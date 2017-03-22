A Lithuanian Phisher Tricked Two Big US Tech Companies Into Wiring Him $100 Million (theverge.com) 108
According to a recent indictment from the U.S. Department of Justice, a 48-year-old Lithuanian scammer named Evaldas Rimasauskas managed to trick two American technology companies into wiring him $100 million. He was able to perform this feat "by masquerading as a prominent Asian hardware manufacturer," reports The Verge, citing court documents, "and tricking employees into depositing tens of millions of dollars into bank accounts in Latvia, Cyprus, and numerous other countries." From the report: What makes this remarkable is not Rimasauskas' particular phishing scam, which sounds rather standard in the grand scheme of wire fraud and cybersecurity exploits. Rather, it's the amount of money he managed to score and the industry from which he stole it. The indictment specifically describes the companies in vague terms. The first company is "multinational technology company, specializing in internet-related services and products, with headquarters in the United States," the documents read. The second company is a "multinational corporation providing online social media and networking services." Both apparently worked with the same "Asia-based manufacturer of computer hardware," a supplier that the documents indicate was founded some time in the late '80s. What's more important is that representatives at both companies with the power to wire vast sums of money were still tricked by fraudulent email accounts. Rimasauskas even went so far as to create fake contracts on forged company letterhead, fake bank invoices, and various other official-looking documents to convince employees of the two companies to send him money. Rimasauskas has been charged with one count of wire fraud, three counts of money laundering, and aggravated identity theft. In other words, he faces serious prison time of convicted -- each charge of wire fraud and laundering carries a max sentence of 20 years. The court documents don't reveal the names of the two companies. Though, one could surely think of a few candidates that would fit the descriptions provided in the court documents.
I agree with you on Microsoft : "multinational technology company, specializing in internet-related services and products, with headquarters in the United States,"
But IBM? : "multinational corporation providing online social media and networking services." I would've said Facebook.
So, who fits the bill for "Asia-based manufacturer of computer hardware,"
... founded some time in the late '80s.
"multinational technology company, specializing in internet-related services and products, with headquarters in the United States," that's IBM you fuckwit, Microsoft has social media now that it bought LinkedIn.
Sounds like Oracle.
Facebook, Google and Huawei. (Score:3)
Facebook, Google and Huawei.
Thanks. Getting on my nerve when only one party is named while the others are not.
I would like to know the names of the scammed suckers in the mentioned companies. The names of those who gave approval for transfering that much?
Re:Slashdot Hacked! - CONFIRMED (Score:5, Funny)
You mean there's more than one? I thought it was just one guy with no life and a lot of conflicting opinions.
Google & Facebook (Score:4, Informative)
Okay, so who's the "Asia-based manufacturer of computer hardware,"
... founded some time in the late '80s.
Thanks Google. Huawei was founded in 1987.
Re: Google & Facebook (Score:2)
Re: Google & Facebook (Score:5, Funny)
Umm, what? (Score:5, Funny)
The indictment specifically describes the companies in vague terms.
Specific and vague simultaneously?
Meaning the specific use of vague terms.
How do you know they didn't use vague terms quite specifically?
if they're public companies, it should be illegal for them to not disclose such a loss.
To their shareholders probably, to randos on the internet, not so much.
Not quite. She had $123 million when they met (Score:3)
His wife was an heir, along with her sister, to a hotel company which owned a chain and non-chain properties including the Beverly Hills Hotel. She got $123 million from that. When they divorced, she gave him $23 million. So there wasn't anything him giving her hundreds of millions and her giving it back.
He did pay hundreds of millions in fines and restitution. He may have managed to keep a few million in ill-gotten gains.
Interesting how few controls there are (Score:5, Interesting)
I've worked for big companies most of my career, and regular employees making purchases, signing contracts, etc. takes an act of God. I can't spend $100 on supplies without getting competitive bids. But there are apparently some very stupid people who have full unrestricted access to the bank accounts.
How do people fall for phishing scams anymore? Everyone has to know this by now -- never trust email requesting you to do anything involving linking to a website, sending money, etc. This could have all been resolved by someone calling and asking if they should really pay this $8 million "invoice" with an irreversible wire transfer.
It reminds me of how people were talking about the Podesta email incident as some massively complex hacking job. It wasn't -- they found out he still used Yahoo Mail and phished him. I can't believe that (a) one of the most powerful political operatives in the Clinton campaign uses Yahoo Mail, and (b) that he fell for it.
Re:Interesting how few controls there are (Score:5, Insightful)
I've worked for big companies most of my career, and regular employees making purchases, signing contracts, etc. takes an act of God. I can't spend $100 on supplies without getting competitive bids.
See, that's where you're going wrong. I've actually had clients tell me that a proposal has to be _over_ a certain dollar amount - if it's less than (for example) $50k, it's subject to a lot more oversight than, say, $1M. Small, petty cash type purchases are even more difficult, relatively speaking. Good luck trying to get approval for a new mouse for your workstation!
Re:Interesting how few controls there are (Score:4, Funny)
Regular employees don't typically have much involvement with big purchases.
See, that's where you're going wrong. I've actually had clients tell me that a proposal has to be _over_ a certain dollar amount - if it's less than (for example) $50k, it's subject to a lot more oversight than, say, $1M.
It seems to me procurements are very mysterious. I'm constantly having to justify whatever purchase even for $100. What you suggest is proposal over a certain amount, maybe it is when high level people get this "OMG we need this capability now, buy it!" And then zoom, order screams through. Most of the time it feels technical procurements are as touchy-feely-emotional like a choreographer preparing a dance routine that will resonant with the audience.
Podesta didn't fall for it - his "expert" did (Score:3)
It reminds me of how people were talking about the Podesta email incident as some massively complex hacking job. It wasn't -- they found out he still used Yahoo Mail and phished him. I can't believe that (a) one of the most powerful political operatives in the Clinton campaign uses Yahoo Mail, and (b) that he fell for it.
Actually the email seemed suspicious to Podesta so he asked his 20-something security "expert" to look at it. Now keep in mind that probably almost all of us know to have a mouse hover over a link in an email to see where it really goes. For example, if a link supposed to go to mycompany.com actually goes to gizshiz.com or mycompanyname.ru, yeah, you should be smart enough to think those are probably not really mycompany.com. The problem was that his "expert" didn't do this. He simply looked at the emai
It wasn't a phishing scam. That's just clickbait. It was fraud, complete with dummy contracts and other fraudulent documents.
I've done the accounting for a $2 million/yr company and I think I can answer that. When you pay your home bills you probably only have one or two dozen every month.
Re: (Score:2)
Because legitimate companies conduct business in the exact same way - emailing invoices around and unexpected phonecalls chasing them up etc...
Quite often larger companies have a high staff turnover so you're frequently dealing with different people each time so you'll get invoices from names you've never heard of...
If people do their due diligence and try to verify each one then they end up behind on their work and get in trouble, especially if a payment is late and it ends up causing trouble.
This wasn't some incompetent scammer with a poor grasp of English. "Rimasauskas even went so far as to create fake contracts on forged company letterhead, fake bank invoices, and various other official-looking documents to convince employees of the two companies to send him money" shows that he went to some length to look legitimate.
Sentences (Score:2, Insightful)
I really don't get it.
You can kill 10 people and go to Jail, rape and kill in there too, and still get a sentence that's a fraction of the above with ability for parole. But trick an idiot company and take their money and you suddenly face up to 80 years jailtime?!
money = power
Re:Sentences (Score:5, Insightful)
And yet, if instead of scamming some 100 million from a couple of companies the guy had been working for an investment bank or a credit rating agency and created purposefully misleading derivatives to help crash the global economy to the tune of billions in damages, he'd have gotten no jail time at all. Not a single bank executive has seen jailtime for causing the 2008 crisis, even though the extent of damages makes scams like this seem like pickpocketing and it's quite clear that the banks knew exactly what they were doing.when they started creating collateralized debt obligations [wikipedia.org] from the subprime loans to circumvent the credit rating system. Quoting the wiki:
(emphasis mine)
What it basically means is that if you tried creating a CDO using subprime loans from a single region it would have been rated badly (as it should, it's an extremely high risk product as many of the loans had been granted pretty much without any checks on the ability of the lender to pay for them), but if you take equally shitty loans from several different areas the credit rating agencies put a AAA stamp on it, because according to their logic at the time this means the default risk is now diversified, which is complete bullshit.
This should showcase the real issue with these cases: the courts - especially in the US but also elsewhere in the West - are keen to protect the interests of corporations. Embezzlement/fraud of corporate funds will lead to heavy jail time when caught. That's why Maddof is in jail: he scammed rich folks and corporations. However at the same time the courts go so far to protect corporate interests that megacorporations themselves can pretty much act with inpunity - cause a massive oilspill or an economic meltdown and you'll get fined, and you can write that down as yet another operational cost and keep doing business as usual.
I do not have a problem with large scale financial crime being punished heavily, because it has far reaching consequences and fines don't work against people and corporations with massive fortunes. However, the laws should be applied evenly to everyone, including the financial sector itself when it fucks up. Right now the US is basically letting WS do whatever it pleases and if shit hits the fan the costs are externalized to the taxpayer. And the City of London is no better,
Your logic is quite faulty. If the financial institutions knew this was bad paper they wouldn't have kept hundreds of billions of dollars worth of it on their own books. See Wachovia and BofA. If the people running the financial institutions knew this was bad paper they wouldn't have invested their own money in it. See Lehman Brothers CEO Dick Fuld.
Re: (Score:2)
Re: (Score:2)
