A contractor who provided IT administration services to banks was sentenced to more than five years in prison this week after admitting he used his insider knowledge to plunder some $2m from four financial institutions. Zeldon Thomas Morris, 43, was ordered to serve 63 months in federal prison and pay restitution of a little …
More like 2 years in "Club Fed"
This guy will only serve half his sentence in a minimum security Federal Facility "Club Fed", and if he's any kind of BOFH, by that time the worm he planted will wake up and start transferring the "rest of the money" he stole into numbered accounts in Cayman's or anywhere else that does not have an extradition treaty with the USA.
Or at least I can dream we could all be so lucky.......
Good that he got caught
But actually, I wonder why crooks like these do not escape before getting caught.
Or maybe we only get to hear about those that did not escape...
Re: Good that he got caught
Greed, I suspect. He probably could have made off with $500k, no problem.
I always remember a kid at my secondary school who found a cheque book on the street, and so wrote himself a cheque for £1000. Obviously, he got caught- if he'd made it for £100 he would have probably gotten away with it.
That little scamp.
Of course - had he been an actual banker he'd have arranged to get this all paid as an annual bonus, it would all have been "legal" and everyone (in banking) would have thought it "normal".
Feds are still owned (MAYBE)
If the it guys lives in Florida no matter how he stole money by Florida laws alone even if I hacked into a bank and stole 20 million I still get to keep my home and nobody can take it away no matter what.
That is why all theives live in Florida...
Not sure where this IT guy lives though.
The Banks Fault!
Years ago Banks employed in house programmers before going for off the shelf products. With privacy a big issue it is time banks either go back to hiring in house programming teams or buy out the software companies they do business with and lock the code down!
Why would it matter who employed the progammers?
If you have weak assurance controls over the validity of the code you use the risk of getting attacked and defrauded is high no matter whether they are good ol'boys from the bank or code cutters in India.
...this guy steals two million smackers and gets five behind bars, and some kid googles Sarah Palin's email info and is looking at twenty? Go figure.
It's called a plea bargain and requires that you have something to bargain with. In this case, two million dollars.
They get a guilty plea, a signed confession to one specimen count and an easy ride recovering the money and assets. He gets five years and a ban from ever touching banking systems ever again.
He could have plead not guilty, had all the charges chucked at him and ended up being banged up with the key discarded. Then they'd have invoked asset recovery and screwed every cent they could out of him anyway. It would just have taken a lot longer and made a few lawyers quite a bit richer.
In The Brown Stuff
So this IT consultant got banged up for sprialling away a measly $2m over a couple of years. When can we expect another clunkhead to serve time for washing away £180bn then?
And Paris because...well just because.
Thats bankruptcy law. Asset forfeitures laws is Different. Plus federal law trumps state law.
Read the article
""Because of my position in upgrading the software, I was able to carry out this scheme without detection for nearly two-and-a-half years, from approximately August of 2006 until approximately April of 2009," Morris wrote in the court document."
Bottom line. *no* auditing of work done (after the fact) by *one* man + *no* oversight by anyone competent in the system = license to steal.
If you set up a system that only a person with the virtue of a saint *would* not figure out how to compromise or the brains of an idiot so they *could* not figure out how to do so
I call the bank management on charges of *criminal* negligence. Frankly I'm amazed he took so *little* given the amount of time and the level of access he *appears* to have had.
Anyone else get the feeling that IT folks (from sys admins to casual password guessers) are being manoeuvred into the firing line more and more these days?
"Anyone else get the feeling that IT folks (from sys admins to casual password guessers) are being manoeuvred into the firing line more and more these days?"
Yes and no.
This guys fall was all his *own* work. However management definitely created an environment which *allowed* and *encouraged* him to do it. This means they either don't know what they need to do about ensuring good security or don't care.