[BreachExchange] Former Expedia employee hacked bosses to net $350, 000 in 'get-rich-quick scheme'

Audrey McNeil audrey at riskbasedsecurity.com
Tue Dec 6 19:34:04 EST 2016


http://www.ibtimes.co.uk/former-expedia-employee-
hacked-bosses-net-350000-get-rich-quick-scheme-1595131

A former IT technician working for travel website Expedia pleaded guilty in
a US federal court this week (5 December) for hacking into the emails of
senior company executives and using stolen information to illegally profit
from an insider trading scheme.

Jonathan Ly, 28, of San Francisco, employed at Expedia subsidiary
Hotwire.com between March 2013 and April 2015, allegedly used his network
privileges to access devices belonging to Expedia's chief financial officer
(CFO) and the head of investor relations.

Using his authorised access, Ly was able to make a series of well-timed
trades in Expedia stock options to net nearly $348,500 in illicit profit.
The trades came in advance of seven Expedia earnings announcements and two
Expedia agreement-related announcements, court filings said.

According to the US Department of Justice, even after Ly left the company
he kept an Expedia laptop and continued to access the executives' inboxes.

Securities fraud is punishable by up to 25 years in prison and a $250,000
fine. Sentencing will take place on 28 February 2017.

The Securities and Exchange Commission (SEC) elaborated on how Ly's hacking
activities eventually "expanded" to rely on "deceptive means" to access
company computers – including using privileged access to conceal his
identity and hacking into a computer holding administrator passwords.

After uncovering the computer intrusion, Expedia reported it to the FBI and
undertook its own forensic investigation. The DoJ said Ly will have to pay
back the profits made in the scheme. Additionally, as part of a plea, he
will repay Expedia the $81,592 it spent investigating the intrusions.

"This case was particularly egregious because Mr Ly abused his special
access privileges as an IT administrator," said Jay Tabb, FBI special agent
in charge at the Seattle field division. "On top of violating the trust of
the public and his company, he violated the privacy of fellow employees.

"Insider trading erodes the public's trust in the financial markets.
Reassuringly, most employees never exploit their unique knowledge for
unfair investment advantages."

US attorney, Annette Hayes, said: "The irony of our increasingly digital
world is that the greatest threat to our networks is a human one.

"In this case, an IT professional used his employer's networks to
facilitate a get-rich-quick scheme. I commend Expedia for quickly
contacting law enforcement when they identified the computer intrusion.
Their willingness to do the right thing made it possible to effectively
investigate and prosecute the matter – protecting our financial markets
from unfair manipulation."
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20161206/b4a61b71/attachment.html>


More information about the BreachExchange mailing list