IT contractor gets five years for $2M credit union theft
Insider threat case the second this week, following Terry Childs guilty verdict
Zeldon Morris, a Provo, Utah computer contractor, was sentenced on Wednesday to more than five years in prison after pleading guilty to stealing close to $2 million from four credit unions that he performed IT services for.
Judge Clark Waddoups of the U.S. District Court for the District of Utah also ordered Morris to repay more than $1.8 million in restitution to his victims and to submit to five years of supervised release upon completion of his prison term.
In December, Morris had pleaded guilty to using his privileged computer access to steal money from Family First Federal Credit Union, Alpine Credit Union, Deseret First Credit Union, and First Credit Union.
News of Morris' sentencing came just one day after former San Francisco network administrator Terry Childs was found guilty on charges of locking up a key city network for days in 2008.
Childs' actions resulted in city officials losing administrative control of the network for more than 10 days. It also resulted in the city having to spend hundreds of thousands of dollars recovering from the disruption.
Both are examples of what security analysts have long said is the often under-estimated and overlooked danger posed by rouge insiders.
Morris was employed as a third-party contractor by Open Source Solutions Inc, a computer services firm in Provo. In that capacity, Morris was supposed to help the four credit unions upgrade their systems. As part of his job, he was given unrestricted local and remote access to the networks at the credit unions.
Morris used his access to initiate several fictitious Automated Clearing House (ACH) transactions, according to court documents describing the thefts at Family First Federal Credit Union. The transfers were deposited into bank accounts that Morris owned, including a business account that he operated jointly with a business partner.
Morris used fictitious or previously used ACH "racing numbers" to make the deposits into his accounts, court documents said.
In his guilty plea, Morris said that it was his "specialized knowledge" of the systems at the financial institutions that allowed him to pull off the thefts for about two years without being detected.
The money that was falsely transferred into Morris' account was later used to pay mortgage on two homes, pay off his car loans, and for repairs to his properties as well as for overseas vacations.
In all Morris admitted to stealing about $1.2 millions from First Family, about $82,000 from Alpine, about $635,000 from Deseret and $93,000 from First Credit.
According to court documents the thefts are likely to have gone unnoticed for some time if it had not been for Morris' partner who alerted Family First of unusually large ACH deposits being made into the joint business account.
The case is similar to countless others involving theft, sabotage and data compromise by insiders with privileged access to enterprise systems and networks. Security researchers have long maintained that rogue insiders pose a potentially greater threat than external hackers.
Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan or subscribe to Jaikumar's RSS feed . His e-mail address is email@example.com.
- University of North Florida breach exposes data on 107,000 individuals
- Zeus Trojan bust reveals sophisticated 'money mules' operation in U.S.
- GAO slams White House for failing to lead on cybersecurity
- Man charged with attack on Web site of Fox News' Bill O'Reilly
- Heartland breach expenses pegged at $140M -- so far
- IT contractor gets five years for $2M credit union theft
- Democracy would suffer if Google left China, says MIT panel
- Gonzalez accomplice gets five years for hacking TJX
- Threat of cyberattacks from overseas high, federal IT execs say
- Botnets 'the Swiss Army knife of attack tools'
Read more about Cybercrime and Hacking in Computerworld's Cybercrime and Hacking Topic Center.
- Best iPhone, iPad Business Apps for 2014
- 14 Tech Conventions You Should Attend in 2014
- 10 Desktop Apps to Power Your Windows PC
- How to Add New Job Skills Without Going Back to School
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Who's Spying on You? You're aware of the threats of malware to your business but what about the ever-changing ground rules? Cybercriminals today are launching attacks against...
Red Hat Enterprise Linux - The Original Cloud Operating System
Linux adoption is growing against a number of measures, such as the
number of supercomputers that run Linux and the size of the contributing...
- OpenStack Hype vs. Reality: CIO Quick Pulse Open-source architecture can enable IT departments to build infrastructure-as-a-service (IaaS) clouds running on standard hardware.
- Building a Bridge to the Next Generation Data Center Selecting a widely adopted operating system is a foundational component of a standardization strategy.
- Webinar: Building a Big Data solution that's production-ready Big data solutions are no longer just a nice-to-have.
- Meg Whitman presents Unlocking IT with Big Data During this Web Event you will hear Meg Whitman, President and CEO, HP discuss HAVEn - the #1 Big Data platform, as well... All Cybercrime and Hacking White Papers | Webcasts