Insider Risk Incident Report 2/16/23
Theft and Fraud
A China-based former employee of ASML Holding NV stole data from a software system that the corporation uses to store technical information about its machinery. The breach occurred in a repository that includes details of the lithography systems critical to producing some of the world’s most advanced chips, said people with knowledge of the situation. The data came from a product development program known as Teamcenter, which allows for “common access to a single repository of all product-related knowledge, data and processes.” The company declined to comment beyond the statement it issued earlier on Wednesday, in which the company said it didn’t believe the theft was material to its business. The company initiated an internal review and implemented remedial measures after the incident. The revelation comes just as the Netherlands is poised to join the US and Japan in restricting China's ability to acquire advanced machines for producing semiconductors from the likes of ASML. The Biden administration has said it's essential for the West to block Beijing from acquiring leading technologies that could empower its military and threaten global security.
Source: https://news.yahoo.com/asml-stolen-data-came-technical-221849407.html
An Afiniti founder is accused of stealing company technology and setting up a rival in China. He has since set up two firms in different countries, but has yet to be charged with any crimes. After leaving the company, he allegedly set up a Chinese entity that imitated the company's branding, and refused to return his computer. He has since disputed theft claims and has launched defamation proceedings against Tatiana Spottiswoode.
Credit Suisse Group AG warned part of its workforce that a former employee copied and took some of their personal data years ago, including descriptions of their compensation. The staffer, who had legitimate access to data at the time, transferred the information onto a personal device in breach of Credit Suisse policies and later left the company, the Swiss bank told employees in emails and letters, a copy of which was obtained by Bloomberg. The breach was initially detected in March 2021, and after an internal investigation and attempts to recover the information, the bank notified employees this week, according to a person with direct knowledge of the matter. Part of the delay stemmed from the bank’s effort to identify who took the information, a process that involved going to court, the person said. The revelation of the data theft comes as Credit Suisse tries to restore employee morale and client confidence following a series of losses and oversight lapses. In another case involving a rogue banker, the firm
Source: https://finance.yahoo.com/news/credit-suisse-says-rogue-staffer-092011981.html
Nevada Gaming Control Board detectives disrupted an embezzlement scheme where an employee at sports betting company William Hill allegedly altered kiosks at locations across Las Vegas to steal money, documents said. Shravan Singh and Paige Steiner each face charges in connection with the alleged scheme, documents said. Other employees are also charged in the case. The 8 News Now Investigators obtained Thursday said that the embezzlement scheme was part of a larger conspiracy to steal money from the company. The suspects, Shravan Singh and Paige Steiner, are accused of altering kiosks at William Hill locations in order to steal money, documents said.
Source: https://biztoc.com/x/76dfd5d212e62ec4
Christopher S. Kirchner, 35, of Texas, has been charged with fraud, offering securities to multiple investors, and securities fraud. Kirchner is accused of misappropriating funds to the tune of $28 million “for personal benefit,” transferring tens of millions of dollars from Slync corporate bank accounts to his personal bank accounts, and paying for his personal expenses directly out of one of Slync’s bank accounts. The SEC has charged Kirchner with fraudulently offering and selling more than $67 million of securities to multiple investors.
Source: https://finance.yahoo.com/news/tech-founder-didn-t-pay-110300047.html
A federal grand jury indictment has been filed against the former vice president and chief operating officer of Rush Oak Park Hospital, accusing him of defrauding the healthcare facility out of $622,000. Robert Spadoni, 58, of Darien, is charged with three counts of mail fraud and three counts of money laundering. The indictment alleges that Spadoni caused the hospital to enter into an agreement with a company he created to provide administrative support and compliance services to the hospital’s podiatry residency program. The hospital agreed to pay $6,500 per month for the purported services Spadoni knew would not be provided, but concealed, and attempted to conceal, his and a family member’s financial interest in the company, providing a direct report with a $1,500 monthly cash payment in order to perform the administrative support and compliance services that were covered by the [company’s] agreement.
Source: https://wgntv.com/news/wgn-investigates/former-rush-hospital-chief-indicted/
A citizen of the United Kingdom was sentenced Monday to four years behind bars for defrauding Virginia Commonwealth University out of $470,000 in an international cyber scheme. The defendant tricked VCU by posing as an employee of a Richmond construction company that was doing business with university. After Egbinola apologized to VCU for his crimes during a sentencing hearing in U.S. District Court in Richmond, Novak sentenced him to 48 months in federal prison, which was a significant upward departure from discretionary federal sentencing guidelines. Novak described the guidelines range of 27 to 33 months as “joke” for an international cyber criminal who committed offenses over a span of five months. The judge rejected a defense motion for a reduction in sentencing that was supported by the government, who argued Egbinola was incarcerated in London for 85 days in addition to having his personal liberty “significantly constrained” for two years while on supervised release pending his extradition
A former suburban Chicago highway commissioner was sentenced to three and a half years in prison Tuesday for taking more than $280,000 in kickbacks from an excavation company. Robert Czernek, 71, the former elected head of the Bloomingdale Township highway commission, pleaded guilty last March to one count of honest-services wire fraud. He was charged in an August 2020 indictment along with Debra Fazio, the owner of Bloomingdale-based Bulldog Earth Movers Inc., and her employee, Mario Giannini. Czernek and Giannini will have to pay more than $500,000 restitution to the township.
The employment and labour relations court has ruled that a senior field employee at Delmonte Kenya was sacked for receiving a bribe to influence a tender to supply porridge to workers. The employee was also alleged to have engaged in a plot among workers to boycott the supplier so that the contract could be terminated and pave the way for a fresh tendering. Justice Onesmus Makau ruled that the dismissal was valid and fair procedure was followed. The company stated that after the arrest of the employee, he signed an agreement undertaking to repay the money to the complainant. Thereafter, he wrote a statement at the company’s office confirming that the purpose of receiving the money from Mr Mwaniki was to secure the tender. The court heard that in the statement the claimant acknowledged that they had paid Sh10,000 to a deputy chief to arrange for the staff to boycott the porridge from the contracted supplier to sabotage the existing tender, which had an automatic renewal clause.
A prominent Russian businessman has been convicted of conspiring to commit wire and securities fraud, and of a hacking-related charge, after a 10-day trial. He faces up to 30 years in prison and hundreds of thousands of dollars in fines. The insider threat in this story is Vladislav Klyushin, who is accused of conspiring to sell confidential information to a foreign government and viewing financial data before it became public. Klyushin's relationship with one alleged Russian intelligence officer, former US officials previously told CNN, would have been of keen interest for US officials trying to glean more intelligence on Russia's spying efforts. Klyushin is scheduled to be sentenced on May 4.
Source: https://www.cnn.com/2023/02/14/politics/russia-us-jury-klyushin-convicted-insider-trading/index.html
Oregon’s liquor and cannabis regulating agency allegedly “abused their position for personal gain” and violated state ethics laws to obtain rare bottles of top-shelf bourbon worth thousands of dollars. The state’s governor asked the OLCC to remove the executive director, Steve Marks, and five other officials after an internal investigation concluded they used their knowledge and connections to obtain the pricey whiskey. The agency paid for the alcohol, including Pappy Van Winkle’s 23-year-old bourbon, but their actions violated state laws, according to the details of the investigation obtained by the Associated Press. The agency spokesperson said the incident “underlines the importance of having public accountability”.
Source: https://www.theguardian.com/us-news/2023/feb/09/oregon-liquor-officials-bourbon-scandal
The Indonesian fisheries minister, Edhy Prabowo, accepted a $77,000 bribe from a seafood supplier to grant it a permit to sell the hatchlings abroad.
Source: https://www.nationalobserver.com/2023/02/10/news/corruption-threatens-world-shrinking-fisheries
Violence
On February 9, 23-year-old Zachary T. Rich was shot and killed by an ex-employee at his job as Director of Hunterdon County Board of Commissioners in Milford, New Jersey. The shooting is being investigated as an insider threat, with no political connection to the councilman's elected office or political affiliations. The country where the event occurred is New Jersey, and the name of the insider threat is Russell D. Heller. The impact of the insider threat is the death of a councilman in Milford, New Jersey, and the investigation is still ongoing.
Source: https://freerepublic.com/focus/f-news/4129727/posts
An incident occurred at a Georgia detention center where an insider threat was employed. He was arrested and charged with several counts of violation of oath by a public officer, aggravated assault, battery, reckless conduct, cruelty to an inmate, and conspiracy to commit a felony. The sheriff's office announced that he was arrested on Thursday and that he will be charged with four-day school week.
Source: https://www.foxnews.com/us/georgia-detention-officer-arrested-after-allegedly-beating-inmate
Espionage
DX Group has confirmed that a legal claim has been lodged against it by a rival logistics company, accusing it of alleged corporate espionage. The company has said that it will defend its position robustly and will respond to the claim in due course. The Sunday Times has reported that some former DX Group staff, who were former employees of Tuffnells, had conspired to obtain daily customer service reports.
An FBI spy chief's secret meeting with a Russian contact was detected by UK officials. The meeting was discovered by UK officials who alerted the FBI's legal attaché, who then opened an investigation into McGonigal. Charles McGonigal, the ex-FBI official, is charged with taking money from Russian tycoon Oleg Deripaska. The meeting should have been noticed by McGonigal, one source said. McGonigal, the former head of the FBI's counterintelligence division in New York, stands accused of taking money from Oleg Deripaska, a Russian oligarch, in violation of US sanctions, in exchange for investigating one of Deripaska's Russian rivals. McGonigal "traveled to meet Deripaska and others at Deripaska's residence in London, and in Vienna," according to one of the federal indictments lodged last month. The indictments do not say precisely when those alleged meetings took place, or how prosecutors intend to continue.
A British spy was caught betraying his country by an undercover MI5 role-player pretending to be a Russian intelligence agent called Irina, the Old Bailey heard. David Ballantyne Smith, 58, originally from Paisley, Scotland, gathered a mass of secrets while working as a security guard in the British Embassy in Berlin. The Scot was unmasked in a joint investigation by German police and British security services and arrested at his home in Potsdam in August 2021. 'Irina' approached Smith at a bus stop and tried to see if he would provide sensitive information to her. After he spoke to her about the embassy, Smith was arrested a day later at his home on August 10, 2021. David Ballantyne Smith, 58, pleaded guilty to eight charges of spying for Russia.
Unauthorized Access
J Brett Blanton, Architect of the Capitol, was fired after being accused of abusing his authority and misusing government property.
DOC Captain Deshan Rainey emailed an ICE official to share the release time and next court date of a person in custody who was ineligible to be directly transferred to ICE. Rainey also signed off twice, "#teamsendthemback." Rainey's actions rankled some councilmembers, who felt that she was overstepping her authority.
A team leader at tech firm was charged Monday for allegedly filming 20 people while naked and in intimate situations, using secret cameras he set up at bathrooms in the workplace and a residence where he stayed. 10 women were among those filmed, and some minors were caught nude on camera at the residence while getting dressed. The indictment said Ashdod resident Shay Yakobi, 31, saved the videos he collected on his personal computer, organizing them according to the names of women and separating out those that featured only men, the indictment said. When an employee disconnected a camera in the workplace bathroom, Yakobi replaced it with one he set up in the residence, it alleged. In addition, when a past acquaintance of Yakobi asked him for help with her phone, he entered her photo album and sent pictures of her in a bikini at the beach to himself via the WhatsApp messaging app, according to the charge sheet. Yakobi will admit to the charges filed, including offenses relating to indecent acts, violation of
Unintentional
Reddit was attacked with plausible-sounding prompts to employees that redirected them to a website impersonating Reddit’s intranet portal in an attempt to steal credentials.
Source: https://techcrunch.com/2023/02/14/security-breach-blame-employees/
An insider threat closed down the Munster Technological University (MTU) Kerry campus for several days last week. The breach was later confirmed to be a ransomware attack and in an update on Sunday the MTU said its technical advisors confirmed that stolen data has appeared on the dark web. The data includes payroll data; bank account details; contracts of employment; limited medical information and details of employee leave. Some data on student grant payments has also been published.