Insider Signal - 2021.11
In our November '21 issue, insiders help a scammer hijack seller accounts, metallurgist falsifies tests, semiconductor information espionage, insider threat training used against government, and more!
Amazon Insiders Helped Scammer Hijack Accounts
Seven Amazon employees helped an outside scammer hijack Amazon seller accounts and copy their products, for which they received cash payments, according to a story in Wired magazine. Much of the story comes from an Amazon internal memo obtained by the publication. According to the account, the seven unnamed employees were recruited via LinkedIn and Facebook by someone using the alias Krasr. Krasr's identity has been reported by CNBC to be Mohamed Multhazim Akbar Ali, of Toronto, Ontario. Over several years of assisting Krasr, the Amazon insiders collectively earned about $160,000.
Analysis Highlights
The report discusses cases already several years old. The employees in this case were fired sometime around 2018.
Among other schemes, the Amazon employees worked with Krasr to rip off and displace a popular skin-care product called Pure Daily Care.
Krasr unleashed an avalanche of negative reviews targeting Pure Daily Care, leading to a $400,000 loss for the company and 50 percent staff cut.
According to Wired's description of the internal memos, the seven insiders divulged customer data and product information to Krasr.
At Krasr's behest, the insiders also blocked and reinstated sellers' access to their online stores, enabling Krasr to sell copies of popular products while preventing the sellers of the original product from making theirs available for purchase, resulting in hundreds of thousands of dollars in stolen sales.
Deeper Analysis
Krasr worked with the employees to set up ransom payments, whereby victimized sellers could pay Krasr to get back to selling online.
Amazon purportedly reported Krasr to the FBI and hired a private investigator to find him.
Presented with the Wired story before publication, an Amazon spokesperson said the company has invested billions of dollars to keep data secure, adding "the claims made in the Wired story are based on information that is outdated and out-of-context and have absolutely no bearing on Amazon's current security posture."
The Amazon memo also revealed that, in a separate case, two Amazon employees in China had previously accepted bribes and sold personal data.
With such a large and rapidly growing company, it is alarming but not surprising that a few staff would scheme to take illegal profit.
According to the Real News podcast, a former IT security VP at Amazon asserted the company lacked an insider threat program at the time of his employment (until 2017).
While monitoring social media is a legal minefield, it is significant the insiders were recruited via social media.
This case reinforces the importance of training staff on the uses and abuses of social media and the prevalence of scammers who recruit via social media platforms.
Psst: Would you benefit from our Deeper Analysis section for the other three featured stories each month? Want to help ensure iThreat and Mike Gips are able to keep bringing you news and analysis of important insider threat incidents? If so, we would appreciate you becoming a paid subscriber to the Insider Signal Plus version of the newsletter!
Sources & Additional Information
https://www.wired.com/story/amazon-failed-to-protect-your-data-investigation/
https://www.businessinsider.com/krasr-scam-recruited-amazon-moles-to-hijack-sellers-report-2021-11
https://wwd.com/business-news/technology/amazons-data-security-privacy-1235000292/
Metallurgist Gave U.S. Military Substandard Steel for Submarines
Elaine Thomas, 67, the former Director of Metallurgy at Bradken Inc., has pled guilty of falsifying test results that measure the strength and toughness of steel used in U.S. Navy submarines. Bradken supplies the Navy with cast high-yield steel for submarines, and its Tacoma, Washington, foundry produces castings that contractors use to build submarine hulls. This steel must meet standards for strength and toughness. Over 30 years, the foundry produced many castings that failed lab tests. Thomas falsified test results for more than 240 productions of steel that had been delivered to the Navy with indication the productions had passed testing.
Analysis Highlights
Bradken management was unaware of the fraud until May 2017
At that time, a lab employee discovered test cards were altered and other discrepancies existed in records.
In June 2020, Bradken entered into a deferred prosecution agreement accepting responsibility for the offense and agreeing to take remedial measures.
Bradken also settled in a civil judgement, paying $10,896,924 to resolve allegations the foundry produced and sold substandard steel components for U.S. Navy submarines.
The Navy says it has taken "extensive steps" to ensure the safety of the affected submarines, at significant cost.
Sources & Additional Information
https://www.justice.gov/usao-wdwa/pr/former-metallurgist-lab-director-pleads-guilty-major-fraud-usa
https://www.epa.gov/sites/default/files/2015-09/documents/labfraud_0.pdf
Broadcom Engineer Charged with Trade Secret Theft
Peter Kisang Kim, formerly a design engineer at Broadcom, which develops semiconductor software products, has been indicted for stealing trade secrets from Broadcom. The indictment alleges Kim, 50, stole Broadcom trade secrets about a type of chips often used in high-volume data centers. Ten days after leaving Broadcom, Kim became a director for a China-based startup company focused on network chip design and the market for networking chips, the indictment says. It alleges that Kim received a laptop from the company and spent his first 9 months on the job using Broadcom trade secrets on that device. The trade secrets included test plans, design verification environment files, and design specifications for the Broadcom family of chips.
Analysis Highlights
Kim had signed a confidentiality agreement as a condition of his employment and again upon termination.
Kim had also attended annual refresher training on the handling of confidential information.
The trade secrets were allegedly restricted to Broadcom employees and stored in non-public document repositories.
Kim had specifically confirmed Broadcom considered the following as trade secrets: (a) internal design, and development materials, (b) specifications, (c) schematics, (d) source code, (e) architectures, (f) Verilog (a hardware description language), (g) internal test materials, (h) scripts, and (i) test results.
Sources and Additional Information
https://isssource.com/engineer-charged-in-trade-secret-theft/
https://www.justice.gov/usao-ndca/pr/former-broadcom-engineer-charged-theft-trade-secrets
Navy Engineer Used Insider Threat Training to Defeat Insider Threat Detection
According to an article in CSO magazine, U.S. Navy engineer Jonathan Toebbe, who goes to trial in December on charges of stealing nuclear submarine secrets, defeated the Navy's insider threat detection systems by taking insider threat training. According to the complaint filed in federal court, Toebbe reached out to an undisclosed foreign power and offered to provide nuclear secrets. In exchange for cryptocurrency payments, he subsequently delivered via dead drop documents that contained militarily sensitive design elements, operating parameters, and performance characteristics of Virginia-class submarine reactors. Charging documents suggest Toebbe was attempting to sell additional secrets for $5 million.
Analysis Highlights
Toebbe's wife, Diana, was charged as a co-conspirator for serving as a lookout during dead drops.
According to CSO, Toebbe wrote how he had been, "taking information from the Navy in such a way that he would not raise the suspicion of his colleagues."
Toebbe said he used insider threat training to learn about insider threat warning signs, and he was careful not to exhibit any of those signs.
For example, Toebbe gathered files slowly over time and in the routine course of performing his job.
Sources & Additional Information
We Want Your Feedback!
How are we doing? Are you enjoying our content and insights? Are there specific stories you’d like us to cover? We would love your feedback via insidersignal@ithreat.com. With your permission, we may even publish it!
More Insider Threat Stories - November 2021
Law Partner Stalked Colleagues
New York attorney Willie Dennis, 59, was indicted for cyberstalking partners and other staff at his former law firm, K&L Gates. According to the indictment, Dennis harassed, intimidated and threatened multiple individuals at the firm, sending them thousands of belligerent emails and text messages. Source: https://www.law.com/newyorklawjournal/2021/11/19/former-kl-gates-partner-arrested-on-cyberstalking-charges/
Social Security Employee Stole Identities
Sean Okrzesik, 34, of Syracuse, New York, pled guilty to theft of government property and aggravated identity theft. While working at the Syracuse office of the Social Security Administration, Okrzesik used the names and Social Security numbers of Supplemental Security Income (SSI) beneficiaries or their representative payees to steal SSI benefit payments. He admitted opening bank accounts under the names and Social Security numbers of various SSI beneficiaries or their representative payees. Once these accounts had been created, he would divert SSI benefit payments intended for these beneficiaries into the accounts, which he used to pay for personal expenses, such as for video gaming equipment, a custom suit, jewelry, airline tickets to the Caribbean, and online gambling, for a total of $103,798.77. Source: https://www.syracuse.com/crime/2021/11/former-federal-employee-from-syracuse-stole-more-than-100k-in-social-security-benefits-feds-say.html
VA Pharmacist Pleads Guilty to Diverting Painkillers
Matthew Camera, 50, of Erie, Pennsylvania, pled guilty to violating federal drug laws while serving as the Pharmacy Chief at the Veterans Affairs Medical Center in Erie. Camera pocketed multiple dosage units of Hydrocodone and Oxycodone from pill bottles awaiting delivery to Veterans Affairs patients. Source: https://www.justice.gov/usao-wdpa/pr/former-pharmacy-chief-va-medical-center-erie-pleads-guilty-diverting-painkillers
Ghanian Gas Station Manager Gets Hard Labor for Embezzlement
A court in the south Ghana town of Asamankese has sentenced a sales manager at a Galaxy Oil service station to four years hard labor for embezzlement. Emmanuel Donkor, 55, embezzled Gh¢70,725.00 belonging to Galaxy Oil, to which he pleaded guilty. The embezzlement was detected by the company's internal audit team. Source: https://www.myjoyonline.com/sales-manager-at-osenase-galaxy-oil-filling-station-jailed-for-stealing-70k/
Executive Director and Bookkeeper Ripped Off Halfway House
The executive director and bookkeeper of Ain Dah Ing halfway house for Native Americans in Spooner, WI, have been sentenced for fraud. Director Fredericka DeCoteau, 63, received a 2-year sentence while bookkeeper Edith Schmuck, 77, was sentenced to a year and a day in prison. They have been ordered to jointly pay restitution of $777,283. DeCoteau and Schmuck paid themselves unauthorized bonuses via payroll checks signed using a rubber signature stamp of the halfway house treasurer. Source: https://www.wpr.org/2-sentenced-stealing-777k-spooner-addiction-center
Prison Guards Smuggled Contraband
Three U.S. Bureau of Prisons employees and eight inmates of New York's Metropolitan Correctional Center are charged with conspiring to smuggle drugs, alcohol, cellphones, and other contraband to inmates at the prison. The three employees are corrections officers Perry Joyner and Mario Feliciano, as well as unit secretary Sharon Griffith-McKnight. The indictment alleges the prison employees took bribes to bring in cigarettes, alcohol, and other items for the inmates. Source: https://www.justice.gov/usao-sdny/pr/current-and-former-metropolitan-correctional-center-employees-and-inmates-indicted
Wikipedia Editors May Be Glorifying Nazism
Wired magazine published a profile of Ksenia Coffman, a woman who has spent years revising Wikipedia pages that glorify Nazis, paint a rosy picture of historical atrocities, or misrepresent the Second World War. Her pursuit reveals much of the historical fact that we rely on in Wikipedia is provided by self-appointed expert insiders whose work is infrequently, if ever, reviewed. By democratizing information without sufficient controls, Wikipedia may be unwittingly contributing to the creation of misinformation and disinformation. Source: https://www.wired.com/story/one-womans-mission-to-rewrite-nazi-history-wikipedia/
University Analyst Charged with Embezzlement
Kenya Ward, 44, an employee at North Carolina Central University in Durham, North Carolina, has been charged with embezzling more than $900,000 from the school's bookstore and food services department. She served as business and technology application analyst and manager of the school's Eagle Card system, which allows students and others on campus to perform tasks such as registering for classes, paying for laundry, and purchasing meals. Source: https://www.wect.com/2021/11/05/im-innocent-nc-central-employee-charged-with-embezzling-nearly-1-million-university/
Kentucky Employee Illegally Imported Erectile Dysfunction Drugs
Former Kentucky state employee Howard Stanley Head, Jr., 59, was sentenced in federal court to a year in prison for conspiracy to import misbranded prescription drugs. He was also fined $1,000 and ordered to forfeit $30,275. Head regularly purchased thousands of tablets of erectile dysfunction drugs online from overseas suppliers. He resold them at a profit to customers throughout Kentucky. Source: https://www.kentucky.com/news/local/crime/article255491816.html
Navy Supervisor Assaults Subordinate
Jared B. Heisey, 30, pled guilty in federal court to assaulting a female subordinate employee at the Naval Support Activity (NSA) in Mechanicsburg, Pennsylvania. A former supervisor at NSA, Heisey admitted he ordered the victim to accompany him to conduct an inventory count in a remote building at the NSA. Once inside, Heisey grabbed the woman's neck, pinned her against the wall, and made sexual comments about what he would like to do to her. Source: https://www.yorkdispatch.com/story/news/crime/2021/11/04/york-county-man-former-government-agency-supervisor-pleads-guilty-assaulting-subordinate/6263957001/