Skip Navigation

ITMG Insider Threat Cases – March 22, 2021


CareCentrix files corporate espionage lawsuit against Signify Health

The post-acute care company claims that a former employee shared confidential information with one of its competitors.The post-acute care company CareCentrix filed a complaint in U.S. district court against Marcus Lanznar and Signify Health, accusing Lanznar of corporate espionage and theft of confidential information. “CareCentrix entrusted Lanznar with its highest levels of confidential information, strategies, and trade secrets,” read a redacted version of the complaint filed in a Delaware district court on Monday. “As Signify prepared to go public, it combatted CareCentrix’s superiority by launching a scheme with Lanznar to use Lanznar as a spy within CareCentrix,” the complaint alleged. “As a matter of policy, we do not comment on pending lawsuits or legal proceedings,” said a Signify representative in response to requests for comment. “However, we dispute the claims asserted by CareCentrix and intend to vigorously defend the lawsuit.”

Spacex Engineer Pleads Guilty To Insider Trading

Tampa, Florida – James Roland Jones, a/k/a “MillionaireMike” (33, Hermosa Beach, CA), has pleaded guilty to conspiracy to commit securities fraud. Jones faces a maximum penalty of five years in federal prison. A sentencing date has not yet been set. According to the plea agreement, from 2016 until at least 2017, Jones conspired with another to commit securities fraud. Jones, using the moniker “MillionaireMike,” purchased personally identifiable information (“PII”) on the dark web, including names, addresses, dates of birth, and social security numbers. He used this information, in part, to open and/or operate accounts for the purpose of conducting financial transactions based on material, non-public information related to publicly traded securities, more commonly known as “insider information.” In April 2017, an FBI undercover employee provided Jones with purported insider information related to a publicly traded, U.S. company (“U.S. Company 1”). From April 18, 2017, until May 4, 2017, Jones and a conspirator conducted numerous securities transactions based on this purported insider information. In June 2017, Jones gained control of an investment account that had been fraudulently opened in the name of J.L.M. (“the J.L.M. Account”). In July 2017, Jones revealed to the FBI undercover employee that Jones had insider information related to a second publicly-traded, U.S. company (“U.S. Company 2”). From July 14, 2017, until July 26, 2017, Jones and the conspirator conducted numerous securities transactions based on this purported insider information, including some of which that were executed using the J.L.M. Account.

Former Casino Employee Sentenced to Three Years in Federal Prison: Server Admits Embezzlement of Over $18,000

Jackson, Miss. – Darren Nickey, 31, a former employee of the Pearl River Resort – Silver Star Casino was sentenced today by U.S. District Judge Henry T. Wingate to 36 months in prison, followed by three years of supervised release, for theft by an employee of a gaming establishment on Indian lands, announced Acting United States Attorney Darren J. LaMarca.  Nickey was also ordered to pay restitution in the amount of $18,340. From March 2016 through May 2016, on three separate occasions, Nickey embezzled over $1,000 at a time from cash recyclers in the Casino.  Because he worked as a cashier in the retail store on the premises, Nickey had access to the cash recycler to stock his cash register.  He also made use of colleagues’ log-in passwords to hide the cash thefts.  Further investigation revealed that Nickey had repeated the thefts to total $18,340 in over 40 withdrawals.

Former Employee of Federal Reserve Board Pleads Guilty to Theft of Government Property: Removed Proprietary Documents Prior to Quitting His Job

Greenbelt, Maryland – Venkatesh Rao, age 67, of Bethesda, Maryland, pleaded guilty on March 18, 2021 to theft of government property from his former employer, the Board of Governors of the Federal Reserve System (Federal Reserve Board or FRB). According to his guilty plea, in 2019, the Federal Reserve Board notified Rao that it considered his work performance to be unsatisfactory and Rao made a decision to voluntarily separate from the Board.  Over the course of five weekend days in November 2019, Rao entered the FRB building in Washington, D.C. approximately 16 times and printed more than 50 restricted government documents from his workstation and avoided FRB restrictions on the emailing and electronic copying of restricted materials.  Rao removed the restricted documents, which contained proprietary information used by the FRB to conduct bank stress tests, from the FRB building and stored the materials at his home.

Russian National Pleads Guilty to Conspiracy to Introduce Malware into a U.S. Company’s Computer Network

A Russian national pleaded guilty in federal court today for conspiring to travel to the United States to recruit an employee of a Nevada company into a scheme to introduce malicious software into the company’s computer network. According to court documents and admissions made in court, from July 15, 2020, to Aug. 22, 2020, Egor Igorevich Kriuchkov, 27, conspired with others to recruit an employee of a large U.S. company to transmit malware provided by the conspirators into the company’s computer network. Once the malware was installed, Kriuchkov and his co-conspirators would use it to exfiltrate data from the company’s computer network and then extort the company by threatening to disclose the data. As part of the conspiracy, Kriuchkov traveled from Russia to California through New York.  On numerous occasions between Aug. 1, 2020, and Aug. 21, 2020, Kriuchkov traveled from California to Nevada in an attempt to entice the employee to participate in this hacking scheme, offering to pay the employee with Bitcoin if the employee transmitted the malware.  After meeting with Kriuchkov, the employee reported his conduct to the victim company, which promptly contacted the FBI. The FBI then thwarted the scheme.

Swiss Hacker indicted for conspiracy, wire fraud, and aggravated identity theft

Seattle – A prolific Swiss computer hacker, TILL KOTTMANN, 21, was indicted today by a grand jury in the Western District of Washington for computer intrusion and identity and data theft activities spanning 2019 to the present.  KOTTMANN, aka “deletescape” and “tillie crimew,” who initially was charged in September 2020, remains in Lucerne, Switzerland, and has received notice of pending U.S. charges. According to the indictment, since 2019, KOTTMANN and coconspirators have hacked dozens of companies and government entities and posted the private victim data of more than 100 entities on the web. Specifically, the indictment alleges that KOTTMANN used a variety of hacking techniques and predominantly targeted “git” and other source code repositories belonging to private companies and public sector entities.  KOTTMANN cloned the source code, files, and other confidential and proprietary information, which at times included hard-coded administrative credentials, access keys, and other means of further system or network access.  KOTTMANN then used such means of access to further infiltrate the internal infrastructure of victims and copy additional files, records, and information.

State Department Employee Sentenced to Prison for Trafficking in Counterfeit Goods from U.S. Embassy

EUGENE, Ore.— A U.S. Department of State employee and his spouse were sentenced today for their roles in an international conspiracy to traffic in counterfeit goods from the U.S. Embassy in Seoul, Republic of Korea. According to court documents, Thompson Jr. was an Information Programs Officer employed by the Department of State at the U.S. Embassy in Seoul, a position that required him to maintain a security clearance. Zhang resided with him in Seoul. Between September 2017 and December 2019, Thompson Jr. and Zhang sold counterfeit goods on a variety of e-commerce platforms. Thompson Jr. and Zhang conspired with one another to sell counterfeit Vera Bradley handbags from e-commerce accounts to persons throughout the United States. Thompson Jr. used his State Department computer to create numerous accounts on a variety of e-commerce platforms. Once Thompson Jr. created these accounts, Zhang took primary responsibility for operating the accounts, communicating with customers, and procuring counterfeit merchandise to be stored in Oregon. Thompson Jr. and Zhang also directed a co-conspirator in Oregon to ship items to purchasers across the United States.

ASIO cracks major espionage network, refuses to name nation responsible

The head of ASIO has revealed the agency removed a “nest of spies” working in Australia for a foreign intelligence service in 2020. The operatives developed relationships with current and former politicians and sought information on security protocols at a major airport. Delivering his annual threat assessment Director-General Mike Burgess described Australia’s security outlook was complex, challenging and changing, revealing the new face of terrorism has become more difficult to identify and monitor. “In the last 12 months a significant number of foreign spies and their proxies have either been removed from Australia or rendered inoperative,” he said.

Former Bank Teller Sentenced to Fifteen Months in Jail for Stealing from Wells Fargo Bank Customers

WASHINGTON – Tiara Langston, 29, of District Heights, Maryland, was sentenced Thursday in the United States District Court for the District of Columbia to 15 months of incarceration for her role in a scheme that bilked Wells Fargo customers of $124,000 from their accounts.  United States District Court Judge Royce C. Lamberth imposed the sentence, also ordering Langston to pay restitution to Wells Fargo which incurred losses on behalf of its customers.Langston pleaded guilty on November 30, 2020.  In entering her plea, Langston admitted to participating in a scheme to steal from Wells Fargo’s customers while she was employed at the bank as a teller during 2017.  According to the government’s evidence, Langston used Wells Fargo’s systems to check the account balances of customers without customers’ knowledge.  Langston would then share with a confederate the customer’s name and account balance.  The confederate then entered the bank and withdrew funds from the customer’s account by presenting a forged signature for the customer.  The conspirators used this scheme to steal $124,000 in cash and an $80,000 cashier’s check from two of the bank’s customers.  Wells Fargo was able to detect the theft and stop payment of the $80,000 cashier’s check, thus incurring total losses on behalf of its customers in the amount of the $124,000 in cash that Langston and others stole.

Former UCLA Soccer Coach Sentenced in College Admissions Case

BOSTON – The former men’s soccer coach at the University of California – Los Angeles (UCLA), was sentenced today in connection with his involvement in a scheme to use bribery and fraud to facilitate the admission of applicants to UCLA. Jorge Salcedo, 48, of Dana Point, Calif., was sentenced by U.S. District Court Judge Indira Talwani to eight months in prison, one year of supervised release and forfeiture in the amount of $200,000. In January 2021, Salcedo agreed to plead guilty to one count of conspiracy to commit federal programs bribery. In 2016, Salcedo agreed with William “Rick” Singer, Ali Khosroshahin – a former head coach of women’s soccer at the University of Southern California – and others to facilitate the admission of a student to UCLA as a purported women’s soccer recruit. Salcedo emailed the UCLA women’s soccer coaches the student’s transcript, test scores, and a fake soccer profile that he had received from Singer and Khosroshahin. When UCLA compliance officers questioned how the applicant had been discovered and whether she actually played soccer, Salcedo created a fake backstory, resulting in her subsequent admission as a recruited walk-on for the women’s soccer team. Salcedo was paid a bribe of $100,000 for his actions.

This entry was posted on Tuesday, March 23rd, 2021 at 3:30 pm. Both comments and pings are currently closed.