Skip Navigation

ITMG Insider Threat Cases – February 22, 2021

3 North Korean Military Hackers Indicted in Wide-Ranging Scheme to Commit Cyberattacks and Financial Crimes Across the Globe

A federal indictment unsealed today charges three North Korean computer programmers with participating in a wide-ranging criminal conspiracy to conduct a series of destructive cyberattacks, to steal and extort more than $1.3 billion of money and cryptocurrency from financial institutions and companies, to create and deploy multiple malicious cryptocurrency applications, and to develop and fraudulently market a blockchain platform. A second case unsealed today revealed that a Canadian-American citizen has agreed to plead guilty in a money laundering scheme and admitted being a high-level money launderer for multiple criminal schemes, including ATM “cash-out” operations and a cyber-enabled bank heist orchestrated by North Korean hackers.

‘Sophisticated insider threat’ at DHS immigration agency forces pause to Iraqi refugee program

Ali had been anxiously eyeing the first days of the Biden administration, counting on the president’s promises of a new era in immigration to clear hurdles and help him get the visa he’s been seeking for years, as a reward for helping the U.S. war effort in Iraq. But two days into the new administration, those hopes were dashed when the State Department announced an emergency pause on the special Iraqi refugee program. Prosecutors had just revealed an almost unthinkable internal security breach: Two Homeland Security employees had been selling secret files from the Iraqi program for years, leaving security experts to figure out the damage, and the State Department to try to cauterize the wound.

Former Employee Arrested For ‘Ransomware’ Scheme At Fairfield County Business, Police Say

A 33-year-old out-of-state man has been arrested on a warrant for allegedly hacking into a former Fairfield County employer’s computer system, causing the business to become the victim of a “ransomware” attack. Yigitali Ercan, of Philadelphia, was arrested on Tuesday, Feb. 9, for the incident which took place in September in Westport, said Lt. David Wolf of the Westport Police. According to Wolf, the company told police that the former employee hacked into their computer and made some modifications to their website. The next day, the company became the victim of ransomware and were unable to access their work files without paying the “ransom.”

Internal Leak of 4,887 Users: Yandex Employee Fate Unknown

Russian web titan Yandex NV suffered an insider breach. An employee was selling sensitive user data to anyone who would pay, says Yandex. The perp was an admin of the firm’s email service, Yandex.Mail. It’s alleged they’d sold access to almost 5,000 mailboxes. No word on what’s happened to the scrote. In today’s SB Blogwatch, we visualize them chopped up and hidden in matryoshka dolls.

Klamath Falls Man Pleads Guilty for Sending Threatening Cards Containing White Powder to Former Coworkers

MEDFORD, Ore.—A Klamath Falls, Oregon man pleaded guilty today for sending cards to former coworkers containing a white powdered pesticide threatened to be anthrax, announced U.S. Attorney Billy J. Williams. Kelly Michael Burns, 71, pleaded guilty today to eight counts of mailing threatening communications. According to court documents, on or about December 19, 2019, Burns mailed four Christmas cards, postmarked in Medford, to former coworkers containing a white powder pesticide later identified as carbaryl. The cards were addressed to the victims’ workplace and contained violent threats such as “Merry Anthrax (obscenity)! Eat (obscenity) and die more to come.” Three people at Burns’ former workplace were exposed to the carbaryl, forced to undergo an extensive physical decontamination process, and were administered a high-dose antibiotic. One of the victims exposed was ten weeks pregnant at the time of exposure. As a result of the contamination, law enforcement ordered company employees out of the building and the company was closed for further decontamination.

Former Phone Company Employee Charged For Role in Sim Swap Scam That Targeted At Least 19 Customers, Including New Orleans Resident

NEW ORLEANS –  U.S. Attorney Peter G. Strasser announced that STEPHEN DANIEL DEFIORE age 36, a resident of Brandon, Florida, was charged today in a one-count Bill of Information with conspiracy to commit wire fraud, in violation of Title 18, United States Code, Sections 371 and 1343, for his role in a SIM Swap scam that targeted at least nineteen people, including a New Orleans-area physician. DEFIORE is the second member of the conspiracy to be charged. According to the Bill of Information, a SIM Swap scam is a cellular phone account takeover fraud that results in the routing of a victim’s incoming calls and text messages to a different phone. Once a perpetrator is able to swap the SIM card, it is likely he is able to obtain access to a victim’s various personal accounts, including email accounts, bank accounts, and cryptocurrency accounts, as well as any other accounts that use two-factor authentication.

Former Tech Employee at Blue Ridge School District Pleads Guilty to Fraud Scheme; Agrees to Pay Back Money

SPRINGFIELD, Ill. – A former technology coordinator who worked for Blue Ridge Community School District in Farmer, City, Ill., Joshua Raymer, 45, today waived indictment and pled guilty to a scheme that defrauded the district of approximately $336,276 over two years.  Raymer, of Clinton, Ill., entered his guilty plea by videoconference before U.S. Magistrate Judge Tom Schanzle-Haskins. According to court documents, during the time Raymer carried out the scheme, from April 2016 to December 2018, he falsely represented to a district official that computer switches had failed, and replacements were needed to maintain the district’s computer system. Raymer repeatedly used his position to have the district order and pay for more than 100 computer switches that it did not use or need, from two separate vendors, at a total cost of more than $400,000. Another 28 computer switches were ordered that were never paid for that resulted in a loss to the vendor of approximately $106,200.

Interpreter In Federal Criminal Investigation Charged With Disclosing Investigation And Court-Ordered Wiretap To Targeted Drug Dealer

SAN JOSE – Liliana Moreno, a Spanish translator hired as a contractor by the Drug Enforcement Administration (DEA) in a drug trafficking investigation, appeared today in United States District Court to face federal charges that she intentionally disclosed the investigation and its court-ordered wiretap to the investigation’s target, announced United States Attorney David L. Anderson, Department of Justice Office of the Inspector General Los Angeles Field Office Special Agent in Charge Zachary Shroyer, and Drug Enforcement Administration Special Agent in Charge Daniel C. Comeaux.

Former D.C. Apartment Manager Pleads Guilty to Defrauding Her Employer, Causing a Loss to the Company of at Least $285,703, Used Her Position in the Company to Employ Several Schemes to Defraud her Employer; Spent Stolen Funds on Luxury Personal Expenses, Including Washington Wizards Season Tickets and Cancun Vacation

Greenbelt, Maryland – Lachann Alexis Green, age 36, of Laurel, Maryland, pleaded guilty to the federal charge of wire fraud in connection with a scheme to defraud her employer, causing a loss to the business of at least $285,703.09. The guilty plea was announced by United States Attorney for the District of Maryland Robert K. Hur and Special Agent in Charge Jennifer C. Boone of the Federal Bureau of Investigation, Baltimore Field Office. According to her guilty plea, from October 2017 through December 2018, Green was the general manager of Rhode Island Row, an apartment complex in Washington, D.C. that was managed by Business 1, her employer.  As General Manager of the apartment complex, Green was the senior employee of Business 1 on site at Rhode Island Row and was responsible for all expenses and staffing needs for the apartment complex.  During her time as General Manager, Green used her position to defraud Business 1 in at least four different ways.

Former Ku Medical Center Employee Pleads Guilty to Embezzling More Than $500,000

KANSAS CITY, KAN. – Michael Tae Kim Ahlers, 49, of Lenexa, Kansas, has pleaded guilty to federal charges of bank fraud and filing a false tax return related to a scheme to embezzle money from the University of Kansas Medical Center (KUMC). “Michael Ahlers abused his position as the Administrative Officer for an academic and research medical center, stealing more than $500,000 to enrich himself,” said First Assistant U.S. Attorney Duston Slinkard. “His guilty plea should send a message that, no matter your position, you cannot profit illegally or violate the trust of the company who hires you.”  “During this investigation, state and federal partners worked extremely well together to make certain these criminal acts did not go unpunished,” said KBI Director Kirk Thompson.

Former Vermillion Township Clerk Charged With $650,000 Wire Fraud Scheme

United States Attorney Erica H. MacDonald today announced a felony information charging MARYANN HELEN STOFFEL, 70, of Hastings, Minn., with one count of wire fraud. STOFFEL will make her initial appearance before a Judge in U.S. District Court at a later date. According to the allegations in the information, from December 2012 through October 2020, STOFFEL used her position as the Clerk of the Township of Vermillion, an elected position, to misappropriate more than $650,000 of Township funds. Although, in her role as Clerk, STOFFEL had signature authority over the Township’s bank account, Township checks required at least two signatures. As part of the fraud scheme, STOFFEL, at times, forged the signatures of the Township’s Treasurer and the Chairman of the Township Board on Township checks. At other times, STOFFEL solicited signatures from the Township’s Treasurer and the Chairman of the Township Board on blank Township checks by falsely representing that she would use the checks to pay the Township’s bills. Instead of using the funds to pay the Township’s bills, STOFFEL transferred the funds to her personal bank account for her own use and benefit. STOFFEL concealed her fraud from the Township and from the State of Minnesota by excluding the unauthorized payments to herself on the Township’s annual report.

This entry was posted on Monday, February 22nd, 2021 at 12:11 pm. Both comments and pings are currently closed.

Discover more from Insider Threat Management Group

Subscribe now to keep reading and get access to the full archive.

Continue reading