fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Microsoft Engineer Stole $10M, Used Colleagues As Scapegoats

Microsoft Engineer Stole $10M, Used Colleagues As Scapegoats

Volodymyr Kvashuk, a Ukrainian citizen and former Microsoft software engineer, was sentenced to nine years in prison for stealing over $10 million worth of currency stored value (CSV) including gift cards over two years.

Kvashuk used Microsoft Store test accounts while being a part of the company’s Universal Store Team (UST) to steal about $10.1 million worth of CSV from Microsoft via unauthorized simulated purchases of products according to court documents.

His scheme was discovered by Microsoft’s UST Fraud Investigation Strike Team (FIST) in February 2018, after noticing a suspicious increase of Xbox Live subscriptions bought using CSV.

Stolen CSV sold at a discount

The CSV stolen between August 26, 2016, and June 22, 2018, when he was fired (after first being a contractor and then a full employee starting with December 1, 2017) was then resold at a discounted price on online markets via at least two resellers, nokeys.com and g2a.com.

Also Read: Going Beyond DPO Meaning: Ever Heard Of Outsourced DPO?

These third parties were then able to redeem the CSV and purchase both digital and physical goods from Microsoft.

In all, Microsoft was only able to blacklist around $1.8 million in CSV from being redeemed after being sold by Kvashuk to his customers, amounting to a total financial loss of roughly $8.3 million.

Kvashuk then used the services of chipmixer.com, a bitcoin mixing service, to hide the origin of the funds he obtained after selling the stolen CSV, as well as by buying bitcoin using Xbox gift cards on the Paxful peer-to-peer cryptocurrency trading platform.

He was able to transfer roughly $2.8 million in bitcoin to his investment and bank accounts, money later camouflaged as gifts from his relatives in falsified tax return forms.

In March 2018, Kvashuk bought a Tesla vehicle for roughly $162,000, while three months later, in June 2018, Kvashuk paid around $1.675 million for a Renton lakeside house.

Colleagues used as scapegoats

After initially using his test account to illegally purchase CSV, Kvashuk switched to accounts created by some of his colleagues to hide his tracks and direct future investigations to the wrong people.

“Initially, Kvashuk stole smaller amounts totaling about $12,000 in value using his own account access,” a Department of Justice press release says.

“As the thefts escalated into millions of dollars of value, Kvashuk used test email accounts associated with other employees.”

The accounts were used to buy the largest share of stolen CSV and, after flagging them, Microsoft found no evidence that the two employees who created them were involved in any way in the unauthorized CSV purchases.

Microsoft was later able to connect Kvashuk with the three fraudulent test accounts after he used redeemed funds to buy three GeForce GTX 1070 graphics cards and had them delivered to his apartment complex via FedEx, to a different unit and under a different name.

“Kvashuk’s scheme involved lies and deception at every step. He put his colleagues in the line of fire by using their test accounts to steal CSV,” prosecutors said.

Also Read: Limiting Location Data Exposure: 8 Best Practices

“Rather than taking responsibility, he testified and told a series of outrageous lies. There is no sign that Kvashuk feels any remorse or regret for his crimes.”

Besides having to spend nine years in prison for 18 separate federal felonies related to his fraudulent scheme and being ordered to pay $8,344,586 in restitution, Kvashuk may also be deported following his prison term.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us