Internal security threats have become a serious problem for technology firms. Ethical hacking specialists report that a former Microsoft software engineer has been convicted of at least 18 crimes after stealing $10 million USD in cryptocurrency from the company.
Volodymyr Kvashuk, 25, is a Ukrainian citizen residing in the US that worked for Microsoft between 2016 and 2018, when he was fired due to this fraud. Kvashuk has been convicted of five electronic fraud charges, six money laundering offences, two counts of aggravated identity theft, two false tax returns and one postal fraud. In addition, a charge for improper access to electronic devices and access to protected computer equipment was included.
The defendant was allegedly involved in Microsoft’s
retail testing platform. Taking advantage of his position, he misused this
access to extract the company’s virtual assets through a complex scheme
involving the use of digital gift cards, ethical hacking specialists mention.
Kvashuk subsequently resold these cards on the
Internet using cryptocurrency
transactions. At first the defendant carried out operations for small numbers,
although he eventually upped the ante, eventually stealing millions of dollars.
According to court reports, the defendant bought a vacation home worth more
than $1 million USD, plus a $160k USD Tesla car.
As the stolen amounts grew more and more,
Kvashuk began using the test email accounts associated with other employees,
trying to cover their tracks. In addition, the defendant used a cryptocurrency
“mixing” service to make it difficult to detect their transactions.
The defendant remained active for more than
seven months, filing forged tax returns to prove his unusual income to US tax
Finally, ethical hacking specialists mentioned
that Kvashuk’s fraudulent scheme was discovered and dismantled by the IRS-CI
Cybercrime Unit. Thanks to the investigation of this Unit, Kvashuk was arrested
and prosecuted; after deliberating for more than five hours, the jury found him
guilty, the International Cyber Security Institute (IICS) says.