Insider Signal - 2021.07

A controller's IP theft to start a competing firm, a chef's $600k harassment and discrimination settlement, a supervisor's $400k of fraudulent invoicing, abuse of an elderly customer, and more!

Controller Conspired to Steal Trade Secrets

Joshua Decker, 37, pleaded guilty to conspiracy to steal trade secrets from his employer, an oil and gas company in Oklahoma City. Decker served as a controller for the division of an oil and gas company that manufactures manifold ball valves. While employed at the company, Decker formed a competitor company called Legacy Valve Systems in Oklahoma, recruiting colleagues from his current employer. Decker and colleagues downloaded technical drawings, material specifications, and manufacturing instructions for the employer's valves. Decker also emailed to himself cost information and sales by product and customer. Decker had a draftsman copy his employer's drawings and put the Legacy logo on them.

Analysis Highlights

  • Intent to steal trade secrets was clear; Decker told co-conspirators to delete all incriminating text messages and files, including messages on an encrypted application.

  • The employer got wind of the scheme late in the game, locking Decker out of the corporate systems just when he was resigning from the company.

  • The key to the case is the employer took several steps to establish and protect their information as trade secrets.

  • Stealing employer trade secrets to establish a competing business is a common reason for intellectual property theft.

Deeper Analysis

Generally, to establish information as a trade secret, it must be protectable and have competitive value; the company must also take reasonable measures to protect that information. Such measures may include:

  • Marking files as "confidential"

  • Encryption

  • Locking physical files in secure areas

  • Clearly restricting access to only specific employees, contractors, etc.

  • Requiring non-disclosure, non-solicitation, and non-compete agreements

  • Regularly distributing confidentiality reminders

  • Limiting or banning the use of personal devices or accounts

  • Requiring multifactor authentication

  • Prohibiting removal of documents, off-site copying, and emailing of documents

  • Requiring digital signatures to open emails and attachments

Psst: Would you benefit from our Deeper Analysis section for the other three featured stories each month? Want to help ensure iThreat and Mike Gips are able to keep bringing you news and analysis of important insider threat incidents? If so, we would appreciate you becoming a paid subscriber to the Insider Signal Plus version of the newsletter!

Sources & Additional Information

  1. https://internationalsecurityjournal.com/disinformation-corporate-risk/

  2. https://www.justice.gov/usao-wdok/pr/bixby-man-pleads-guilty-conspiracy-steal-trade-secrets


Famed Chef Settles Harassment Claims

Celebrity chef Mario Batali, his business partner Joseph Bastianich, and their former restaurant company agreed to pay $600,000 to more than 20 ex-employees after a New York investigation concluded that staff at three of the restaurants were victims of sexual harassment and discrimination. New York Attorney General Letitia James said, "female and male employees were sexually harassed by Batali, restaurant managers, and other coworkers" at Babbo, Lupa, and Del Posto restaurants. Batali made explicit sexual comments to a waitress and pulled her hand to his crotch. A manager commented on female staff's height and weight and told them to wear makeup and get breast implants. The AG office found that female servers were routinely humiliated in front of guests and received less desirable tables than male servers.

Analysis Highlights

  • This case represents a classic case of a hostile work environment.

  • The "tone from the top" was noxious, which permeated the entire enterprise.

  • Management whitewashed complaints and discouraged staff from stepping forward.

  • Tolerance for this behavior has tarnished the Batali brand.

Sources & Additional Information

  1. https://www.washingtonpost.com/food/2021/07/23/mario-batali-sexual-harassment-settlement/

  2. https://www.nytimes.com/2021/07/23/dining/mario-batali-sexual-harassment-case-settlement.html

  3. https://www.eeoc.gov/sexual-harassment


Oilfield Supervisor Siphoned $400,000 from Employer

David Owen West, 59, was sentenced to 21 months in federal prison and ordered to pay restitution after having pleaded guilty to two counts of mail fraud and one count of money laundering for defrauding his employer, Petco Petroleum, of more than $400,000.

West, who worked for Petco for almost three decades as a field supervisor and oilfield pumper, generated and submitted 116 invoices to Petco from Flash Electric Services, a fraudulent company West had established, for services that were never carried out in the amount of $129,038. He also had trucks carry oil stolen from Petco's oil leases to a reclaimer, who paid West $266,802 for the oil. Then West charged Petco to transport the stolen oil.

Analysis Highlights

  • West was responsible for selecting vendors to purchase products or services to operate the wells.

  • Vendors submitted invoices and documentation for West’s review and approval. West would mail approved invoices to his employer monthly for inclusion in accounts payable

  • West had registered the company Flash Electric Services in Oklahoma he then used to issue the fraudulent invoices.

Sources & Additional Information

  1. https://tulsaworld.com/news/local/crime-and-courts/drumright-man-who-defrauded-400-000-from-oil-field-company-sentenced-to-21-months/article_0924a854-ceb5-11eb-91f2-f7eda9fd64bb.html

  2. https://www.justice.gov/usao-ndok/pr/drumright-man-pleads-guilty-stealing-more-400000-illinois-oil-and-gas-company

  3. https://www.freightwaves.com/news/oilfield-supervisor-admits-lining-pockets-with-400000-of-petcos-money


Walmart Employee Facing Charges for Repeatedly Punching Elderly Woman

Jazareia Velasquez, 17, a Walmart cashier in Mount Pleasant, Wisconsin, faces charges after reportedly punching 71-year-old customer P.K. Shader in the face multiple times. The assault occurred after the two got into an argument at the register. According to news accounts, Shader had asked to speak with a manager about Velasquez, then went to find Velasquez to get her name. Unable to detect a name tag, Shader attempted to take a picture of Velasquez to send to Walmart's corporate headquarters. Velasquez allegedly warned Shader not to take any pictures, then punched Shader multiple times.

Analysis Highlights

  • As the U.S. reopens after Covid, retailers and other businesses report increased altercations and violence.

  • Although this incident does not seem to be Covid-related (e.g. involving mask use or distancing), it points out tensions as customers flock back to retailers.

  • A labor shortage is forcing employers to reach deeper into the employment pool for younger talent who may not have the discipline, maturity, or experience for the workforce.

Sources & Additional Information

  1. https://www.cbs58.com/news/woman-filing-suit-against-walmart-after-she-says-she-viciously-attacked-by-an-employee

  2. https://www.fox6now.com/news/walmart-workers-assaults-elderly-customer-mount-pleasant

  3. https://www.securitymagazine.com/articles/95466-the-challenge-of-mask-enforcement-amid-the-pandemic

  4. https://www.theguardian.com/us-news/2021/jul/25/fauci-covid-mask-guidance-vaccinated-booster-shots


More Insider Threat Stories

Employee at Defense Contractor Duped by Bogus Aerobics Instructor

Hackers thought to be associated with the Iranian National Guard were able to access the network of a subsidiary of a UK aerospace defense contractor by pretending to be a Liverpool-based aerobics instructor and flirting with a staff member. The ersatz instructor, who gave the name Marcella Flores, befriended the staff member on social media two years earlier and continued messaging the employee and sending him pictures to prove she was real. In June, the hackers attacked the employee's Facebook account with the Liderc virus, which then invaded his company's IT network. Liderc gathers steals information such as usernames and passwords and covers up its footprints. Proofpoint, a California cybersecurity company, detected the attack. Source: https://www.mirror.co.uk/news/uk-news/iranian-hackers-pose-aerobics-instructor-24634242?mid=1

Mumbai Cop Stole Valuables from Storage

Mumbai police officer Nandkumar Kharat, 58, was arrested on charges of misappropriating Rs 21.6 lakh from his police station. As an assistant sub-inspector of the Nirmal Nagar police station in Khar (east), India, Kharat was responsible for guarding valuables recovered in criminal cases. He is accused of misaapropriating assets in at least 100 cases, which only came to light when, after Kharat's retirement, his successor checked the log book against the items in storage. Source: https://indianexpress.com/article/cities/mumbai/mumbai-retired-cop-booked-for-misappropriating-rs-21-6-lakh-7388953/

Software Developer Accused of Targeting Employer with Malicious Code

Davis Lu, 51, a senior software developer, has been indicted on one count of damaging protected computers. Lu is charged with installing unauthorized code caused a production server, causing it to crash, while working for a startup in Cleveland, Ohio. The company also found code that deleted files associated with usernames, locking users out of the system. Forensic examination revealed that Lu had conducted searches on escalating privileges, hiding processes, and deleting large folders and files. Source: https://www.darkreading.com/software-developer-arrested-in-computer-sabotage-case/d/d-id/1340693

Animal Control Director Faked College Records, Then Embezzled

Lisa E. Stoffel, 48, was arraigned for embezzling more than $30,000 from the Saginaw County Animal Care & Control Center, where she served as director. To get the position, she had lied about her academic background, falsely claiming a degree from University of Alaska Fairbanks. Stoffel allegedly stole the funds by creating a secret Square credit card reader. Source: https://www.mlive.com/news/saginaw-bay-city/2021/06/former-saginaw-county-animal-control-director-charged-with-felony-embezzlement.html

Police Chief Stole Money Donated to Child with Cancer

Former Chadbourn, North Carolina, police chief Anthony Spivey was charged with embezzling $8,000 that had been donated to a child with leukemia. Additional charges include obstructing justice, larceny by an employee, obtaining property by false pretense, willful failure to discharge duties, and felony larceny. Sources: https://spectrumlocalnews.com/nc/charlotte/news/2021/05/19/small-town-police-chief-faces-88-felony-charges--accused-of-stealing-guns--drugs-and-cash & https://www.msn.com/en-us/news/crime/ex-police-chief-charged-with-embezzling-thousands-meant-for-child-leukemia-patient/ar-AAL7euU

Dealership CFO Spirited Away $1.6 Million from Employer

Christopher Firle, 51, pleaded guilty today to a single count of wire fraud arising from embezzlement from the vehicle dealership holding company where he served as CFO. Firle reaped more than $1.6 million in ill-gotten gains, including by using corporate credit cards to charge $750,000 in personal expenses such as tickets to sporting events and shopping trips to Chanel, Hermès, and Tiffany & Co. Firle conducted more than 30 unauthorized wire transfers worth $165,000 from his employer to a family member. He also issued 30 company checks to himself valued at $165,000 and improperly withdrew more than $50,000 from a company account. Finally, He also awarded himself bonuses of almost $160,000. Source: https://www.eastbaytimes.com/2021/07/07/fairfield-man-pleads-guilty-to-embezzling-1-6m-from-auto-dealerships/

State Trooper Acquired Handguns for Felon

Timothy Jay Norman, 47, a North Carolina Highway Patrol State Trooper, was arrested for transferring firearms to Tommy Lee Hudson, 33, while knowing Hudson was a felon. The two had met years before in law enforcement training and had worked together at a private security firm. Source: https://www.justice.gov/usao-mdnc/pr/law-enforcement-officer-charged-transfer-firearm-felon-transferee-charged-felon

South Korea Mayor Jailed for Sexual Assault

Former Busan (South Korea) Mayor Oh Keo-don received a prison sentence of three years for sexually assaulting two female employees at work. The judge found that one of the victims experienced post-traumatic stress after the assault. Source: https://www.nytimes.com/2020/04/23/world/asia/south-korea-busan-mayor-resigns-metoo.html

Corning Employee Charged With Espionage

Former Corning Incorporated employee Ji Wang faces charges of economic espionage, theft of trade secrets, and unlawful exports. Assigned to work on a fiber laser research project for the Defense Advanced Research Projects Agency (DARPA), Wang allegedly downloaded and copied private DARPA project files from Corning's network onto a thumb drive. Prosecutors say Wang and another person were negotiating with governmental entities in China to establish their own fiber laser business. Source: https://www.stargazette.com/story/news/local/2021/07/08/corning-scientist-illegal-business-china/7899159002/

LAX Cargo Handlers Charged With Stealing Gold Bars

Marlon Moody, 38, and Brian Benson, 35, cargo handling company employees who worked at Los Angeles International Airport, each pleaded guilty to stealing four gold bars that were being shipped from Australia to New York. The men worked for Alliance Ground International, which provided ground handling services at LAX. On April 22, 2020, a shipment of 2,000 gold bars arrived at LAX on Singapore Airlines, each worth about $56,000. The men are accused of stealing 4 bars from a case of 25. Source: https://www.justice.gov/usao-cdca/pr/two-cargo-handlers-lax-arrested-alleged-theft-gold-bars


We Want Your Feedback!

How are we doing? Are you enjoying our content and insights? Are there specific stories you’d like us to cover? We would love your feedback via insidersignal@ithreat.com. With your permission, we may even publish it!