Computer hackers steal $300,000 from Nunavut Resource Corp.
“It was pure fraud”
CAMBRIDGE BAY—The ambitious development plans of the Nunavut Resources Corp. were dealt a big blow earlier this year when its chief operating officer, Scott Northey, discovered the organization’s bank account had been drained of about $300,000.
Over three months, emails from a hacker who had somehow acquired or mirrored Northey’s personal email address instructed the NRC’s bookkeeper in Yellowknife to transfer money to various accounts.
Northey, who is based in Toronto, said he first became aware that something was wrong when an email asking for a money transfer ended up in his inbox.
He contacted the bookkeeper, who had not received that email.
But he didn’t connect this email with the constant emails that the bookkeeper had received and acted on until he noted the depleted amount of cash in the corporation’s bank account.
Emails, which appeared to be from Northey’s personal account, had asked for up to $25,000 a day to be transferred to various individuals, as well as nonexistent businesses like Canadian Automotive Fabric Recycling.
In a “poof,” the organization’s nest egg vanished, Northey said. The NRC was founded in 2010 to develop resource-rich Inuit-owned lands in Nunavut’s Kitikmeot region.
The corporation had a cushion: in April 2012, the NRC, owned by the Kitikmeot Inuit Association, received $3 million from the federal government, as well as money received later via the KIA from other sources.
The realization that so much money had vanished was “awful,” said Northey, who has been attending the KIA’s annual general meeting in Cambridge Bay.
Only about $30,000 has been recovered, said Northey, who called the hacking “tragic.”
“It was pure fraud,” he said, adding that he’s speaking about the hacking openly so others can take precautions.
“Trollers will probably call me a knucklehead,” Northey said.
But Northey has extensive financial experience. According to an online financial profile, Northey was, from 2003 to 2008, responsible for re-building the infrastructure and project finance business at TD Securities. He also served as vice-president and director of asset securitization at CIBC Wood Gundy.
The RCMP and the corporation’s bank continue to investigate the incident and some legal action is still possible, he said.
Since then the NRC has a new bookkeeper and new ways of doing banking, he said.
Internet technology advisors say that to avoid having your passwords stolen you should:
• Never fall for any emails that ask you to verify your password.
• Make sure you log out of your account on public computers.
• Use a hard-to-guess email password.
• Update your online security.
• Use secure WiFi connections.
• Avoid new apps.
You can also ask for a two-step verification for accounts that kicks in if anyone attempts to use your log-in information from another device.
Northey, whose email address had a complex password, said he believes that hackers managed to send emails that looked as if they were from him using a domain that mirrored his account.
On Thursday morning, the NRC plans to give the KIA meeting an update on its activities to develop mineral exploration and new infrastructure in the Kitikmeot region.