This is the web version of this week’s edition of The Wiretap newsletter, which every Tuesday brings exclusives and other news about surveillance, privacy and cybercrime, straight to your inbox. Click here to get on the newsletter list!
Every other month, Amazon runs an induction event for new executives called Escape Velocity. There are speakers — sometimes including the top brass like founder Jeff Bezos and CEO Andy Jassy — as well as training, happy hours and food. It’s a costly event to run, as evidenced in expenses for catering and drinks filed by one event organizer between March 2021 and May 2022, totalling over $350,000.
There was something odd about the organizer’s expenses, however: they were filed during a period in which Escape Velocity events had gone virtual due to Covid-19 and there was neither food nor drink required. According to the Department of Justice, she was really furnishing a lavish lifestyle with “fictitious” expenses, filed with Seattle catering company Gourmondo (totaling $243,000), UberEats vouchers ($51,000) and fake happy hours at local restaurant 2120 ($55,000). (She has not yet been charged, so Forbes is not publishing her real name.)
After the FBI was told by the three companies that they had no record of the Amazon employee’s spending, investigators looked into her various outgoings financed, in part, by the expenses, which reached $410,000, according to search warrants reviewed by Forbes. They included a $55,000 Land Rover and three Chanel bags worth a combined $18,500. Those items have now been seized by the FBI.
When Amazon’s business conduct and ethics team caught onto the scheme in June 2022, the employee initially claimed the expenses were legitimate, but admitted to the fraudulent expenses after being presented with the evidence, according to a seizure warrant for her luxury items. She was fired after five years of working with the tech giant.
Neither Amazon nor the DOJ had responded to requests for comment at the time of publication.
That Amazon could miss such glaring fraud by one of its own staff for over a year might appear embarrassing, but insider theft can be hard to spot, even when it seems easily detectable.
“Sometimes the most simple of thefts are the hardest to detect. To top this off, there is often a feeling that once employees are within a business, they are viewed as respectful, safe and secure who are sometimes given the keys to the castle — in this case those keys were purchasing rights,” said Jake Moore, global cybersecurity advisor at Slovakian security company ESET.
“In this case, if the defendant had continued with low amounts within the range of normality, it would have likely gone undetected and remained relatively difficult to spot. However, greed is usually the reason so many criminals, and in this case — insider threat actors, are caught as such anomalies expand further away from what is allowed.”
THE BIG STORY
Israeli ‘Cyber War Room’ Uses Amazon Facial Recognition To Find Missing And Dead After Hamas Attack
Amazon facial recognition algorithms helped identify at least 60 missing people in images and videos scraped from social media sites like Telegram and TikTok, Forbes learned.
STORIES YOU HAVE TO READ TODAY
The Department of Justice seized funds it claims were generated by North Korean IT workers who’d infiltrated American and other international businesses, sending millions in earnings back to their homeland to help fund weapons of mass destruction programs. They also stole sensitive data from their employers, the DOJ said.
Orbital Insight, a U.S. satellite intelligence provider backed by Google’s GV venture arm, is a lead supplier for an Indonesian surveillance operation spying on the locations of West Papuans, according to former Google employee turned investigative reporter Jack Poulson. West Papua was occupied by Indonesia in 1961 and the country has sought to suppress attempts by those seeking to regain independence. Recent reports have claimed Indonesia has tortured West Papuan high school students, amongst other alleged human rights abuses.
WINNER OF THE WEEK
Europol announced the capture of the “main perpetrator” of the Ragnar Locker ransomware group in Paris this month. It’s also taken down web servers used by the cybercriminal group, which was responsible for hacks affecting, among others, the Portuguese branch of energy giant EDP and a hospital in Israel.
LOSER OF THE WEEK
Okta, the single sign-on giant, had its customer support system hacked, putting users’ accounts at risk, independent journalist Brian Krebs reported. Two Okta customers — tech companies Cloudflare and BeyondTrust — said they’d detected hackers trying to acquire access to their systems using Okta authentication tokens, which can be used to impersonate legitimate users. It comes just 18 months after Okta was hacked by ransomware crew LAPSUS$, leading to concerns about how well the company is protecting the keys to its customers’ kingdoms.
Read the full article here