Insider Signal - 2021.12
A fired employee poses as a ransomware hacker, a skunkworks team member takes proprietary information, an engineer steals data and attempts extortion, and a government leak exposes citizens' info.
Ex-Staffer Extorts Old Firm, Poses as Ransomware Hacker
Nicholas Burks, 29, a former employee at tech support company Asurion, has been arrested for theft and extortion. Upon being terminated for performance issues, Burks allegedly stole a company laptop, accessed the corporate network, downloaded 100 terabytes of proprietary information, posed as a ransomware hacker, and convinced Asurion to pay him more than $300,000 for not posting the company's sensitive information.
This is yet another case in which an employee terminated for performance problems retaliated against their former employer.
As a hacker might do, Burks contacted Asurion leadership, specifying the data he had, to include financial documents, more than a million customer identities, and thousands of staff social security numbers.
Burks reached out to seven executives via email to make his demand.
He threatened to publicly publish the data if he didn't receive a ransom payment within 24 hours.
Burks included some of the stolen information to prove that he wasn't bluffing.
Asurion purportedly paid Burks $300,000 via multiple cryptocurrencies.
Burks allegedly used a "tumbler" to shield the origins of the cryptocurrency, then split the funds and deposited them in several accounts.
Employers must be fastidious about immediately shutting down physical and virtual access to terminated staff, and to collecting any company materials in the ex-employee's possession, such as phones, laptops, hard drives, customer lists, and strategy documents.
To stall for time, Asurion made daily $50,000 payments to Burks, initiated an internal probe, then contacted the FBI for assistance, according to a federal search warrant.
Asurion identified the culprit when an inventory showed a laptop was missing and the last login was by Burks.
The company then noticed that in Burks' last few days on the job, the laptop, which had four hard drives attached, accessed the corporate network multiple times.
The FBI reportedly surveilled Burks as Asurion made the first payment.
Immediately after Asurion made the first $50,000 payment, the FBI saw Burks pick up his phone and type on it. Immediately thereafter, Asurion received a message demanding a larger payment.
Psst: Would you benefit from our Deeper Analysis section for the other three featured stories each month? Want to help ensure iThreat and Mike Gips are able to keep bringing you news and analysis of important insider threat incidents? If so, we would appreciate you becoming a paid subscriber to the Insider Signal Plus version of the newsletter!
Sources & Additional Information
We Want Your Feedback!
How are we doing? Are you enjoying our content and insights? Are there specific stories you’d like us to cover? We would love your feedback via email@example.com. With your permission, we may even publish it!
Lab-Grown Meat Company In Beef With Staffer They Allege Stole Proprietary Data
Upside Foods, which is developing technology to make lab-grown meat more affordable, has sued a former research associate for allegedly stealing thousands of confidential documents, including trade secrets. The employee, Napat Tandikul, was working in an elite skunkworks team within Upside Foods on the company's most secretive and far-reaching projects. Upside alleges Tandikul downloaded thousands of documents pertaining to the skunkworks activities, to include thousands of sensitive documents. Those documents contained information on the design of a bioreactor used to grow the animal cells for cultured meat products, as well as business goals and testing data.
By the time Tandikul allegedly misappropriated the information, she was the only employee left on the elite skunkworks team.
The two other members, including one of the company's cofounders, had left within the prior few months.
By its highly secretive nature, very few people in the company knew what information the skunkworks team had and what they were working on.
Leaving one person in control of a company's most valuable information is a recipe for trouble.
Sources & Additional Information
Ubiquiti Engineer Steals Data, Attempts to Extort Employer
Nickolas Sharp, 28, of Portland, Oregon, has been arrested for using his administrative access to the corporate network of his employer, Ubiquiti, a wireless communications company, to steal gigabytes of proprietary data. Even as the senior developer worked to fix the breach he had caused, Sharp posed as a hacker and anonymously threatened publication of files if Ubiquiti didn't pay him $2 million in Bitcoin.
Sharp had extensive access in his role, including to Amazon Web Services and GitHub servers.
According to the case indictment, Sharp accessed his employer's GitHub resources and stole source code and product information, cloning 155 repositories.
The indictment also charges Sharp with using PayPal to buy a subscription to Surfshark VPN, which he used to access the GitHub and AWS servers.
The big break in the case occurred when, as Sharp was accessing and downloading corporate data, a brief loss of Internet service exposed his home IP address, per the indictment.
Sharp had also failed to turn on the "Kill Switch" on his VPN, which would have shielded his identity.
Sources & Additional Information
Albanian Data Breach Leaks Citizen Information
An Excel database maintained by the Albanian government, containing information about 630,000 Albanian citizens such as salaries as political leanings, has been leaked online via Whatsapp. Other exposed data includes job positions, employer names, and ID numbers. Government officials believe the breach was intentionally caused by an insider.
Albania's Prime Minister called the breach "an attempt to create confusion and to foster instability," implicitly blaming the opposition party.
The case shows the power of a data breach to undermine trust in government officials and regimes.
Experts say the leak betrays systemic weaknesses in Albania's networks as well as the absence of an effective response plan.
Experts also note the exposure "has extremely serious consequences for intelligence" services in Albania.
Sources & Additional Information
More Insider Threat Stories - December 2021
Aerospace Executives Conspired to Limit Staff Mobility
A federal grand jury in Bridgeport, Connecticut has returned an indictment charging a former manager of a major aerospace engineer and five executives of outsource engineering suppliers for conspiring to restrict the hiring and recruiting of employees among their companies. The conspiracy allegedly impeded opportunities for thousands of engineers and other skilled aerospace workers involved in in the design, manufacturing, and servicing of commercial and military aircraft components. Six people — Mahesh Patel, of Connecticut; Robert Harvey, of South Carolina; Harpreet Wasan, of Connecticut; Steven Houghtaling, of Connecticut; Tom Edwards, of Connecticut; and Gary Prus of Florida — allegedly conspired with unnamed others to not to hire or solicit employees from each other’s companies. Source: https://www.jdsupra.com/legalnews/department-of-justice-does-the-two-step-6494110/
Nurse Illegally Distributed Opioids
Kelly McCallum, 39, a Dybersburg, Tennessee, nurse practitioner, was arrested on charges of distributing prescription drugs unlawfully from the medical clinic she owned and operated. Over four years, McCallum allegedly prescribed more than two million opioid pills and more than 900,000 pills containing benzodiazepinesat at the Convenient Care Clinic. Charging documents state McCallum wrote prescriptions to people with whom she had close personal relationships. She is also alleged to have prescribed dangerous combinations of controlled substances to her patients and, when she was out of the office, left pre-signed prescriptions for staff to distribute controlled substances in her absence. Source: https://www.actionnews5.com/2021/12/17/dyersburg-nurse-practitioner-accused-unlawfully-distributing-prescription-drugs-health-care-fraud/
Former Defense Contractor Arrested for Attempted Espionage
John Murray Rowe Jr., 63, of Lead, South Dakota, was arrested for attempting to provide classified national defense information to the Russian government. According to the complaint, Rowe worked for almost 40 years as a test engineer for several cleared defense contractors. He held various national security clearances from SECRET to TOP SECRET/SCI (Sensitive Compartmented Information) and worked on matters relating to the U.S. Air Force’s aerospace technology. Authorities identified Rowe as a potential insider risk after he committed multiple security violations and expressed keen interest in Russian affairs, including whether he could obtain a security clearance from the Russian government. Rowe was terminated from employment. An FBI undercover operation led Rowe to exchange more than 300 emails with a bogus Russian agent, expressing his interest in working for the Russians and detailing classified information to which he had access, including electronic countermeasures used on U.S. military jets. Source: https://www.newsweek.com/south-dakota-man-latest-line-americans-charged-espionage-1660311
DEA Agent Sentenced for Money Laundering and Fraud Scheme
A former Drug Enforcement Administration (DEA) special agent, Jose I. Irizarry, 46, of Dorado, Puerto Rico, was sentenced to 145 months in prison for operating a money laundering and fraud scheme while serving as a special agent with the DEA. Irizarry pled guilty on Sept. 14, 2020 to all 19 counts in an indictment that included conspiracy to commit money laundering, wire fraud, bank fraud, and aggravated identity theft. Irizarry used his position to divert $9 million from undercover DEA money laundering investigations to himself and to co-conspirators. In return, Irizarry received bribes and kickbacks worth at least $1 million for himself and his family, which was used to purchase jewelry, luxury cars, and a home. To carry out the scheme, Irizarry and his co-conspirators used a stolen identity to open a bank account under false pretenses and then utilized the account to receive diverted drug proceeds. Source: https://www.mercurynews.com/2021/12/09/ex-dea-agent-gets-12-years-for-conspiring-with-cartel/
Air Force Employee Swindled $1M in Advances
Eddie Ray Johnson, Jr., 60, of Brandywine, Maryland, a former U.S. Air Force civilian employee, has been sentenced to a year-plus in prison and another year in home confinement, plus restitution and fines, after pleading guilty to using his travel credit card to get more than $1 million in cash advances. According to the plea agreement, Johnson served as travel coordinator for the Secretary of the Air Force, Office of Legislative Liaison. He admitted that from March 2014 through September 2017, he used his government travel credit card to obtain $1.1 million in cash advances, at least three quarters of which he put to personal use. Source: https://www.nbcwashington.com/news/local/prince-georges-county/maryland-ex-air-force-worker-sentenced-for-stealing-government-funds/2896170/
Freight Executive Admits Embezzlement
A former program manager of an international freight forwarding company, Morten Nielsen, 37, admitted embezzling more than $550,000 from the company. As program manager, the New Jersey resident oversaw the company’s contract relating to an initiative between the Egyptian government and U.S. Department of Defense related to the sale and repair of military equipment. Over a two-year period, Nielsen submitted bogus invoices from a fake company he controlled to the freight forwarding company for work his fake company didn't do. He forwarded those invoices to the Egyptian government, which approved them, whereby the DoD reimbursed the freight forwarder. The freight forwarder paid Nielsen's bogus firm about $559,000 during the scheme. Source: https://hudsonreporter.com/2020/10/05/phony-invoice-scheme-discovered/
NFL Kicker Says Coach Kicked Him
Former Jacksonville Jaguars kicker Josh Lambo has claimed that then-coach Urban Meyer, who was fired in December, kicked him in the leg while he was stretching in warm-ups before an August practice. Lambo said Meyer told him, "Hey Dips---, make your f---ing kicks!" and then kicked him in the leg. Lambo told the Tampa Bay Times that he said to Meyer, "Don't you ever f---ing kick me again!" and that Meyer replied, "I'm the head ball coach. I'll kick you whenever the f--- I want." Source: https://www.si.com/nfl/jaguars/news/josh-lambo-details-run-in-with-urban-meyer-alleges-coach-kicked-him-in-august-warmup
Auto Dealership Staffer Kills Colleague with Metal Bat to Head
Steve Tilbury, 26, of Leesburg, Florida, was arrested on charges of beating a coworker to death with a metal baseball bat. Officials say he assaulted Charles G. Cummings, 50, a colleague at Ritchey Autos. According to witnesses, Tilbury pulled his truck up to a maintenance bay, grabbed a bat from the truck and hit Cummings, who was sitting at his desk, on the head. Source: https://www.wesh.com/article/murder-coworker-attack-metal-bat-dies-daytona-beach/38403909
Veterinarian Misbranded and Adulterated Drugs
Veterinarian Rebecca Linke, who worked for Colts Neck Equine Associates in Manalapan Township, New Jersey, has received a two-year deferred prosecution related to a scheme involving doping of racehorses. Linke was one of more than two dozen trainers, veterinarians and drug suppliers indicted in March 2020 on drug misbranding and adulteration. Several defendants have since pleaded guilty while others await trial. Linke, who practiced on Standardbreds, allegedly supplied misbranded and adulterated performance-enhancing drugs and falsified medical and pharmaceutical records. Source: https://www.paulickreport.com/news/the-biz/new-jersey-veterinarian-gets-deferred-prosecution-deal-in-federal-doping-case/
Oshkosh Alleges Espionage
The Oshkosh Corporation is suing former mechanical engineer McKenzie Ditty and a Chinese competitor for corporate espionage. Oshkosh alleges Chinese Company, Sany America, hired Ditty and wanted Ditty to gain access to newly patented Oshkosh boom lift technology. The lawsuit alleges Ditty failed to return the designs he helped develop when he left the company and erased his company-issued cell phone before returning it. Oshkosh aims to block Ditty from sharing proprietary information with his new employer. Source: https://www.whby.com/2021/12/22/oshkosh-corporation-files-corporate-espionage-lawsuit/