Insider Signal - 2021.06

Our 4th issue! U.S. linguist contractor passing secrets to Hezbollah, State Department bribes for construction contracts, Toptal sues Andela, $22M embezzled for poker tournaments, and other stories.

Lovelorn Pentagon Linguist Sentenced for Passing Secrets to Hezbollah

Mariam Taha Thompson, 63, a linguist for a U.S. Special Operations task force in Iraq, was sentenced to 23 years in prison after admitting she revealed identifies of informants and other classified data to a Lebanese man linked to Hezbollah. According to the prosecution, Thompson, who was born in Lebanon, had fallen in love with the man and wished to aid the terrorist group Hezbollah on his behalf.

Thompson, who held a top-secret security clearance, provided the man with identities of personnel who had targeted Hezbollah leaders with drone strikes. She pulled dozens of files (including names, photos, and background information) related to the operations and turned over information including the identities of at least eight clandestine operatives, at least 10 U.S. targets, and many tactics, techniques, and procedures.

Analysis Highlights

  • Thompson was a contract worker, not staff, and may not have received the same level of pre-employment scrutiny as staff.

  • She communicated with her paramour using a video-chat feature of a secure text and chat application. These apps are popular for providing a clandestine method of communication.

  • Though it is not clear Thompson's co-conspirator targeted and cultivated her as a romantic interest, it is a common method for recruiting an insider.

Deeper Analysis

  • Linguists pose a particularly acute threat because they have specialized skills. With their language abilities, they may be able to conceal, divulge, modify, or ignore critical information without anyone being the wiser.

  • Louis R. Mizell, Jr., a former State Department intelligence operative who maintains a database of millions of security incidents, says linguist betrayal is not uncommon. He has reviewed "at least 15 cases" in which linguists passed secrets, and he is familiar with many more.

  • Immediately following the air strikes against Iran-backed forces in Iraq, audit logs showed a major change in Thompson’s network activity on DoD classified systems, including repeated access to classified information she had no need to access.

  • Thompson should not have had access to the information. At minimum, her activity should have more promptly raised alerts triggering a response.

  • Officials found a handwritten note in Arabic concealed under Thompson's mattress with information about DoD computer systems, a list of informants, and a warning about a Defense Department target.

  • She admitted in court she "just wanted to have someone to love me in my old age, and because I was desperate for that love I forgot who I was for a short period of time." A powerful sentiment making her a relatively easy mark.

Psst: Would you benefit from our Deeper Analysis section for the other three featured stories each month? Want to help ensure iThreat and Mike Gips are able to keep bringing you news and analysis of important insider threat incidents? If so, we would appreciate you becoming a paid subscriber to the Insider Signal Plus version of the newsletter!

Sources & Additional Information

  1. https://www.justice.gov/opa/pr/defense-department-linguist-charged-espionage

  2. https://www.justice.gov/opa/pr/defense-department-linguist-pleads-guilty-transmitting-highly-sensitive-classified-national

  3. https://www.washingtonpost.com/local/legal-issues/pentagon-linguist-sentenced-espionage/2021/06/23/71805bb0-d436-11eb-ae54-515e2f63d37d_story.html

  4. https://www.arabnews.com/node/1882541/middle-east

  5. https://www.bbc.com/news/world-middle-east-57594024


State Department Contractor Allegedly Took Bribes to Funnel Lucrative Contracts

According to a newly unsealed search warrant affidavit, May Salehi, an engineer with the State Department's division of Overseas Building Operations, steered overseas construction contracts to a firm in exchange for cash. The scheme, which lasted several years and spanned multiple countries, netted Salehi tens of thousands of dollars and the company, Montage, more than $100 million in contracts.

Salehi allegedly provided confidential bidding information to Montage CEO Sina Moayedi. Despite having performed poorly on its initial consulate construction job in Lagos, Nigeria, Montage won six major State Department contracts to build embassies or consulates overseas, thanks to Salehi, according to the affidavit.

Analysis Highlights

  • The winning bids should have raised flags given the firm's disastrous performance in Lagos.

  • An executive at Montage told investigators Moayedi had cultivated an insider at the State Department.

  • The scheme potentially exposed a major flaw in State Department contract awards process.

Sources & Additional Information

  1. https://www.thedailybeast.com/state-department-worker-committed-corporate-espionage-for-thousands-in-bribes-feds-say

  2. https://www.thedailybeast.com/federal-construction-contractor-sina-moayedi-charged-in-multimillion-dollar-bid-rigging-scheme

  3. https://news.clearancejobs.com/2021/06/01/contracting-fraud-lockheed-hiring-and-darpa-blackjack-program-in-next-budget/

  4. https://diplopundit.net/2021/06/02/sdny-charges-statedept-contractor-in-multimillion-dollar-fraud-schemes-then-theres-insider-1-at-obo/


Freelance Tech Marketplace Alleges Information Theft by Ex-Employees

Toptal, a website that connects skilled freelancers with on-demand tech jobs, has sued Andela and several of its employees in New York, alleging theft of trade secrets with the aim of cloning Toptal's business. Every member of Andela staff used to work for Toptal. The complaint claims the employees violated Toptal's confidentiality, non-solicitation, and non-compete agreements. As a result, Andela is effectively siphoning staff, client companies, and Toptal's pool of resources, according to the pleadings.

Analysis Highlights

  • Poaching competitors' employees is a common tactic for quickly scaling operations.

  • Companies regularly require employees to sign noncompete and similar agreements, which courts will uphold if they are reasonable in time, geographic scope, and fields/businesses covered.

Sources & Additional Information

  1. https://goodwordnews.com/independent-marketplace-toptal-sues-andela-and-former-employees-alleging-theft-of-trade-secrets-techcrunch/

  2. https://techcrunch.com/2021/06/11/daily-crunch-toptal-sues-rival-andela-for-allegedly-making-a-perfect-clone-of-its-freelancer-marketplace/

  3. https://techjaja.com/andela-sued-by-an-online-staffing-platform-called-toptal/


Digital Marketing Exec Embezzles $22 Million from Employer for Poker Tourneys

Dennis Blieden, 31, was ordered to pay more than $22 million in restitution and received 6 and 1/2 years in prison for wire fraud and identity theft against former employer, StyleHaul. Blieden served as controller and VP of accounting and finance for StyleHaul, which represents Instagram and YouTube influencers. He used some of the funds from his fraud schemes to enter high-stakes poker tournaments. He also stashed millions of dollars in cryptocurrency accounts.

Analysis Highlights

  • As we often see in successful fraud schemes, a single person had control over the company's bank accounts.

  • A more secure practice is to segregate duties so that no one person controls all critical functions that enable fraud.

Sources & Additional Information

  1. https://www.pokernews.com/news/2019/11/former-wpt-champion-dennis-blieden-pleads-guilty-to-22m-thef-36078.htm

  2. https://www.cincinnati.com/story/news/2021/06/10/dennis-blieden-sentenced-stealing-firm-representing-social-media-influencers-pay-gambling-debt/7633184002/


More Insider Threat Stories

Online Grocer Settles with Ex-Employees Over Spying

Online grocer Ocado has reached a settlement with two former employees, one a company cofounder, who were alleged to have stolen corporate secrets. Ocado confirmed company co-founder Jonathan Faiman and Jon Hillary "made a significant payment" to Ocado as part of the settlement. According to a statement of facts agreed on by the parties, while still working at Ocado, Hillary turned over "a significant number of confidential documents belonging to Ocado" to Faiman. Source: https://www.business-live.co.uk/retail-consumer/ocado-receives-settlement-co-founder-20902871

Church Treasurer Charged with Embezzling More than $100,000

Donell Moore, 70, is charged with embezzling about $115,000 from the Faith Christian Community Church in Port Huron, Michigan, where he served as treasurer. The scheme is alleged to have lasted seven years. Debits to the church's credit cards were made at Motor City Casino, and Moore is alleged to have made regular ATM withdrawals from a church bank account. He claims to have taken his salary via debit card withdrawals to avoid wage garnishments by debtors. The missing funds were discovered when a new treasurer assumed Moore's former duties. Source: https://www.thetimesherald.com/story/news/2021/06/11/former-port-huron-church-treasurer-charged-embezzling-over-100-000/7648685002/

City Worker Steals Blank Vaccine Cards

Muhammad Rauf Ahmed, 45, is charged with stealing 528 blank COVID-19 vaccine cards from a vaccination center at the Pomona (California) Fairplex and placing them in his car and hotel room. Ahmed was serving as a nonclinical contract worker at the Fairplex. The theft came to light via a tip by another employee at the site. Source: https://losangeles.cbslocal.com/2021/06/09/worker-muhammad-rauf-ahmed-accused-of-stealing-vaccine-cards-from-covid-vaccine-supersite-at-pomona-fairplex/

Serial Embezzler of Nonprofits Receives Six Years

Nicole Lescarbeau, 53, received a six-year prison sentence after pleading guilty to embezzling more than $1.4 million from two Massachusetts nonprofits. From August 2013 until she was fired in January 2018, Lescarbeau wrote checks to herself with the first company's accounting software and placed authorized signatures on the checks. She also directed unauthorized payments and transfers to personal online accounts and charged personal expenses to the nonprofit’s credit cards. While on pre-trial release, Lescarbeau started working at another Massachusetts nonprofit using her married name. She stole from that organization from August 2019 to February 2020 by diverting checks to herself and wiring money from the organization's accounts to pay her rent. Source: https://www.masslive.com/boston/2021/06/nicole-lescarbeau-accused-of-embezzling-more-than-14-million-from-massachusetts-nonprofits-sentenced-to-6-years-in-prison.html

Nun Embezzled to Fund Gambling Habit

Sister Mary Margaret Kreuper, 79, ex-principal at St James Catholic School in Torrance, California, purloined $835,000 worth of tuition fees and donations to cover casino gambling debts and make credit card payments.

She would divert money from the school’s tuition and donation account to a savings account that funded the living expenses of the nuns who worked at the school – and then used some of the money herself. Kreuper would falsify reports to the school to paper over the fraud. The scheme only came to light during an audit after Kreuper retired. Source: https://www.gq.com/story/gambling-nun-pleads-guilty

Polish Catholic Church Identifies 300 New Cases of Possible Abuse

In a new report on the sexual abuse of minors, Poland’s Catholic Church has identified 292 clergymen said to have abused more than 300 children from 1958 through 2020. Almost half the cases, which were reported to the church from mid-2018 through 2020, have been confirmed or are considered credible, while another 186 are being investigated. Thirty-eight claims have been rejected. In a previous report, covering 1990-2018, the church identified 382 clergy who allegedly abused 625 boys and girls. Source: https://www.newsweek.com/catholic-church-report-says-least-360-children-abused-polish-priests-over-62-years-1604857

Office Admin Routinely Overpaid Herself for a Decade

Cheryl Fields, 65, an office administrator at Basic Machinery Company in Siler City, North Carolina, has been charged with embezzling more than $900,000. As payroll manager, Fields routinely overpaid herself for 10 years. Her crimes came to light when an internal audit uncovered inconsistent documentation. Source: https://www.cbs17.com/news/local-news/chatham-county-woman-charged-with-overpaying-herself-by-nearly-1m-sheriffs-office-says/

Apple Pays Large Settlement After Contract Techs Post Explicit Photos

Apple has reportedly paid a multimillion-dollar settlement to a female student at the University of Oregon after two iPhone repair technicians at a Pegatron facility in Sacramento, California, posted her explicit photos and a video online. While purportedly fixing the phone, the techs shared the pictures and video via the student's own Facebook account. Source: https://www.engadget.com/apple-pegatron-settlement-over-explicit-photos-135331184.html

VA Employee Recorded Co-Workers in Restroom

Robert Sampson, 52, has pled guilty to video voyeurism and disorderly conduct for secretly videotaping eight fellow Department of Veterans Affairs employees in a restroom at the Veterans Affairs Joint Ambulatory Care Center in Pensacola, Florida, on multiple occasions. Sampson placed a hidden camera, camouflaged as a cell phone charger power adapter, in the restroom 17 times. VA employees ultimately discovered the device. Source: https://www.justice.gov/usao-ndfl/pr/veterans-affairs-employee-pleads-guilty-after-recording-co-workers-veterans-affairs-0

Firefighter Shoots Two Colleagues, Kills Self

Jonathan Patrick Tatone, 45, an off-duty fire engineer who worked at a fire station in Agua Dulce, California, shot and killed firefighter Tory Carlon and critically wounded 54-year-old fire captain Arnoldo Sandoval. Investigators believe that Tatone and Carlon were involved in a long-running dispute over job performance, operations, and other issues. After the shooting, Tatone returned to his home, set it on fire, then committed suicide. Source: https://heavy.com/news/jonathan-patrick-tatone/


We Want Feedback!

How are we doing? Are you enjoying our content and insights? Are there specific stories you’d like us to cover? We would love your feedback via insidersignal@ithreat.com. With your permission, we may even publish it!