Slashdot Mirror

← Back to Stories (view on slashdot.org)

A Lithuanian Phisher Tricked Two Big US Tech Companies Into Wiring Him $100 Million (theverge.com)

Posted by BeauHD on from the sly-as-a-fox dept.

According to a recent indictment from the U.S. Department of Justice, a 48-year-old Lithuanian scammer named Evaldas Rimasauskas managed to trick two American technology companies into wiring him $100 million. He was able to perform this feat "by masquerading as a prominent Asian hardware manufacturer," reports The Verge, citing court documents, "and tricking employees into depositing tens of millions of dollars into bank accounts in Latvia, Cyprus, and numerous other countries." From the report: What makes this remarkable is not Rimasauskas' particular phishing scam, which sounds rather standard in the grand scheme of wire fraud and cybersecurity exploits. Rather, it's the amount of money he managed to score and the industry from which he stole it. The indictment specifically describes the companies in vague terms. The first company is "multinational technology company, specializing in internet-related services and products, with headquarters in the United States," the documents read. The second company is a "multinational corporation providing online social media and networking services." Both apparently worked with the same "Asia-based manufacturer of computer hardware," a supplier that the documents indicate was founded some time in the late '80s. What's more important is that representatives at both companies with the power to wire vast sums of money were still tricked by fraudulent email accounts. Rimasauskas even went so far as to create fake contracts on forged company letterhead, fake bank invoices, and various other official-looking documents to convince employees of the two companies to send him money. Rimasauskas has been charged with one count of wire fraud, three counts of money laundering, and aggravated identity theft. In other words, he faces serious prison time of convicted -- each charge of wire fraud and laundering carries a max sentence of 20 years. The court documents don't reveal the names of the two companies. Though, one could surely think of a few candidates that would fit the descriptions provided in the court documents.

129 comments

  1. IBM and Microsoft by Anonymous Coward · · Score: 0, Informative

    You're welcome

    1. Re:IBM and Microsoft by xQx · · Score: 2

      I agree with you on Microsoft : "multinational technology company, specializing in internet-related services and products, with headquarters in the United States,"
      But IBM? : "multinational corporation providing online social media and networking services." I would've said Facebook.

      So, who fits the bill for "Asia-based manufacturer of computer hardware," ... founded some time in the late '80s.

    2. Re:IBM and Microsoft by Anonymous Coward · · Score: 1

      Thanks. Getting on my nerve when only one party is named while the others are not.

      I would like to know the names of the scammed suckers in the mentioned companies. The names of those who gave approval for transfering that much?

    3. Re:IBM and Microsoft by Anonymous Coward · · Score: 1, Informative

      "multinational technology company, specializing in internet-related services and products, with headquarters in the United States," that's IBM you fuckwit, Microsoft has social media now that it bought LinkedIn.

    4. Re:IBM and Microsoft by ArchieBunker · · Score: 1

      Sounds like Oracle.

      --
      Only the State obtains its revenue by coercion. - Murray Rothbard
    5. Re:IBM and Microsoft by doccus · · Score: 1

      Don't think anyone here would shed a tear if it *were* Oracle ;-). What baffles me, however, is that he was smart enough to pull this off for a hundred mils, but too dumb to use some of that cash to skip town with a new ID. Which he should have planned out in detail, ahead of time!

    6. Re:IBM and Microsoft by Anonymous Coward · · Score: 0

      Fake bank invoices? Since when bank invoices are standardized and reviewed by an external committee? Change your design and logo and all previous transactions on paper are fake bank invoices. I could only get flimsy looking deposit carbon copies for national deposits to verify payments and that was all the bank provided as proof of transaction, no other service. It does sound fishy. As is, this story sounds like an article of Faith: individual scams big company, it can only be that way. Otherwise it sounds like a dream startup on its winged feet going ahead. Are they sure the individual did not promise something in return and it was not delivered, or was it delivered and now it is unrecognized...? AC per force! How do you arrange THEN an online joint venture or strategic alliance for a new USB, say, gadget?

  2. Slashdot Hacked! - CONFIRMED by PopeRatzo · · Score: 0, Offtopic

    If you don't send me $75,000 in bitcoins by noon Friday (CST), I will release the personal information of all Anonymous Cowards on Slashdot.

    --
    You are welcome on my lawn.
  3. Re:Slashdot Hacked! - CONFIRMED by lucm · · Score: 5, Funny

    You mean there's more than one? I thought it was just one guy with no life and a lot of conflicting opinions.

    --
    lucm, indeed.
  4. Re:Slashdot Hacked! - CONFIRMED by Anonymous Coward · · Score: 0

    ooo ooo, do me first.

  5. Re:Slashdot Hacked! - CONFIRMED by Anonymous Coward · · Score: 0

    yeah but no one gives a shit about "i wish i didn't fail out of my B. Sc. in CS" and "I like to think I understand tech because I use Excel"

  6. elgooG koobecaF by Anonymous Coward · · Score: 0

    >The first company is "multinational technology company, specializing in internet-related services and products, with headquarters in the United States," the documents read. The second company is a "multinational corporation providing online social media and networking services."

    Read, Google and Facebook.

    1. Re:elgooG koobecaF by russotto · · Score: 1

      Read, Google and Facebook.

      One can hope. Watch for executives leaving, especially executives who would have that kind of signing authority.

  7. Umm, what? by Anonymous Coward · · Score: 5, Funny

    The indictment specifically describes the companies in vague terms.

    Specific and vague simultaneously?

    1. Re:Umm, what? by glenebob · · Score: 1

      Meaning the specific use of vague terms.

    2. Re:Umm, what? by Anonymous Coward · · Score: 0

      The terms are vague while the describing is specific.

    3. Re:Umm, what? by Anonymous Coward · · Score: 0

      if they're public companies, it should be illegal for them to not disclose such a loss.

    4. Re:Umm, what? by MadKeithV · · Score: 1

      They are rigidly defined areas of doubt and uncertainty. Duh.

    5. Re:Umm, what? by smallfries · · Score: 1

      How do you know they didn't use vague terms quite specifically?

      --
      Slashdot: where don knuth is an idiot because he cant grasp the awesome power of php
    6. Re:Umm, what? by f3rret · · Score: 1

      if they're public companies, it should be illegal for them to not disclose such a loss.

      To their shareholders probably, to randos on the internet, not so much.

      --
      Admit nothing. Deny Everything. Make Counter-accusations.
    7. Re:Umm, what? by Anonymous Coward · · Score: 0

      10-Qs and 10-Ks are required to be public documents, specifically so that randos (internet and otherwise) can perform due diligence.

    8. Re:Umm, what? by Anonymous Coward · · Score: 0

      It is specifically the indictment which describes the company in vague terms!

  8. But does he get to keep the money? by argee · · Score: 1, Interesting

    Ivan Boesky did. 300 million as I recall. It was transferred to his wife, divorced, she kept it.
    He serves a year in jail, gets out, wife gifts him most of it back.

    1. Re:But does he get to keep the money? by Anonymous Coward · · Score: 0

      I will give him credit for one thing, he chose his wife well

  9. Re:Slashdot Hacked! - CONFIRMED by argee · · Score: 1

    That username is associated with child pornography. Proof: See the 4,269 FBI indictments against
    him. Its the ADDRESS that is elusive. Everywhere the FBI goes "He just moved out, or he hacked
    into my WiFi !"

  10. Re: Slashdot Hacked! - CONFIRMED by Anonymous Coward · · Score: 0

    How many 400lb nerds living with their parents are there?

  11. Re:Slashdot Hacked! - CONFIRMED by Anonymous Coward · · Score: 0

    I'll send you a dollar if you post a picture of yourself with your thumb up your ass.

  12. Re: Slashdot Hacked! - CONFIRMED by Anonymous Coward · · Score: 0

    I'm one. Who is willing to admit to being another?

  13. Not quite. She had $123 million when they met by raymorris · · Score: 2

    His wife was an heir, along with her sister, to a hotel company which owned a chain and non-chain properties including the Beverly Hills Hotel. She got $123 million from that. When they divorced, she gave him $23 million. So there wasn't anything him giving her hundreds of millions and her giving it back.

    He did pay hundreds of millions in fines and restitution. He may have managed to keep a few million in ill-gotten gains.

  14. Re:Slashdot Hacked! - CONFIRMED by Anonymous Coward · · Score: 1

    You mean there's more than one?

    There WAS just one, but my password was stolen as part of that whole yahoo breach, and ever since I have the feeling other people have been using this account. Not sure what I can do about it - don't see any way to change my password on here.

  15. Re: Slashdot Hacked! - CONFIRMED by Anonymous Coward · · Score: 0

    Me too but only 325 lbs... in the basement. (But I do code day and night)

  16. Interesting how few controls there are by ErichTheRed · · Score: 5, Interesting

    I've worked for big companies most of my career, and regular employees making purchases, signing contracts, etc. takes an act of God. I can't spend $100 on supplies without getting competitive bids. But there are apparently some very stupid people who have full unrestricted access to the bank accounts.

    How do people fall for phishing scams anymore? Everyone has to know this by now -- never trust email requesting you to do anything involving linking to a website, sending money, etc. This could have all been resolved by someone calling and asking if they should really pay this $8 million "invoice" with an irreversible wire transfer.

    It reminds me of how people were talking about the Podesta email incident as some massively complex hacking job. It wasn't -- they found out he still used Yahoo Mail and phished him. I can't believe that (a) one of the most powerful political operatives in the Clinton campaign uses Yahoo Mail, and (b) that he fell for it.

    1. Re:Interesting how few controls there are by PhunkySchtuff · · Score: 5, Insightful

      I've worked for big companies most of my career, and regular employees making purchases, signing contracts, etc. takes an act of God. I can't spend $100 on supplies without getting competitive bids.

      See, that's where you're going wrong. I've actually had clients tell me that a proposal has to be _over_ a certain dollar amount - if it's less than (for example) $50k, it's subject to a lot more oversight than, say, $1M. Small, petty cash type purchases are even more difficult, relatively speaking. Good luck trying to get approval for a new mouse for your workstation!

      --
      Specialist Mac support for creative pros, Melbourne
    2. Re:Interesting how few controls there are by freeze128 · · Score: 2

      No problem. Just order 100,000 mice. That should equal at least a million dollars, and you'll never want for a mouse again!

    3. Re:Interesting how few controls there are by Calydor · · Score: 4, Funny

      - Especially once they start breeding.

      --
      -=This sig has nothing to do with my comment. Move along now=-
    4. Re:Interesting how few controls there are by n329619 · · Score: 1

      Just order 100,000 mice.

      100,000 furry little animals will help give control? I can't play the flute and I surely can't control one without losing my boot.

    5. Re:Interesting how few controls there are by rickyslashdot · · Score: 1

      It all boils down to the individual(s) actually cutting the checks - - - and they are often in their position simply because they are the lower-class personnel dealing with the day-to-day issues of responding to and acting upon the billing / payment section of the company. No corporate business is going to put a a 'premium salary' individual behind a desk to deal with the day-to-day issues of paying 'legitimately' billed services or 'legitimate' looking bills for services or materials. Provide a legitimate looking invoice, and the rest is a cake-walk.

      Granted, these individuals have over-sight managers, but the managers' coverage is pretty much an 'after-the-fact' issue, and the disbursement of the funds has already occurred, with no way to stop the transaction, even with too-late-to-matter action(s) by the division manager. The ONLY time a 'manager' gets involved is when a billing request is blatantly bogus, or when it goes above a certain established minimum-level valuation - - - which in large companies can approach-or-exceed the hundred-thou$and dollar level.

      Bottom Line - the work-a-day clerk that cuts the check is relatively easy to spoof - with the proper looking documents, and any oversight / validation action is going to be too late to stop the actual fund$ transfer. Their only recourse, then, is to TRY and present evidence that the billing was a scam, and then attempt to recover the already-disbursed funds - generally a near futile action even when the company can provide legal evidence to the authorities - - - and even then, to wait for a long time (years, and years) for the legal system to respond - - - many times too late to actually get their hands on the funds that have been disbursed - - - and then 'disappeared' by the scammers.

      --
      redneck geek
    6. Re:Interesting how few controls there are by Anonymous Coward · · Score: 0

      How do people fall for phishing scams anymore?

      Senior executives can make the big deals, and control big money. They know very well how their own company works, but they're a bit older than you and me. So they are not so confident around 'this newfangled internet stuff'. Phishing them is easier than phishing youngsters who have gotten their own Nigeria letters when they were 12 or so.

      Also, they're protected. If you buy office supplies for $100 from the wrong shop, they may say 'your loss'. If you buy 150 workstations for the company and it turns out to be a scam with all the money lost - chances are they sue you and take your house or something. At the very least, you're fired & blacklisted. If you transfer $100M, you get a dent in your career. but maybe you aren't even fired. You won't have to pay back, because you could not possibly do that anyway.

      Now, phishing for this kind of money takes a bit more than a fraudulent email address, even a good one. He also forged various bank documents. Of course, when dealing with $100M, an executive would do well to have some underling just call the banks in question to verify that the documents are authentic. Another nice trick is to call the Asian company in question and ask for the (spoofed) person to confirm the deal.

    7. Re:Interesting how few controls there are by Anonymous Coward · · Score: 1

      Rules are for little people only. Business, politics, society, you name it. If you're high enough up the food chain they're more like optional guidelines, because why give a fuck when there are no consequences?

    8. Re:Interesting how few controls there are by Hognoxious · · Score: 1

      You don't have a clue what you're talking about. No purchase order, no payment. That's all it takes.

      --
      Confucius say, "Find worm in apple - bad. Find half a worm - worse."
    9. Re:Interesting how few controls there are by Anonymous Coward · · Score: 0

      Sorry, you're the one without a clue. You don't pay on purchase orders, you pay on invoices. Accounting 101.

    10. Re:Interesting how few controls there are by Anonymous Coward · · Score: 0

      Pinky, are you pondering what **I'M** pondering ???

    11. Re:Interesting how few controls there are by rickyslashdot · · Score: 1

      hmmmmm . Interesting. I specifically indicated that a 'bogus' PO would got through like nothing was wrong ! ! !
      WITH a bogus PO, BOS, BOL, then the payment would by pretty much rubber stamped - paid and 'gone with the wind'.
      Perhaps a few less Bud lites, or a more in-depth reading - slowly and out loud, might make my point more obvious.
      Mr (or Ms) Hognoxious as a sig pretty much begs for a 'troll' stamp - but I'll ignore the obvious and assume the best - - -
      PLEASE be a bit more polite and reasonable - and at least take the effort to elucidate the factors of your rebuttal.

      Have a good day, as I intend to have one myself and ignore the tone of your post.

      --
      redneck geek
    12. Re:Interesting how few controls there are by Anonymous Coward · · Score: 0

      So you pay invoices unquestioningly, even when there is no PO?

    13. Re:Interesting how few controls there are by Hognoxious · · Score: 1

      The PO originates from the customer. How does someone outside issue a bogus one?

      --
      Confucius say, "Find worm in apple - bad. Find half a worm - worse."
    14. Re:Interesting how few controls there are by Hognoxious · · Score: 1

      You don't pay on purchase orders

      Well that's fascinating. Where did I say you did?

      you pay on invoices. Accounting 101.

      You should take some more advanced courses. Start with reading comprehension, and try somewhere other than DeVry.

      --
      Confucius say, "Find worm in apple - bad. Find half a worm - worse."
    15. Re:Interesting how few controls there are by Hognoxious · · Score: 1

      I specifically indicated that a 'bogus' PO would got[sic] through like nothing was wrong ! ! !

      I don't see "PO" or "purchase order" anywhere in your post.

      --
      Confucius say, "Find worm in apple - bad. Find half a worm - worse."
    16. Re:Interesting how few controls there are by Anonymous Coward · · Score: 0

      Apparently. Can you find out where he works?

    17. Re:Interesting how few controls there are by Bob+the+Super+Hamste · · Score: 1

      Hey he probably got his degree from University of Phoenix.

      --
      Time to offend someone
    18. Re:Interesting how few controls there are by Solandri · · Score: 1

      There are a lot more smaller value purchases than large value. Depending on their distribution (e.g. purchases less than $100 total $1 million/yr, purchases over $100 total $500k/yr), it may make more sense to have more oversight over small value purchases.

    19. Re:Interesting how few controls there are by Actually,+I+do+RTFA · · Score: 1

      How do people fall for phishing scams anymore?

      It wasn't a phishing scam. That's just clickbait. It was fraud, complete with dummy contracts and other fraudulent documents.

      --
      Your ad here. Ask me how!
    20. Re:Interesting how few controls there are by Solandri · · Score: 2

      How do people fall for phishing scams anymore? Everyone has to know this by now -- never trust email requesting you to do anything involving linking to a website, sending money, etc. This could have all been resolved by someone calling and asking if they should really pay this $8 million "invoice" with an irreversible wire transfer.

      I've done the accounting for a $2 million/yr company and I think I can answer that. When you pay your home bills you probably only have one or two dozen every month. The company averaged about 150 bills a month. Roughly half were recurring, half were one-time purchases and reimbursements.

      It's *very* easy to slip a fraudulent bill into the one-time purchases category. I was fairly paranoid and would take the extra 10 min to 1 hour to track someone in the company down and ask them if a bill was legit, even if it meant staying late to finish my other work. So I like to think I didn't fall for any fake ones, but I honestly don't know. Immediately after I was promoted and someone else took over the accounting, my replacement fell for a fake magazine subscription bill made out to look like a renewal invoice. (Yes, getting phishing attempts by postal mail is common if you run a company.) And this was before it became common for invoices to be sent by email - where you can make a perfect digital duplicate of invoices that a legit company would use.

      When you're put into a position where you must pay 100% of legit bills, but also have to try to avoid 100% of fraudulent bills, it's inevitable that some fakes will slip through. Some of the other responses denigrate people who fall for these scams. Unless you go through your spam folder every day and manually check every spam mail to make sure nothing legit has been misclassified, you don't know what you're talking about. I used to think those "attempted delivery of your package failed" and "here are the sales projections you requested" malware emails were stupid and easy to avoid. Until I got support calls from people who fell for them - a guy whose job at the company was tracking shipments and receiving deliveries, and a woman whose job was to collect and summarize sales projections from her marketing staff. That's when I realized these malware emails weren't "obvious and transparent". My job profile simply did not fit that of the intended target.

      The problem isn't stupid people falling for this type of scam. The "problem" is the purchaser of an item and the payer for that item being different people, so there's no direct and immediate feedback available to confirm that a bill is legit. All those expense forms, reimbursement forms, and requisition forms that people always complain about having to fill out are attempts to remedy this problem.

    21. Re:Interesting how few controls there are by coofercat · · Score: 1

      Oh, I was hoping for one, super-dense mouse ;-)

    22. Re:Interesting how few controls there are by Anonymous Coward · · Score: 0

      They can be fairly convincing, we had some targeting our organization. They picked specific people researched what they did and put together a fairly convincing request with forged email headers etc. the thing that tipped them off was some bad grammar and the amount requested. Crazy business

    23. Re:Interesting how few controls there are by Anonymous Coward · · Score: 0

      The level of institutional (not individual) incompetence required to be scammed like this is mind boggling. This attack should have been completely stopped in its tracks by any company with halfway decent SOx controls (every publicly traded company in the US is required to have their SOx controls audited).

      The controls over the steps taken to add a new payment destination should be among the most rigorous controls in any company, preferably with someone to add the new destination and another to review and accept it after independently confirming the new information with the vendor in question (using an independent source for the contact information, so that they don't just re-confirm with the scammer).

    24. Re:Interesting how few controls there are by Anonymous Coward · · Score: 0

      I think so, Brain. But how are we going to get ten thousand gallons of lubricant before nightfall?

    25. Re:Interesting how few controls there are by g01d4 · · Score: 1

      I've worked for big companies most of my career, and regular employees making purchases, signing contracts, etc. takes an act of God. I can't spend $100 on supplies without getting competitive bids.

      See, that's where you're going wrong. I've actually had clients tell me that a proposal has to be _over_ a certain dollar amount - if it's less than (for example) $50k, it's subject to a lot more oversight than, say, $1M.

      Regular employees don't typically have much involvement with big purchases. Due diligence has been known to drop when you're spending someone else's money.

    26. Re:Interesting how few controls there are by k6mfw · · Score: 2

      See, that's where you're going wrong. I've actually had clients tell me that a proposal has to be _over_ a certain dollar amount - if it's less than (for example) $50k, it's subject to a lot more oversight than, say, $1M.

      It seems to me procurements are very mysterious. I'm constantly having to justify whatever purchase even for $100. What you suggest is proposal over a certain amount, maybe it is when high level people get this "OMG we need this capability now, buy it!" And then zoom, order screams through. Most of the time it feels technical procurements are as touchy-feely-emotional like a choreographer preparing a dance routine that will resonant with the audience.

      --
      mfwright@batnet.com
    27. Re:Interesting how few controls there are by k6mfw · · Score: 1

      hey Ricky, maybe you didn't write PO in your original post but I think you are definitely on to something. Others have implied the same pitfalls:
      ErichTheRed writes, "I've worked for big companies most of my career, and regular employees making purchases, signing contracts, etc. takes an act of God. I can't spend $100 on supplies without getting competitive bids. But there are apparently some very stupid people who have full unrestricted access to the bank accounts."
      OrangeTide writes, "Dealing with manufacturing in Asia is already a process that feels sketchy as hell, and we often wonder if we'll ever see the money again when we setup a manufacturing agreement because the process feels so ad hoc. It wouldn't take much for a conman to insert himself into this process without arousing suspicions."

      --
      mfwright@batnet.com
    28. Re:Interesting how few controls there are by Bert64 · · Score: 1

      Because legitimate companies conduct business in the exact same way - emailing invoices around and unexpected phonecalls chasing them up etc...
      Quite often larger companies have a high staff turnover so you're frequently dealing with different people each time so you'll get invoices from names you've never heard of...
      If people do their due diligence and try to verify each one then they end up behind on their work and get in trouble, especially if a payment is late and it ends up causing trouble.

      --
      http://spamdecoy.net - free throwaway anonymous email - avoid spam!
    29. Re: Interesting how few controls there are by Anonymous Coward · · Score: 0

      We were classmates together at ITT tech. Leave him alone. He was top of our class. Valedictorian in fact.

    30. Re:Interesting how few controls there are by Bert64 · · Score: 2

      Another problem is the way in which legit companies do business... If legitimate companies communicate with their customers/suppliers insecurely, then it becomes easy for scammers to do so as well. The more difficult it is to identify the scams from real requests, the more likely people are to fall for the scams.

      --
      http://spamdecoy.net - free throwaway anonymous email - avoid spam!
    31. Re:Interesting how few controls there are by easyTree · · Score: 1

      Apparently. Can you find out where he works?

      Maybe at a "multinational technology company, specializing in internet-related services and products, with headquarters in the United States" or a "multinational corporation providing online social media and networking services?"

      --
      Requiem for the American Dream
    32. Re:Interesting how few controls there are by easyTree · · Score: 1

      +1 sockpuppet

      --
      Requiem for the American Dream
    33. Re:Interesting how few controls there are by Mike+Van+Pelt · · Score: 2

      Email is "From" the CEO, and says something like "Hey, Bob, this account somehow got missed, it's way overdue and the money has to go out TODAY! I'm in important meetings all day and am unable to talk on the phone, any questions, just reply to this email." Either the From address is to a look-alike domain, or sometimes just a gmail/hotmail/yahoo account, or something at one of the many world.com generic domains, or the From address is the real CEO's address and there's a Reply-To somewhere else.

      It doesn't work often, but it apparently works often enough.

    34. Re:Interesting how few controls there are by Anonymous Coward · · Score: 0

      That's because the people at the top are well known for "I don't care if that's the internal purchasing process... I just want it done!" and the people working for them have to comply. "I don't care if it's against company rules for me to use my own e-mail, it's what I want!". This is why "Spear phishing" is a thing. People know that the biggest ignorance lies at the top. Get one and you have access to everything because those kinds of people are the ones who cut all the red tape around them so their life is breezy.

  17. He should claim he was just testing their security by Anonymous Coward · · Score: 0

    And boy did they fail, like a grandma paying the IRS in iTunes cards.

  18. what about the old sending a fake bill for domain by Joe_Dragon · · Score: 1

    what about the old sending a fake bill for domain / website services. That some time some secretary may just pay. Or even a fake power bill with some 3rd party energy supplier name on it?

  19. Re:Slashdot Hacked! - CONFIRMED by Anonymous Coward · · Score: 0

    You mean there's more than one? I thought it was just one guy with no life and a lot of conflicting opinions.

    Yes. I am. It's only me.

  20. Google & Facebook by xQx · · Score: 3, Informative

    Okay, so who's the "Asia-based manufacturer of computer hardware," ... founded some time in the late '80s.

    Thanks Google. Huawei was founded in 1987.

    1. Re: Google & Facebook by fubarrr · · Score: 1

      Guy learned well from Russians. As I remember, there was one guy who managed to make Soviet central bank to wire close to usd $500m to his personal account

    2. Re: Google & Facebook by quenda · · Score: 4, Funny

      there was one guy who managed to make Soviet central bank to wire close to usd $500m to his personal account

      I imagine he had a very impressive funeral.

    3. Re: Google & Facebook by Anonymous Coward · · Score: 0

      We have video of Russian hackers at work. These guys can run rings around Trump... https://youtu.be/T--zOjA7WiA

    4. Re: Google & Facebook by Anonymous Coward · · Score: 0

      Pretty sure he died slowly.

    5. Re: Google & Facebook by Anonymous Coward · · Score: 0

      Some parts may still be alive?

    6. Re: Google & Facebook by Anonymous Coward · · Score: 0

      Probably needed the lead lined casket for that one.

    7. Re:Google & Facebook by Anonymous Coward · · Score: 0

      Huawei is technically a telecommunications company, and produces a very narrow range of hardware, even narrower in terms of "computer hardware". ASUS was founded in 1989 and seems to fit this description better.

  21. Facebook, Google and Huawei. by xQx · · Score: 2

    Facebook, Google and Huawei.

    1. Re:Facebook, Google and Huawei. by Luthair · · Score: 1

      Don't forget, it doesn't need to be consumer hardware. We could be talking about data center hardware.

    2. Re:Facebook, Google and Huawei. by wbr1 · · Score: 1

      Ubiquiti/Unifi was hit with this type of scam. Don't know if it was this guy though.

      --
      Silence is a state of mime.
  22. Re:Slashdot Hacked! - CONFIRMED by aldousd666 · · Score: 1

    First: Change your password -- if there is an "ever since" in this story you should have changed it "ever since" you FIRST noticed that. Duh. And second... Troll.

    --
    Speak for yourself.
  23. We've got to cut them some slack. by Nutria · · Score: 1

    This wasn't some incompetent scammer with a poor grasp of English. "Rimasauskas even went so far as to create fake contracts on forged company letterhead, fake bank invoices, and various other official-looking documents to convince employees of the two companies to send him money" shows that he went to some length to look legitimate.

    --
    "I don't know, therefore Aliens" Wafflebox1
  24. Sentences by Anonymous Coward · · Score: 2, Insightful

    I really don't get it.

    You can kill 10 people and go to Jail, rape and kill in there too, and still get a sentence that's a fraction of the above with ability for parole. But trick an idiot company and take their money and you suddenly face up to 80 years jailtime?!

    1. Re:Sentences by darkain · · Score: 2

      money = power

    2. Re:Sentences by 91degrees · · Score: 2

      "Up to" doesn't mean mandatory. This is a maximum sentence. The maximum penalty for murder is death. Some states have a minimum of life without parole.

    3. Re:Sentences by Kiuas · · Score: 4, Insightful

      You can kill 10 people and go to Jail, rape and kill in there too, and still get a sentence that's a fraction of the above with ability for parole. But trick an idiot company and take their money and you suddenly face up to 80 years jailtime?!

      And yet, if instead of scamming some 100 million from a couple of companies the guy had been working for an investment bank or a credit rating agency and created purposefully misleading derivatives to help crash the global economy to the tune of billions in damages, he'd have gotten no jail time at all. Not a single bank executive has seen jailtime for causing the 2008 crisis, even though the extent of damages makes scams like this seem like pickpocketing and it's quite clear that the banks knew exactly what they were doing.when they started creating collateralized debt obligations from the subprime loans to circumvent the credit rating system. Quoting the wiki:

      According to the Financial Crisis Inquiry Report, "the CDO became the engine that powered the mortgage supply chain",[7] promoting an increase in demand for mortgage-backed securities without which lenders would have "had less reason to push so hard to make" non-prime loans.[8] CDOs not only bought crucial tranches of subprime mortgage-backed securities, they provided cash for the initial funding of the securities.[7] Between 2003 and 2007, Wall Street issued almost $700 billion in CDOs that included mortgage-backed securities as collateral.[7] Despite this loss of diversification, CDO tranches were given the same proportion of high ratings by rating agencies[30] on the grounds that mortgages were diversified by region and so "uncorrelated"[31]—though those ratings were lowered after mortgage holders began to default.[32][33]

      The rise of "ratings arbitrage"—i.e. pooling low-rated tranches to make CDOs—helped push sales of CDOs to about $500 billion in 2006,[14] with a global CDO market of over USD $1.5 trillion.[34] CDO was the fastest-growing sector of the structured finance market between 2003 and 2006; the number of CDO tranches issued in 2006 (9,278) was almost twice the number of tranches issued in 2005 (4,706)

      (emphasis mine)

      What it basically means is that if you tried creating a CDO using subprime loans from a single region it would have been rated badly (as it should, it's an extremely high risk product as many of the loans had been granted pretty much without any checks on the ability of the lender to pay for them), but if you take equally shitty loans from several different areas the credit rating agencies put a AAA stamp on it, because according to their logic at the time this means the default risk is now diversified, which is complete bullshit.

      This should showcase the real issue with these cases: the courts - especially in the US but also elsewhere in the West - are keen to protect the interests of corporations. Embezzlement/fraud of corporate funds will lead to heavy jail time when caught. That's why Maddof is in jail: he scammed rich folks and corporations. However at the same time the courts go so far to protect corporate interests that megacorporations themselves can pretty much act with inpunity - cause a massive oilspill or an economic meltdown and you'll get fined, and you can write that down as yet another operational cost and keep doing business as usual.

      I do not have a problem with large scale financial crime being punished heavily, because it has far reaching consequences and fines don't work against people and corporations with massive fortunes. However, the laws should be applied evenly to everyone, including the financial sector itself when it fucks up. Right now the US is basically letting WS do whatever it pleases and if shit hits the fan the costs are externalized to the taxpayer. And the City of London is no better,

      --
      "It is the business of the future to be dangerous" -Alfred North Whitehead
    4. Re:Sentences by Anonymous Coward · · Score: 1

      Your logic is quite faulty. If the financial institutions knew this was bad paper they wouldn't have kept hundreds of billions of dollars worth of it on their own books. See Wachovia and BofA. If the people running the financial institutions knew this was bad paper they wouldn't have invested their own money in it. See Lehman Brothers CEO Dick Fuld.

    5. Re:Sentences by Kiuas · · Score: 3, Informative

      If the financial institutions knew this was bad paper they wouldn't have kept hundreds of billions of dollars worth of it on their own books.

      The institutions responsible for creating said CDOs certainly knew, or at least had all the information required to know. I mean they intentionally took loans they knew would get bad credit rating and then used essentially a loophole in the regulations to get the rating higher than it should be. There's no way to argue that they didn't know what they were doing. At the same time, they obviously have to keep some of the papers themselves to maintain the appearance of it being a safe investment. I mean it'd be impossible to try and sell the subprime 'AAA' CDOs as a completely safe and a risk free product if you yourself kept none of it, it would look highly suspicious and reveal the scam to any potential buyer.

      People like Michael Burry (a mathematician btw) were able to 'predict' the financial crisis simply by going through the contents of these instruments by hand and crunching the numbers. If a single smart investor is able to figure this out just by looking at the data, do you seriously expect me to believe the banks themselves that operated this scheme and agreed to settle and be fined for it were unaware that they were peddling bullshit? Huh? This obviously doesn't mean everyone at the banks knew what was going on, but certainly key people did, because they have to have knowledge on the kind of instruments they're themselves creating/selling. It's de facto impossible to argue that they didn't know.

      Besides, the banks involved, including Bank of America, still made money even after factoring in the settlements they've had to pay since. The six largest players in the scheme have been fined approximately 150 billion for the scandal, while their combined profit over that time (2007-2014) totaled around 700 billion, that's the whole point of the argument I was making: the banks knew what they were up to, provably so, and they also knew they'd be able to turn a profit even if the scheme collapsed because by that time they'd have sold off most of these products.

      --
      "It is the business of the future to be dangerous" -Alfred North Whitehead
    6. Re:Sentences by rainer_d · · Score: 1

      Not a single bank executive has seen jailtime for causing the 2008 crisis, even though the extent of damages makes scams like this seem like pickpocketing and it's quite clear that the banks knew exactly what they were doing.when they started creating collateralized debt obligations from the subprime loans to circumvent the credit rating system.

      I think at least one of the CEOs of the three nationalized Icelandic banks is in prison.

      It's an Icelandic prison, of course, so it's not quite the same as a US prison...

      https://www.bloomberg.com/news...

      --
      Windows 2000 - from the guys who brought us edlin
    7. Re:Sentences by AmiMoJo · · Score: 1

      Not entirely true, some bankers in Iceland went to jail. So far I think they are the only country with the balls to jail those responsible.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    8. Re:Sentences by TroII · · Score: 0

      It's a good thing Trump is putting so many Goldman Sachs executives in his administration. Soon we'll be making recessions great again! We're going to have the biggest financial crisis, folks, it'll be tremendous!

      --
      "If there was a gay Afro-Puertorican Linux distribution, I'd give it a try" ~lucm
    9. Re:Sentences by Anonymous Coward · · Score: 0

      It's actually the prosecutors who didn't even bother to prosecute that are mostly to blame. The DOJ's incompetence in actually prosecuting cases (because it gets plea bargains in most of its cases, so it doesn't have the relevant experience to beat the top-dollar legal teams they would be up against) is at issue:

      He [Eric Holder, former US Attorney General] then added that Preet Bharara, the United States attorney in the Southern District of New York, and Loretta Lynch, Mr. Holder’s successor as attorney general and a former federal prosecutor in Brooklyn, would have brought cases against Wall Street if they could have. They didn’t, he said, because “we have a responsibility in the Justice Department to only bring those cases where we think we have a better than 50 percent chance of winning, and if you look at the different ways in which decision-making was made in these financial institutions, we simply didn’t have the ability to point to specific individuals to say that person was responsible for this specific action. We simply did not have the proof. If we could have made these cases, we certainly would have brought them.” He said that he, too, was “frustrated” by the lack of prosecutions of individual wrongdoing, but he did seem to take pride in the “record-breaking” amount of money collected from the banks in the form of civil penalties.

      The appeal was the first of a case that relied upon Firrea, so the Second Circuit’s ruling was watched carefully. If it were overturned, that could mean the end of using Firrea as a cudgel to get banks to pay in the remaining 175 or so civil lawsuits still pending against Wall Street.

      On May 23, the Second Circuit threw out the verdict against Bank of America and vacated the penalty against it. In its opinion, the court decided not to address the specific issue of the use of Firrea against Bank of America because the bank had “persuaded” the court that the government had not proved that Bank of America violated the law in the first place.

      “Bottom line,” he wrote me in an email from Dallas, where he is a senior lecturer in accounting at the University of Texas campus there, “the D.O.J. could not stand the embarrassment of pursuing prosecutions, only to then have the courts throw out those convictions because the D.O.J. had no legal grounds to pursue them under Firrea. That would be the ultimate proof of the D.O.J.’s incompetence and the reason they have not pursued prosecutions despite the evidence.”

      That is a cop out by Holder. The American people are owed at least an attempt at justice, even if they project the odds at less than 50% of victory (which I don't buy anyway, they can put their thumb on that scale whenever they want, they chose who they wanted to prosecute, then came up with a justification). The reason Holder is full of crap is that we have RICO statues, which seem perfectly suited for this situation where we had a criminal enterprise of people working together to engage in large-scale fraud. Further, corporations are considered people, they could have tried to prosecute the corporations themselves. Obviously we would then have needed the judges to allow that and for them to come up with some creative punishments (a prison sentence is out, but a "corporate death penalty" seems reasonable to me for such egregious violations).

    10. Re:Sentences by Anonymous Coward · · Score: 0

      Your logic is faulty, and I don't mean to just be snippy.

      These were financial institutions. Their job is to understand risk, evaluate rewards, and make decisions based upon the results.

      Either:

      1). They knew the derivatives were garbage and didn't care. This makes them to blame for illegal and unethical behavior. Or;
      2). They didn't know the derivatives were garbage. This makes them to blame for incompetence, dangerous irresponsibility, unethical, and unfit to perform their primary mandate. Which is also, (surprise!) illegal.

      There's no way out of the responsibility circle for the 2007 Financial Crisis. And everything we've heard to justify this behavior (i.e. Everyone Was Doing It! The Government Made Us!) comes off as pathetic attempts to justify the unjustifiable. Explain the unexplainable. Rationalize wrongdoing and point the finger Somewhere Else.

    11. Re:Sentences by gordguide · · Score: 1

      Nobody's goling to jail for 80 years; to think he may is to misunderstand American justice at work.

      The 80 years is the stick; the carrot is the plea bargain. If you refuse to cooperate they may try you with whatever relevant charge and with the prosecution's sentencing recommendation of 80 years, but there will be some rather attractive options given the accused. If he pleads guilty and admits his role, they probably will counter with a maximum of ... well, who knows, but for the sake of argument ... ten years. That may involve going to court with a lesser charge, or reduced counts, or whatever technical requirement is needed to get a 10 year outcome. The prosecution will recommend the sentence; the defence will (of course) agree, and they present that to the judge. Faced with a joint recommendation, the Judge pretty much always goes along with it.

      Then there is the sentence itself. No-one in America serves the sentence they are given, with the exception of natural life sentences. It is actually against the law to not offer time off for good behaviour ... it's constitutionally protected as a right against cruel and unusual punishment. "Time Off is Time Served" ... you can't be sent back to jail if released due to actual time served and "good time" that adds up to your sentence.

      How much time off varies by state and also the Federal system has guidelines as well. The Federal system is the most stingy. Calculating the reduction is so complex that in many cases even prison officials can't tell you the actual release date with good behaviour included (partly because it requires predicting future behaviour, as the reduction is earned per 30 day period of actual time served); one day they figure out you are due to be released, and the next day you're out is often how it works.

      But for non-violent offenders, it can be as much as two thirds of actual time served. So a ten year sentence could be fully completed in as little as 3 years and a number of months. And, because good time and actual time are treated identically, that means you are eligible for parole after serving some portion of your sentence, which in this case would be some portion of three years and some months.

      Finally, because so many involved in the Justice System are elected, it serves the purpose of "law and order" politics to publish long sentences in the press, when the actual amount of liberty deprived the offender is much less, which is almost never followed up on in the press (with the exception that if an individual re-offends they may list the previous crimes he was convicted of, and the sentence, and the release date, which inevitably illustrates the above is true).

      Some jurisdictions give time off merely for showing up at the jail, that's how people in the news like Lindsay Lohan serve 30 day sentences in four hours. But generally speaking most states allow 10 days per month served, plus often additional days if you do things like take a prison job or complete some program, and in some states you can earn up to 20 days per 30 days served. The Feds tend to be closer to 5 days per 30, but you can still earn extra with them as well.

  25. Re:Slashdot Hacked! - CONFIRMED by K.+S.+Kyosuke · · Score: 2

    I know where he lives!

    --
    Ezekiel 23:20
  26. Re:Slashdot Hacked! - CONFIRMED by sysrammer · · Score: 1

    Hsoohw.

    --
    His ignorance covered the whole earth like a blanket, and there was hardly a hole in it anywhere. - Mark Twain
  27. Me too!! by wkwilley2 · · Score: 2

    I'm betting more on Google and Facebook respectively.

    --
    Have you ever fallen asleep at the keybhanusdiog?
    1. Re:Me too!! by Anonymous Coward · · Score: 0

      Or Amazon and Facebook.

      "internet related services and products"

      Not many do both, assuming they mean products as being physical.

      The second is trickier. Many companies are social networks now, and most provide "networking services" in the form of communication mediums, but few would be solely described that way except Facebook, Pinterest, Myspace even.

  28. Should have immediately started... by Anonymous Coward · · Score: 0

    transferring it into bitcoin.

    So long as his wallet was kept offsite he could have kept funneling money into it a bit at a time as he continued to earn more, and when things went south he would have had a difficult to track nest egg to fall back on when he needed to get out of dodge.

  29. Walk away? by s1d3track3D · · Score: 1

    From at least in or around 2013 through in or about 2015...

    He was initially successful, acquiring over $100 million in proceeds that he wired to various bank accounts worldwide. But his footprint would eventually lead investigators to the truth,

    So what amount is sufficient to walk away? 100M in two years?
    I guess for some, it's the thrill of the chase, not the actual kill

    1. Re:Walk away? by Anonymous Coward · · Score: 0

      My thoughts exactly. Steal $100k here & there from a big corporation and even when it's discovered, they might conclude that enduring the loss is preferable to tarnishing their brand by publicizing the fact that they were hacked/scammed. Steal tens of millions and they're sure to involve law enforcement.
      That might be less true nowadays because the U.S. federal government has been pressuring companies to report even minor hacking incidents, but for many years, eating losses from carders/hackers was SOP for big banks.

    2. Re:Walk away? by Quirkz · · Score: 1

      Yeah. I'd think a fraction of that would be enough to disappear someplace cheap and quiet, and enjoy what life has to offer.

      --
      The Quirkz Handbook of Self-Improvement for People Who Are Already Pretty Okay
    3. Re:Walk away? by s1d3track3D · · Score: 1

      Agreed. That would be sufficient for me.

  30. Could be Ubiquiti Networks by Anonymous Coward · · Score: 0

    Remember they were scammed for almost $47 Million a little under two years ago - http://krebsonsecurity.com/2015/08/tech-firm-ubiquiti-suffers-46m-cyberheist/

  31. Dumbasses... by Anonymous Coward · · Score: 0

    You do tech business with Lithuanian's or the Czech's, you gamble with hackers. They have more per population than anywhere else in the world. Duh.

    1. Re:Dumbasses... by Anonymous Coward · · Score: 0

      In defense of my country would like to notice, that he "did so by masquerading as a prominent Asian hardware manufacturer". ;)

  32. Re:Slashdot Hacked! - CONFIRMED by Anonymous Coward · · Score: 0

    HOW DARE YOU ASSUME MY GENDERS?!

    filter text i know it looks like yelling it is supposed to. form submission has no sense of humour

  33. Phishing scams by kilodelta · · Score: 1

    At a former employer I had my financial people well trained. If an email looked even mildly suspicious they'd call we in the I.T. /InfoSec group before doing anything. And I railed on the web developers that having an about page that listed everyone by full name with photo and title was a really BAD idea.

    1. Re:Phishing scams by Actually,+I+do+RTFA · · Score: 1

      This wasn't a phishing scam. It was fraud. You know, with fake documentation and everything. The "phishing" verb is just scammy clickbait.

      --
      Your ad here. Ask me how!
    2. Re: Phishing scams by Anonymous Coward · · Score: 0

      Listen to him, he's RTFA

  34. Ubiquiti? by zerofoo · · Score: 1

    They aren't a huge company, but they got scammed for $40 million:

    http://fortune.com/2015/08/10/...

  35. Podesta didn't fall for it - his "expert" did by Zontar_Thing_From_Ve · · Score: 3, Informative

    It reminds me of how people were talking about the Podesta email incident as some massively complex hacking job. It wasn't -- they found out he still used Yahoo Mail and phished him. I can't believe that (a) one of the most powerful political operatives in the Clinton campaign uses Yahoo Mail, and (b) that he fell for it.

    Actually the email seemed suspicious to Podesta so he asked his 20-something security "expert" to look at it. Now keep in mind that probably almost all of us know to have a mouse hover over a link in an email to see where it really goes. For example, if a link supposed to go to mycompany.com actually goes to gizshiz.com or mycompanyname.ru, yeah, you should be smart enough to think those are probably not really mycompany.com. The problem was that his "expert" didn't do this. He simply looked at the email, immediately proclaimed it to be legit and insisted that Podesta immediately click on the link and change his password. Insiders refused to name the "expert" or say whether he still has a job. My guess is that he does. But Podesta correctly got suspicious and asked for help, he just put his faith in someone to help him who didn't deserve it. For all the reported use the Democratic Party made of cutting edge analytics when Obama ran for president, they seem to have really weird ideas at the very top about security. I still maintain that had Bill and Hillary used their fortunes to hire real security experts for the foundation's email server and ran something like a hardened form of BSD on it, it could have mitigated a lot of the damage of using a private server, but no, they just had to use some local 2 man operation that was basically a small, local equivalent of Geek Squad and they used them because they were nearby and cheap, not good.

    1. Re:Podesta didn't fall for it - his "expert" did by jbmartin6 · · Score: 2

      There are plenty of stories available about the expert, including interviews with the man himself. I'm not sure I believe his story, but he did one thing right, which was provide the real Google link and advised Podesta to change his password AND enable two-factor authentication. Podesta used the link in the phishing email though, so even at best the 'expert' did a very very poor job of communication.

      --
      This posting is provided 'AS IS' without warranty of any kind, implied or otherwise.
  36. Re: Slashdot Hacked! - CONFIRMED by Highdude702 · · Score: 1

    i really hope you guys are joking. ive been living on my own since 15. and when you do that you cant afford to become 300-400 pounds...

  37. Re:Slashdot Hacked! - CONFIRMED by Highdude702 · · Score: 1

    flew over his head so fast it hit me in the face...

  38. I hardly can believe by Max_W · · Score: 1

    that he could do it all alone, without at least some cooperation from inside.

  39. well there's your problem... by Thud457 · · Score: 1

    money = power

    Only for the 99.9% that make the error of assigning power to money.

    You probably want:

    money != power

    TFTFY

    --

    the preceding comment is my own and in no way reflects the opinion of the Joint Chiefs of Staff

  40. As a tech insider by OrangeTide · · Score: 1

    I am not surprised that tech companies fall for this. Dealing with manufacturing in Asia is already a process that feels sketchy as hell, and we often wonder if we'll ever see the money again when we setup a manufacturing agreement because the process feels so ad hoc. It wouldn't take much for a conman to insert himself into this process without arousing suspicions.

    --
    “Common sense is not so common.” — Voltaire
  41. Re:Slashdot Hacked! - CONFIRMED by Anonymous Coward · · Score: 0

    I swear I'm innocent! I have nothing to hide. I use 2 IP addresses: 127.0.0.1 and 192.168.0.1.

  42. Re: Slashdot Hacked! - CONFIRMED by lucm · · Score: 1

    when you do that you cant afford to become 300-400 pounds...

    Somehow I doubt that food is the root cause of your financial situation.

    hint #1) there's "high" in your username
    hint #2) there's 702 in your username, which is Las Vegas area code.

    I rest my case.

    --
    lucm, indeed.
  43. Quanta by Plocmstart · · Score: 1

    I'm guessing the spoofed company is Quanta. There's a lot of surplus last-gen equipment on eBay (meaning companies would be upgrading), and I believe Facebook used them as an OEM for their Open Compute nodes (Quanta Mindmill). Not sure who else uses Quanta OEM in particular, but some of their switches appear to be reference designs for Dell, etc.

    1. Re:Quanta by Plocmstart · · Score: 1

      For those discussing Ubiquiti, they probably also used Quanta as an OEM for some switch designs. There's some talk of the LB4M and LB6M firmware being very similar on a few forums.

    2. Re:Quanta by Plocmstart · · Score: 1

      PROOF

      http://www.lsm.lv/en/article/e...

    3. Re:Quanta by Plocmstart · · Score: 1

      And I believe this is the company registration.

      http://company.lursoft.lv/4150...

  44. Re: Slashdot Hacked! - CONFIRMED by Highdude702 · · Score: 1

    Lol weed is cheap for me. The good stuff too. But I actually don't make bad money for being an ex-fuckup I actually just got a raise to 23/hr and I'm an electrician so that's not close to pay cap. And I love Las Vegas i wouldn't want to live anywhere else. But good work on the math

  45. Re:Slashdot Hacked! - CONFIRMED by Anonymous Coward · · Score: 0

    He wants to elicit a Who Am I? post? I did not notice I was not logged in all that while and still does not matter.

  46. Re: Slashdot Hacked! - CONFIRMED by Anonymous Coward · · Score: 0

    I am Spartacus.

  47. Re:Slashdot Hacked! - CONFIRMED by sysrammer · · Score: 1

    Yep. My pappy always tol' me "Son, never whoosh into the wind!"

    --
    His ignorance covered the whole earth like a blanket, and there was hardly a hole in it anywhere. - Mark Twain