A disgruntled employee took action on his employer after managing to pilfer $40,000 by taking over the companies network. However, he made a fatal mistake at the end and was caught by the FBI after verifying his PayPal account!
A Criminal Managed To Steal $40,000
A cybercriminal meddled with the internal network of tech firm Scale AI to pilfer thousands of dollars. The perpetrator went on slowly and steadily to transfer $140 at a time to his accounts. This gradual process helped him secretly steal $40,000.
According to reports, the attacker continued the hack for several months. He allegedly intruded the company’s systems and diverted payments to some anonymous PayPal accounts.
The company suffered the first attack in early 2019. According to the complaint document shared by Quartz, the attack started in March 2019 and continued until May 2019. During this time, the attacker managed to execute around 100 transactions, each of $140, pilfering a total of $14000.
While the company contained the attack and took security measures to protect their systems, soon, a second attack took place. This time, the perpetrator stole $4200 via 30 more transactions of $140 each.
In both the attacks, the attacker used the PayPal account linked to “[email protected]”. Whereas, the attacker’s location from the IP address appeared to be in Thailand.
After a while, another similar incident took place on June 20, 2019, that remained unnoticed until July 2019. This time, using the same strategy, the attacker siphoned off $15,000. Nonetheless, he used a different account in this attempt linked with “[email protected]”.
Verifying PayPal Accounts Made FBI Catch Him
Upon noticing repeated events of ‘destruction of payment database logs’, Scale AI took up the matter with law enforcement. Although, it was initially difficult to catch the attacker as he used a VPN and hid most of his traces. Nonetheless, like many criminals who are caught, he also missed hiding one thing – his verification number.
FBI detected that both the PayPal accounts were verified using the same number. Tracing this number, they eventually found the attacker, who was an employee of Scale AI.
Identified as Shariq Shahab Hashme, the 25-year old computer engineer hacked his own employer’s systems to make fraudulent transactions. The attacker, a UK citizen, left the US in April 2019 owing to an expired work visa. It turns out that he accessed the firm’s network via a VPN to veil himself and deleted the transactions to his accounts from the company’s databases.
As FBI came to know of Hashme’s return to the US, they caught up with him at San Francisco Airport on August 10, 2019.
According to Quartz, a firm’s spokesperson confirmed Hashme’s affiliation with the company, and his subsequent termination. Nonetheless, the spokesperson refrained from revealing many details.
This individual has been terminated from Scale. Since this is a confidential employee matter, Scale cannot discuss or provide further details. However, we can confirm that customer data and employee safety have not been at risk.
Let’s see how this case proceeds. Nonetheless, this incident once again shows that regardless of how smart a perpetrator is, he is sure to leave some loophole, for which, he eventually gets caught, sooner or later.
Let us know your thoughts about this report in the comments.