Insider Signal - 2021.10

Fired IT admin revenge hacking... again, Netflix payments leaked amid transgender activism, alleged China spy on trial for espionage, police official and son embezzlement, and more!

School IT Technician Wipes Data in Retaliatory Attack

IT technician Adam Georgeson, 29, wiped the data off systems at a secondary school in the U.K. and changed staff passwords in retaliation for being fired from the school. His tampering made the systems of Welland Park Academy, in Market Harborough, Leicestershire, inaccessible, affecting remote learning during the Covid-19 pandemic. After his termination, Georgeson went to work for an IT company in Rutland, but was fired once more, then again changed staff passwords in the aftermath.

Basic Analysis

  • Georgeson attributed his actions to boredom anger at his former employers.

  • In both cases, the employers disregarded a cornerstone rule: immediately eliminate systems access for terminated staff.

  • If it may have been excusable for a school to forget to terminate an ex-employee's access, that is certainly not the case for an IT firm, which should be practicing sound cyber hygiene.

Deeper Analysis

  • In addition to changing passwords to lock users out, Georgeson modified the phone system used by the IT firm to contact customers.

  • When Georgeson realized his activity could be traced and he could get caught, he stepped up activity to hide his tracks--including destroying additional data.

  • In such situations, organizations should disable every personal account used by the IT tech, including mobile connections and remote access.

  • They should also return any physical cards and fobs, and shared passwords (e.g., for vendor sites) should be changed.

  • Admin accounts should have their passwords changed but admin accounts should not be deleted.

  • The IT firm appears not to have inquired about Georgeson's previous employment, which would have revealed the risk he posed prior to his employment.


Psst: Would you benefit from our Deeper Analysis section for the other three featured stories each month? Want to help ensure iThreat and Mike Gips are able to keep bringing you news and analysis of important insider threat incidents? If so, we would appreciate you becoming a paid subscriber to the Insider Signal Plus version of the newsletter!


Sources & Additional Information


Fired transgender Netflix Staffer denies leaking Dave Chappelle's Salary

In a case involving comedian Dave Chappelle's penchant for making jokes about transgender people and a complaint by a trans Netflix program manager who was upset that the company would be airing Chappelle's latest special, the program manager has been fired and accused of leaking that Chappelle was paid $24.1 million by Netflix for the special. The program manager, B. Pagels-Minor, admitted they were pushing for change in the transphobic culture of the company but denied being the source leaking payment information for Chappelle's special, "The Closer."

Basic Analysis

  • The case is at the intersection of civil rights, free expression, and the protection of confidential information--a volatile mix.

  • Pagels-Minor had pushed for more trans content on Netflix.

  • "The Closer" was released without leadership consulting the Trans Employee Resource Group (ERG) at the streaming platform, violating normal practice and angering staff members.

  • Pagels-Minor had organized an employee walkout at the company's Sunset Boulevard building following an LGBTQ backlash against Chappelle, and by 7pm, he had been fired.

  • In a statement, Netfllix said the termination occurred to protect corporate culture, writing, “We understand this employee may have been motivated by disappointment and hurt with Netflix, but maintaining a culture of trust and transparency is core to our company.”

Sources & Additional Information


Accused Chinese Spy on Trial for Alleged Trade Secret Espionage

Yanjun Xu, a 41yro deputy division director for China's Ministry of State Security, is being prosecuted in federal court in Cincinnati for allegedly attempting to steal trade secrets from GE Aviation and other companies including Honeywell and Boeing.

Beginning in 2013, Xu allegedly worked with other Chinese intelligence officers and other Chinese organizations, including a university in Nanjing, to acquire trade secrets from aviation and aerospace companies in the United States and Europe. According to prosecutors, Xu and co-conspirators used aliases to recruit and pay engineering experts at aviation companies to hand over sensitive technical information. Xu allegedly sought data on composite materials used in GE fan blades and fan blade encasements. GE has spent more than $5 billion developing that technology.

Basic Analysis

  • The Chinese have a well-known policy providing generous incentives to Chinese nationals for acquiring Western technology.

  • According to allegations, Xu and his colleagues recruited experts at targeted companies and paid for them to come to China to present at a university or participate in an idea exchange.

  • A Cincinnati-based GE Aviation engineer met with Xu several times in China, including presenting at the Nanjing University of Aeronautics and Astronautics.

  • Xu also traveled to Cincinnati to meet with the GE engineer.

  • Xu was arrested in Belgium when he arranged to meet the engineer there.

Sources & Additional Information


Police Official and Son Charged with Fraud and Embezzlement

Kaupo Martihhin, a former high-ranking Police and Border Guard Board (PPA) officer in Estonia, and his son, Kevin Martihhin, have been charged with fraud and embezzlement that occurred while the father was still in office. They are accused of swindling about €300,000.

Their scheme was multifaceted and targeted the father's joint-stock company which produced traffic-control equipment. The men misappropriated funds from the company's rental-property income as well as payments from customers. Siphoned funds covered personal expenses such as vacations, at the expense of the company and its co-owners.

Basic Analysis

  • The case calls into question the propriety of senior police officials owning businesses on the side.

  • In this case, the father may have leveraged his status to build and gain credibility for his company.

  • The men also allegedly produced bogus documentation, provided false information to authorities, and illegally accessed state secrets.

  • The men are charged with using the false documents to facilitate and conceal the misappropriation and other acts.

  • This case is a reminder of insider threat concerns involving family members working together; our deeper analysis section delves into these concerns.

Sources & Additional Information


More Insider Threat Stories - October 2021

Fast Food Worker Posts Videos of Himself Defiling Food

Jumanne Clary, a former employee at a Rhode Island Subway sandwich store, has been fired for filming himself strewing food items on the floor, walking on sandwich fillings, and lining the rim of a toilet bowl with assorted meats. He later posted the videos to Reddit, Instagram, and YouTube. According to Newsweek, he wanted to attract attention and got the idea "for walking on the food, and the toilet from other controversial things that I've seen on the internet." Source: https://www.newsweek.com/subway-worker-filmed-food-toilet-seat-fired-reddit-facebook-1639447

Home Care Worker Pilfers $87,000 From Clients

Danielle Lanise Daniels, 37, has been charged with stealing $87,000 from a home to which she provided care in Monroe, Louisiana. Daniels, who worked for Always Best Care. purportedly stole $62,000 from an unsecured lock box in the bottom of a filing cabinet and another $25,000 from another unsecured drawer. Daniels had been seen rushing downstairs from the attic on a few occasions. Source: https://www.knoe.com/2021/10/12/ouachita-couple-accuses-sitter-stealing-26-year-savings-82k/

Bribed Welfare Worker Made Fake ID for Teenager to Marry R. Kelly

In testimony at singer R. Kelly's sex-trafficking trial, his former tour manager testified that Kelly paid a $500 bribe to a local government worker to get the singer Aaliyah, then 15, a fake identification card so the two could marry. The manager admitted going into a Chicago-area welfare office in 1994, approaching an employee taking ID photos, and offering him $500 to make a fraudulent card that listed Aaliyah's age as 18. Source: https://www.bbc.com/news/entertainment-arts-58289890

Employee Error Crippled NYC Subway System for Five Hours

Investigators have discovered that the issue that shut down half the New York subway system in late August 2021 was due to employee error, not a power surge as previously thought. The cause of the power loss at the New York City Transit Rail Control Center (RCC) was someone pressing an on/off button on one of the building's power distribution units. A plastic guard that would prevent that from happening was missing. Source: https://www.bloomberg.com/news/articles/2021-09-10/nyc-subway-failed-because-someone-pushed-the-wrong-button

Local Ugandan Officials Arrested for Embezzlement

Police have arrested eight officials from Uganda's Bukwo District local government over embezzlement. They are alleged to have stolen Shs 700m under the Northern Uganda Social Action Fund. The eight officials in on the scheme include Bukwo's Chief Financial Officer, the Community Development Officer, and the Educational Officer. They allegedly committed the fraud by paying ghost workers. Source: https://www.monitor.co.ug/uganda/news/national/eight-bukwo-district-senior-officials-arrested-over-corruption--3593250

Worker Swindles $315,000 from Minnesota Casino

Jennifer Lynn Boutto, 33, a former front desk supervisor at a Native tribe-owned casino resort in Minnesota, has been sentenced to eight months in prison for embezzling funds from a casino resort. While working at the Fortune Bay Resort Casino in Tower, Minnesota, Boutto stole approximately $315,000 in cash from the casino. This casino is operated by the Bois Forte Band of the Chippewa tribe. Source: https://www.startribune.com/8-months-in-prison-for-former-employee-who-stole-315k-from-northern-minnesota-casino/600108989/

HR Manager Defrauded Family Business

Kacie Sweeney, HR Manager for Gerome Industries in Menands, New York, has been charged with defrauding the family-owned business of $84,000. According to police, since being hired in 2019 to help with payroll, Sweeney gave herself bonuses, retroactive pay, double checks and sixteen vacation payouts. Source: https://wnyt.com/albany-new-york-news/kacie-sweeney-hr-manager-accused-of-stealing-84-thousand-dollars-from-family-business-gerome-technologies-menands-albany-county/6268953/

Employee Siphoned Dues from Indian Wildlife Company

Hardik Pandya has been accused of criminal breach of trust by collecting payments meant for his employer, Jindal Wildlife Limited (Ambawadi). The criminal complaint alleges that Pandya stole Rs 15.36 lakh in his role of recovering dues and pending payments on behalf of the company. He allegedly collected funds from dealers but neglected to deposit the money in his employer's bank account. When his boss started asking questions about missing payments, Pandya stopped coming to the office. Source: https://www.timesnownews.com/ahmedabad/article/ahmedabad-senior-executive-accused-of-embezzling-rs-15-36-lakh-of-firms-money-complaint-lodged/826167

High School Chaperone Set Up Cameras to Spy On Traveling Students

David M. Kruchten, 39, a former Madison, Wisconsin, high school teacher, was sentenced to 12 years of imprisonment for hiding spy cameras in common items and planting them in student hotel rooms during school trips. Concealing tiny cameras in air fresheners, smoke detectors, alarm clocks, and thermostats, Kruchten planted the devices in showers, bathrooms, and sleeping areas. Suspicious students discovered the scheme on a trip to Minneapolis when they pressed on an air freshener in the bathroom, the freshener opened, and a camera appeared inside. Source: https://madison.com/wsj/news/local/crime-and-courts/former-teacher-planted-cameras-in-hotel-rooms-just-out-of-curiosity-he-tells-judge-before/article_78f87a23-1454-5185-aa0b-47e8dc782899.html

Fired Grain Elevator Operator Slays Two in Nebraska

Max Hoskinson, 61, who had just been fired from his job as a grain elevator operator for commodity trading company Agrex, returned that afternoon with a gun, killing one person and injuring two more people before another employee killed him with a shotgun. After Hoskinson opened fire, an employer retrieved a shotgun from an office and shot Hoskinson. The shooting took place in Superior, Nebraska. Source: https://www.nbcnews.com/news/us-news/fired-grain-elevator-worker-shot-3-people-killing-2-nebraska-n1282133


We Want Your Feedback!

How are we doing? Are you enjoying our content and insights? Are there specific stories you’d like us to cover? We would love your feedback via insidersignal@ithreat.com. With your permission, we may even publish it!