Computer Used to (Unsuccessfully) Steal $9 million in California


According to an article in the San Jose Mercury News, US law enforcement is searching for a former California Water Service Co. employee who quit his job, and then broke into the Water Service company's computers and wired himself (three times) a total of $9 million to an account in Qatar.

The former employee, identified as Abdirahman Ismail Abdi, is suspected to have fled to Canada after placing his wife and children on a flight to Frankfurt.

The company was able to freeze the accounts in Qatar, and gets its money back.

A janitor spotted Adbi returning the night of his resignation to the office of a former co-worker; the next day company officials found the computer break-in.

Apparently that janitor had good security awareness.

The Mercury News story unfortunately is a little short on details, like what job Adbi had; how he was able to still access the facility, let alone the company's computers, after he resigned; and why he needed three wire transfers - was there a limit on the amount of a wire transfer, and if so, how he knew about it. Also unexplained is how Adbi was able to keep the company from finding out that he had a deportation order against him going back to 2005.

Two somewhat related and interesting stories here and here appeared in ComputerWeekly this past week about how a security specialist from Siemens Enterprise Communications used simple social engineering techniques to infiltrate a financial firm, help another colleague also infiltrate the firm, and together access confidential data laying about as well as gain access to the firm's computers for over a week.

Yes, the Siemens specialist was given the assignment by the firm's director to test out the effectiveness of its security program; I suspect the director was not pleased by the result. The ComputerWeekly stories didn't say what happened next, which is too bad.

Maybe the lesson is that to increase company security, hire really suspicious janitors.


Risk Factor

IEEE Spectrum's risk analysis blog, featuring daily news, updates and analysis on computing and IT projects, software and systems failures, successes and innovations, security threats, and more.

Robert Charette
Spotsylvania, Va.
Willie D. Jones
New York City