Insider Signal Plus - 2021.11
In our November '21 issue, insiders help a scammer hijack seller accounts, metallurgist falsifies tests, semiconductor information espionage, insider threat training used against government, and more!
Amazon Insiders Helped Scammer Hijack Accounts
Seven Amazon employees helped an outside scammer hijack Amazon seller accounts and copy their products, for which they received cash payments, according to a story in Wired magazine. Much of the story comes from an Amazon internal memo obtained by the publication. According to the account, the seven unnamed employees were recruited via LinkedIn and Facebook by someone using the alias Krasr. Krasr's identity has been reported by CNBC to be Mohamed Multhazim Akbar Ali, of Toronto, Ontario. Over several years of assisting Krasr, the Amazon insiders collectively earned about $160,000.
Analysis Highlights
The report discusses cases already several years old. The employees in this case were fired sometime around 2018.
Among other schemes, the Amazon employees worked with Krasr to rip off and displace a popular skin-care product called Pure Daily Care.
Krasr unleashed an avalanche of negative reviews targeting Pure Daily Care, leading to a $400,000 loss for the company and 50 percent staff cut.
According to Wired's description of the internal memos, the seven insiders divulged customer data and product information to Krasr.
At Krasr's behest, the insiders also blocked and reinstated sellers' access to their online stores, enabling Krasr to sell copies of popular products while preventing the sellers of the original product from making theirs available for purchase, resulting in hundreds of thousands of dollars in stolen sales.
Deeper Analysis
Krasr worked with the employees to set up ransom payments, whereby victimized sellers could pay Krasr to get back to selling online.
Amazon purportedly reported Krasr to the FBI and hired a private investigator to find him.
Presented with the Wired story before publication, an Amazon spokesperson said the company has invested billions of dollars to keep data secure, adding "the claims made in the Wired story are based on information that is outdated and out-of-context and have absolutely no bearing on Amazon's current security posture."
The Amazon memo also revealed that, in a separate case, two Amazon employees in China had previously accepted bribes and sold personal data.
With such a large and rapidly growing company, it is alarming but not surprising that a few staff would scheme to take illegal profit.
According to the Real News podcast, a former IT security VP at Amazon asserted the company lacked an insider threat program at the time of his employment (until 2017).
While monitoring social media is a legal minefield, it is significant the insiders were recruited via social media.
This case reinforces the importance of training staff on the uses and abuses of social media and the prevalence of scammers who recruit via social media platforms.
Sources & Additional Information
https://www.wired.com/story/amazon-failed-to-protect-your-data-investigation/
https://www.businessinsider.com/krasr-scam-recruited-amazon-moles-to-hijack-sellers-report-2021-11
https://wwd.com/business-news/technology/amazons-data-security-privacy-1235000292/
Metallurgist Gave U.S. Military Substandard Steel for Submarines
Elaine Thomas, 67, the former Director of Metallurgy at Bradken Inc., has pled guilty of falsifying test results that measure the strength and toughness of steel used in U.S. Navy submarines. Bradken supplies the Navy with cast high-yield steel for submarines, and its Tacoma, Washington, foundry produces castings that contractors use to build submarine hulls. This steel must meet standards for strength and toughness. Over 30 years, the foundry produced many castings that failed lab tests. Thomas falsified test results for more than 240 productions of steel that had been delivered to the Navy with indication the productions had passed testing.
Analysis Highlights
Bradken management was unaware of the fraud until May 2017
At that time, a lab employee discovered test cards were altered and other discrepancies existed in records.
In June 2020, Bradken entered into a deferred prosecution agreement accepting responsibility for the offense and agreeing to take remedial measures.
Bradken also settled in a civil judgement, paying $10,896,924 to resolve allegations the foundry produced and sold substandard steel components for U.S. Navy submarines.
The Navy says it has taken "extensive steps" to ensure the safety of the affected submarines, at significant cost.