Insider Signal - 2021.03

Welcome to our first issue! Who's keeping tabs on the anti-fraud expert in the bank? What happens when hospital researchers and scientists go rouge? He used the company account for what?!

Anti-Fraud Expert Arrested for Defrauding Bank Customers

In February 2021, Santander Bank anti-fraud expert, Bilal Abbas, was arrested for using his inside access to ascertain customers’ bank information and provide it to confederates. Abbas, as the bank’s fraud advisor, would field calls from customers who feared fraudulent activity on their accounts. During the calls, he would obtain their card numbers and details, which he then sold to Umair Memon.

Memon would use the information provided by Abbas to make fraudulent purchases via telephone, to include essentials such as Rolex watches and a jet ski. An associate, Jordan Hamilton-Thomas, would pose as Memon’s son and pick up the fraudulently purchased items from the store.

When the legitimate card holders became aware of the transactions, they contested the purchases and the bank would cancel them. This left the duped retailers bearing the loss.

Finally, when Hamilton-Thomas showed up for three consecutive days to pick up Rolex watches collectively worth more than £14,000, a jewelry shop owner became suspicious and notified authorities.

Analysis Highlights

  • This particular fraud scheme can be very difficult to detect if done infrequently. Authorities were not involved until the third day in a row the same man visited the same retailer to pick up fraudulently purchased luxury goods.

  • Basic mitigation measures include (a) frequent audits of recorded phone calls and (b) a confidential whistleblower program. A whistleblower program might include encouraging staff to identify suspicious activities posted on social media, such as employees in moderately paying jobs showing themselves in exotic locales, flaunting expensive watches and champagne.

Deeper Analysis

  • A robust insider anti-fraud program should include frequent audits of key controls, including customer phone interactions with staff.

  • Phone conversations should be recorded and reviewed randomly.

  • Be alert to unusual employee behaviors, such as frequent account queries, inquiries outside of assigned geography, and other abnormal system behavior.

  • Employee actions online should be logged and audited periodically.

  • Conduct periodic employee screening (and perhaps continuous monitoring).

  • Enforce an annual code of conduct attestation.

  • Advertise and support a confidential whistleblower program in which reports are truly investigated.

  • Monitoring staff social media is an option, but may be prove too burdensome or set the wrong tone.

  • Insider threat training could include staff being aware of extravagant behavior by employees, such as posting pictures themselves on social media at exotic locales wearing expensive jewelry and flaunting large amounts of cash.

  • Know Your Employee programs help identify staff susceptibility to embezzlement and money laundering, conflicts of interest, and troubling financial histories.

  • Security awareness training and refreshers reinforce the importance and value of security and remind staff how to report violations.

Sources & Additional Information

  1. https://www.dailymail.co.uk/news/article-9271809/Rolex-gang-blew-90-000-bank-insider-leaked-customer-details.html

  2. https://www.bbc.com/news/uk-england-tyne-56096251


Hospital Researchers Conspired to Steal Trade Secrets for China

The U.S. Attorney’s Office in Southern District of Ohio announced a husband and wife pair were sentenced for conspiring to steal scientific trade secrets and sell them to China. The wife, Li Chen, received a 30 month sentence on February 1, 2021. Her husband, Yu Zhou, pleaded guilty and awaits sentencing.

While working at the Nationwide Children’s Hospital Research Institute in Columbus, Ohio, Chen and Zhou purloined trade secrets related to exosomes and exosome isolation. Exosomes are membrane-encased packages of proteins, lipids, and RNA that are released by cells that help the body heal and regenerate.

In 2015, the couple used the valuable research to allegedly set up their own company in China to sell exosome isolation kits. While still employed at the institute, they allegedly marketed products and services derived from their employment at National Children’s. In 2017 the couple also founded a U.S.-based biotechnology company that marketed the same products and services—including an exosome-isolation kit which National Children’s protected as a trade secret.

Chen worked in tandem with China’s State Administration of Foreign Affairs and the National Natural Sciences Foundation of China. She also worked with the Chinese government to transfer the research and technology. The couple also traveled to China to present on exosome science without getting the approval of their employer.

Chen and Zhou allegedly moved emails containing exosome research from the research institute’s email system to their personal accounts. They also filed patent applications in China based on their work at the institute.

The scheme was uncovered via an anonymous letter sent to the chief compliance officer of the institute.

Analysis Highlights

  • The scheme lasted several years despite several signs of suspicious activity.

  • Regular searches for exosome-related websites could have identified the activity.

Sources & Additional Information

  1. https://www.dispatch.com/story/news/crime/2021/02/01/former-nationwide-researcher-sentenced-stealing-trade-secrets/4343579001/

  2. https://www.justice.gov/usao-sdoh/pr/hospital-researcher-sentenced-prison-conspiring-steal-trade-secrets-sell-them-china


New Jersey Man Defrauds Pharma Employer of More Than $1 Million

Ovais Mayet of Hillsborough, New Jersey, a biological engineer, pled guilty on February 3, 2021, to defrauding his employer, a bio-pharmaceutical company, of nearly $1 million worth of goods.

With access to the company’s business account, Mayet bought high-end electronic devices solely for his personal use or gain. He would sell them online and keep the proceeds.

Specifically, he executed online purchase orders and recorded them as business expenses.

Analysis Highlights

  • Regular review and audit of purchases would have identified this activity.

  • No employee should have unfettered access to accounts without oversight.

Sources & Additional Information

  1. https://www.justice.gov/usao-nj/pr/somerset-county-man-admits-defrauding-former-employer-more-1-million

  2. http://njtoday.net/2021/02/04/hillsborough-man-defrauded-his-former-employer/


German Geoscientist Fired on Suspicion of Fraud

Reinhard Hüttl, head of the German Research Center for Geosciences, was fired by his employer in late January 2021 on suspicion of fraud, breach of trust, and receipt of bribes. Officials allege Hüttl billed private trips to the research center and to other organizations with which he was affiliated.

A search warrant issued in the case alleges he accepted stock options and reimbursements from a soil technology company in exchange for ensuring that the company received grant money.

In another set of allegations, authorities claim that in exchange for payments, Hüttl used his influence and network for the benefit of two organizations linked to China’s state-owned electric grid.

Analysis Highlights

  • The activity came to light via an anonymous whistleblower.

  • The case is also raising questions about whether Germany’s many science academies have adequate policies for avoiding conflicts of interest and disclosing financial ties. Public officials like Hüttl are allowed to do paid work on the side, but need permission from the institution where they are employed.

Sources & Additional Information

  1. https://www.sciencemag.org/news/2021/02/top-german-geoscientist-fired-after-police-raid-faces-allegations-financial-crimes

  2. https://apnews.com/article/science-berlin-germany-earth-science-9107360e25086cd9c2055da92d6b3fbe

  3. https://www.welt.de/regionales/berlin/article218429974/Geoforschungszentrum-Huettl-laesst-Amt-wegen-Vorwuerfen-ruhen.html


More Insider Threat Stories

Woman Embezzled $350,000 by Cashing Company Checks

Cindy Shearer, a former office manager with Cane Business Forms & Systems (later reorganized as Precision Printed Producss) of Tridelphia, West Virgina, was sentenced to 21 months in prison for stealing $350,000 over several years. Shearer would write checks payable to herself, but record them as being paid to actual company vendors. She cashed the checks or deposited them into her personal account. Source: https://www.justice.gov/usao-ndwv/pr/wheeling-woman-admits-embezzling-nearly-350000

Nike Marketing Manager Charged in Fraud Scheme

Errol Amorin Andam, 49, of Beaverton, Oregon, who managed pop-up stores for Nike, Inc., was charged with wire fraud, money laundering, and making false statements on a loan application as part of a scheme to defraud his former employer. He allegedly recruited a friend to establish a company to design and build the pop-up venues and ensured the friend’s company was awarded the contracts. Andam controlled the financial operations of the friend’s company, issuing invoices to Nike. Source: https://centraloregondaily.com/former-nike-manager-charged-with-defrauding-company-for-1-5m/

Seattle Contract Bookkeeper Indicted for Embezzlement and Identity Theft

Joan C. Trower, a contract bookkeeper and accountant for a mountain bike company was indicted for embezzling at least $188,000. She created checks on company software, forged signatures, claimed bogus expenses and compensation, and transferred funds from company coffers to accounts she controlled in the name of spurious accounting firms. Source: https://www.pinkbike.com/news/seattle-bookkeeper-indicted-for-swindling-more-than-200k-from-a-bike-company.html

ADT Employee Hacks Security Footage, Spies on Customers

Telesforos Aviles, a home security technician for ADT, routinely added his personal email address to customers’ “ADT Pulse” accounts, giving himself real-time access to the video feeds from their homes. Noting accounts with attractive women, Aviles logged into those systems for sexual gratification. The activity continued for more than four years. Source: https://www.securitymagazine.com/articles/94418-adt-technician-hacked-hundreds-of-customers-security-cameras

Contract Tracers Share Information of People Who had Coronavirus Tests

Two young men, call-center employees of a Dutch health board, were arrested for selling personal information about people who had taken a Covid test or had been in contact with someone who tested positive. The men sold names, telephone numbers, and BSN numbers (rough equivalents of U.S. Social Security numbers) lifted from a contact tracing database and a database of people who had been tested. Source: https://www.dutchnews.nl/news/2021/01/two-arrested-for-selling-data-stolen-from-health-board-coronavirus-systems/

Pharmacist Spoils 57 Vials of Coronavirus Vaccine

Steven Brandenburg, a Wisconsin pharmacist at Advocate Aurora Health hospital, pled guilty to tampering with more than 500 doses of a Coronavirus vaccine. He removed 57 vials of Moderna vaccine from cold storage at a hospital so they would spoil overnight. Source: https://www.chicagotribune.com/coronavirus/vaccine/ct-aud-nw-wisconsin-pharmacist-pleads-guilty-vaccine-20210209-cfqem7l7wvbm3gtexahfvapq64-story.html

Swedish National Charged with Spying for Russia

A Swedish national who had worked for Volvo Cars and with truck-maker Scania was charged with delivering information to a Russian diplomat over several years in return for money. He allegedly transferred material from his work computer to his personal computer, then to USB drives. He also photographed information on his computer to avoid computer logging activity. Source: https://www.carscoops.com/2021/02/swedish-consultant-accused-of-spying-on-volvo-and-scania-for-russia

Navy Officer and Naval Reservist Indicted for ID Theft Scheme

Marquis Asaad Hooper and Natasha Renee Chalk were charged with conspiracy to commit wire fraud, wire fraud, and aggravated identity theft, by fraudulently obtaining access to a database containing personal information for millions of people. The couple searched for tens of thousands of individuals on the database and sold the information to identity thieves in exchange for bitcoin. Source: https://www.justice.gov/usao-edca/pr/former-navy-chief-petty-officer-and-naval-reservist-indicted-id-theft-scheme

GE Insider Provides Trade Secrets to Chinese Businessman

An unidentified GE engineer of more than 7 years’ tenure allegedly conspired with a Chinese businessman living in Hong Kong to steal General Electric’s trade secrets related to silicon carbide metal-oxide semiconductor field-effect transistors (MOSFET) technology. The goal was to start a competitive company in China. MOFSET technology regulates the flow of energy through devices. Source: https://www.justice.gov/opa/pr/chinese-businessman-charged-conspiring-steal-trade-secrets

Russian-Dutch Internet Company Breached When Employee Gives System Access to Attackers

Almost 5,000 customer accounts of e-commerce company Yandex were compromised after a system administrator was found selling access to outside attackers. The system administrator had access rights to perform technical support for the company’s email service. Source: https://www.infosecurity-magazine.com/news/yandex-insider-breach-hits-nearly/

Sequoia Capital Hacked After Phishing Attack

Venture capital firm Sequoia told investors that their personal and financial information may have been compromised by a hacker due to an employee falling victim to an email phishing attack. Source: https://www.bankinfosecurity.com/sequoia-capital-says-its-investigating-security-incident-a-16041