[BreachExchange] Ex-Army Contractor Sentenced to 12 Years for Fraud

[Sophia Kingsbury]

https://www.govinfosecurity.com/ex-army-contractor-sentenced-to-12-years-for-fraud-a-17670

A 40-year-old former U.S. Army employee has been sentenced to 12 years and
seven months in prison - followed by three years of supervised release -
and ordered to pay $2,331,639.85 in restitution, for conspiring to commit
wire fraud and launder money, according to a Department of Justice
statement.

The crimes targeted more than 3,300 members of the U.S. military community,
including eight general officers and numerous disabled veterans, the
statement, published on Friday, says. The victims, who suffered a
cumulative financial loss of more than $1.5 million, were "targeted because
of their receipt of service-related benefits," it says.

Fredrick Brown, a former civilian medical records technician and
administrator with the U.S. Army at the 65th Medical Brigade in South
Korea, pleaded guilty to the charges on Oct. 29, 2019, the statement says.

Brown admitted to stealing personal identifying information of military
members - including names, Social Security numbers, military ID numbers,
dates of birth and contact information - between July 2014 and Sept. 2015.

How It Happened

According to the statement, Brown logged into a military electronic health
records database to take digital photographs of his computer screen and
share the data with his co-conspirators.

Brown shared the data with four others - his co-defendants Robert Wayne
Boling Jr., Trorice Crawford, Allan Albert Kerr, and Jongmin Seok,
according to a separate DOJ document detailing Boling's indictment.

Crawford, 32, was sentenced to 46 months in federal prison, followed by
three years of supervised release, and ordered to pay $103,700 in
restitution.

Boling, Kerr, and Seok were charged with multiple counts of conspiracy,
wire fraud, and aggravated identity theft. As of July 2020, the three
individuals were in the Philippines, with "measures being taken to effect
their transfer to the Western District of Texas." No further updates are
available.

"Brown worked with a database called the Armed Forces Health Longitudinal
Technology Application, which is one of the United States military's
principal repositories for electronic health records of military-affiliated
individuals. As a medical records technician, Brown had access to
substantial volumes of military-affiliated individuals' PII," the document
notes.

The defendants, it says, compromised the Department of Defense Self-Service
Logon - or DS Logon - accounts. The accounts, belonging to service members
and veterans, their dependents, and civilians employed by the Department of
Defense, allowed the defendants access to over 70 nonpublic websites,
comprising "extensive personal and financial data, including PII for all of
a military-affiliated individual's dependents (spouse and children), tax
information, and health records, among other information," according to the
document.

The document also says a DS Logon user account can be used to alter the
account and routing numbers for bank accounts into which salaries,
benefits, disability payments and pensions were paid by the Department of
Defense or the Veterans Administration.

The DS Logon credentials also allowed Brown and his co-defendants to access
eBenefits, a web portal hosted by the Veterans Administration within the
Western District of Texas, which allows military-affiliated persons to
manage their benefits, claims and military documents online, the DOJ
statement notes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20211005/e7b39983/attachment.html>