankulov was charged with laundering millions of dollars in the criminal proceeds of other computer hacking schemes, healthcare fraud, and Small Business Administration loan fraud, as well as operating an international unlicensed money transmitting business.
Attending the sentencing, I represented the hundreds of faculty and staff who work at Cape Cod Community College to bring higher education to our region and the thousands of students who benefit from it every year. In my mind, these were the primary victims of Rahmankulov’s crimes. While cyberattacks occur on Massachusetts public higher education facilities every day, typically without success, several of our colleagues in the commonwealth have fallen victim to them in just the past few months. With this in mind, I felt it necessary to face our convicted hacker, to remind him and the court that cyberattacks are not a victimless crime.
These attacks happen in the shadows, involving malware lurking in computer systems that few understand and taking advantage of those who are not expecting it. It is a rare occasion to get to see the face behind the crime, and the members of his family.
In short order, the judge presiding over the sentencing let it be known that these heinous crimes would not be excused and sentenced Rahmankulov to 121 months in prison, three years of supervisory probation, a $40,000 fine, a $300 assessment, forfeiture of more than $5 million and a note that the government maintains the right to search his electronic devices into the future. Once on the path to American citizenship, he is likely to face deportation procedures when his prison sentence ends.
Cases like ours, where most of the money is recovered and the perpetrator is published, offer a rare taste of justice and redemption. But now we return, like everyone else, to the daily battleground of cybersecurity. Attacks like the kind we suffered are exceptionally unexceptional. The complexity of their design evolves just as quickly as the technology to combat it, and their victims often have to concede losses. We need to be more open and upfront about this so we can collectively learn from our experiences, across businesses and organisations of all sizes.
Speaking about these attacks forces us to have uncomfortable conversations, and sometimes make even more uncomfortable admissions, about preparedness – or lack of it. But the next Rahmankulov is out there right now, trying to steal from organisations large and small, with no regard for the lives impacted. The more we learn about “how” and “why” they are doing this nefarious work, the more we can prepare.
The lesson from our experience at Cape Cod is to stay vigilant every day. Invest in technology to protect your services. Build and sustain a culture of awareness and understanding, and never stop learning about the complexity of cyberattacks.
If you do all that, it is my hope that you shall never find yourself in a crime story of your own. Happy endings are all too rare and even when they transpire, they are not worth all the preceding chapters of grief, anger and foreboding.
John Cox is president of Cape Cod Community College.
Register to continue
Why register?
- Registration is free and only takes a moment
- Once registered, you can read 3 articles a month
- Sign up for our newsletter
Subscribe
Or subscribe for unlimited access to:
- Unlimited access to news, views, insights & reviews
- Digital editions
- Digital access to THE’s university and college rankings analysis
Already registered or a current subscriber? Login