back to article Super-crook admits he nicked $122m from Facebook, Google by sending staff fake invoices for tech kit

A Lithuanian citizen extradited to the US has admitted bilking $122m from Facebook and Google by sending the tech giant's staff bogus invoices for computer gear. Evaldas Rimasauskas, 50, changed his plea from not guilty to guilty in a New York court this week, and said he knew what he was doing was fraudulent. He yesterday …

  1. Pascal

    It took TWO YEARS to notice 122 millions in extra payments?

    Whoa. I know Google and Facebook are rich as hell but how can such huge sums be misdirected over 2 years, someone somewhere is supposed to be matching payments to POs and so on... So that amount of money to them is basically the same type of rounding error for the rest of us where we won't chase down a $10 discrepancy?

    1. DougS Silver badge

      Re: It took TWO YEARS to notice 122 millions in extra payments?

      If they are ordering billions in gear each year, 30 million a year for each company might well be below the radar. Not that they wouldn't notice it, but they'd assume someone fat fingered an invoice number and it would resolve itself eventually. Probably no one at Google/Facebook was personally invested in it enough to dig deeply until it became big enough for the Cxx suite to notice. It isn't like it is their money.

    2. macjules Silver badge

      Re: It took TWO YEARS to notice 122 millions in extra payments?

      A case of "we're making soooo much money screwing you f*cking morons over that we can't even be bothered to check our accounts."

    3. rmason Silver badge

      Re: It took TWO YEARS to notice 122 millions in extra payments?

      122 million is loads to ,me or you.

      I'm I sure I read that they (google) add around that to their bottom line *per day* though.

    4. Anonymous Coward
      Anonymous Coward

      Re: It took TWO YEARS to notice 122 millions in extra payments?

      To be honest when reading the story I was looking at the opposite view. I was surprised they noticed and was wondering how they did.

      These companies must be dealing with millions of invoices and they would be dealt with by regular accounts assistants and accountants that have a specific procedure to follow. If he knew the procedure and complied with it then he got paid and, crucially, appeared to be a current supplier on their system.

      Most audits would be a random sample. There would be a big range of PO and non-PO orders. There'll be a lot of R&D, a lot of sub companies and mergers, loads of hardware purchases, sub contractors. Keep the invoices under the specific limit that needs proper scrutiny from high up and he was unlikely to be noticed.

      The one that should have been picked up on was the 'send money to this bank account from now on' request. Even I never accept a written letter or email to request that - I always ring my contact to check that it is correct as it is a fairly rare occurrence and it is prime for faking.

      1. DCFusor Silver badge

        Re: It took TWO YEARS to notice 122 millions in extra payments?

        Yes, the way most large companies are organized - and it's hard to get this right - there is one set of people in charge of basically ordering stuff, receiving it, testing it and so on - usually they'll send instructions to "accounting" or "procurement" who will do the order, and then pay the bill later on.

        Note that the group needing the gear itself and the group handling the money may never meet or even be on the same continent, there is no check of "did this thing I order come in" other than the gear guys asking accounting.

        But if no one at the gear level ordered a thing, which then does not arrive - they have no knowledge or reason to tell the money people that what they never asked for never came....

        This is a classic man in the middle attack....

  2. Paul Herber

    FBI?

    Face Book Investigations?

  3. DougS Silver badge

    No way he didn't have inside help

    In order to do a credible job, he'd have to know what Quanta's real invoices look like, what bank they use when dealing with Google/Facebook, what kit Google and Facebook are ordering so the invoices seem reasonable, etc.

    He had to have help within one or more of those companies, or at least have compromised some email accounts so he could see the real emails.

    1. Anonymous Coward
      Anonymous Coward

      Re: No way he didn't have inside help

      That's how it's done - it would be crazy to think that this is the only scam ongoing.

    2. Ian Michael Gumby Silver badge
      Boffin

      Re: No way he didn't have inside help

      Can you say Dumpster Diving?

    3. Nick Kew Silver badge

      Re: No way he didn't have inside help

      Maybe he had handled real Quanta invoices in his own legitimate job? Someone has to ...

      Don't we all get lots of fake invoices these days? As in, it's just one flavour of email with an attachment they want you to open.

  4. LenG

    Old but still effective

    This sort of fake invoicing predates computers. It may even predate the industrial age - want to bet it didn't happen in Rome under the Caesars? It is easier with inside help but if you send off enough fakes sooner or later one will be processed by someone lazy or stupid.

    When I was working for the Greater London Council I received an invoice for maintenance for some computer kit I didn't recognize. When I went to look for the stuff I found the room specified appeared to be a Ladies toilet. This was some time ago ... the GLC was abolished in 1986.

    1. Soruk
      Joke

      Re: Old but still effective

      That would be the specialist Pee-C equipment with hardware encraption.

    2. DontFeedTheTrolls
      Coat

      Re: Old but still effective

      Was the Ladies toilet in the basement? Was there a locked filing cabinet with a sign saying "Beware of the Leopard"

  5. tcmonkey

    So uhh, what happened to the other 72 meeellion? I'd do a couple of years as a yardbird to land that sort of payout.

    1. JoMe

      Same question... like seriously, I'd do 9 in a cozy democrat-governed jail for even 10% of that.

  6. Johnny Canuck

    Old as the hills

    Before computers were a thing, the company I worked for used to receive fake invoices for reams of typewriter paper.

    1. macjules Silver badge

      Re: Old as the hills

      Hah. We used to get invoices from Irish companies in the 70's for our subscription to that year's International Telex Directory. In the 80's it was updated to be the Fax Directory.

      Presumably these days they market the "gullible morons who use Facebook" Directory.

      1. John Brown (no body) Silver badge

        Re: Old as the hills

        "Presumably these days they market the "gullible morons who use Facebook" Directory."

        Nah, it's SEO domain registration made to look like your domain needs renewing.

  7. Howard Hanek Bronze badge
    Windows

    Rimasauskas

    Sounds like a Polish/German sexual activity......

  8. Rustbucket

    "But he failed to quit while he was ahead"

    Ah yes, how often do we see that in scams.

    If they'd just raked in a few million and quickly laundered the shit out of it and then stopped, they'd probably still be living the good life today.

    I recall a woman in Australia who fleeced the local council out of a large sum and then invested it in LOCAL real estate, instead of quickly heading for Asia or South America. In that case she was a pretty astute investor and the authorities actually recovered more than she initially stole.

    1. Flocke Kroes Silver badge

      Re: "But he failed to quit while he was ahead"

      I am more interested in how much more or less often people successfully quit while they are ahead.

      1. jaduncan

        Re: "But he failed to quit while he was ahead"

        Survivor bias means you can't really tell - how would you track the amount of people that got away with unknown crimes?

  9. M.V. Lipvig

    Extremely cooperative, not all the money recovered? If he did it right he laundered some of the money into an investment account where it's clocking up cash by the thousands eavh day. If he flips on the rest of his team, he gets a year or two at a minimum security resort prison, then finds a nice tropical island to spend the rest of his life with the cash he has left.

    Not a bad way to do it, if you're criminally minded.

  10. Anonymous Coward
    Anonymous Coward

    Inside job indeed

    Back in the early 80's, at a publicly listed top 300 company, £100's millions a year t/o it was the head of purchasing that was creating, and paying, the fake purchase invoices. While it lasted.

    Best part of it? She was the FD's auntie.

    AC for obvious reason and to protect the innocent.

  11. Mark 85 Silver badge

    "Facebook recovered the bulk of the funds shortly after the incident and has been cooperating with law enforcement in its investigation."

    Funny that the only time they (and probably Google) "co-operate with law enforcement, etc. is when they're a victim. Unlike when they sell everyone's brother, sister, mother, father and family dog details to the highest bidder.

    1. pavel.petrman

      Re Facebook has been cooperating with law enforcement in its investigation.

      I say law enforcement shouldn't be cooperating with Facebook until Facebook decides to adhere to the law and cooperate with law enforcement when investigated. Or at least hold the money in escrow for the inevitable future fines. But I guess Facebook et al would just shrug and let it go, some measly tenmillions compared to the fines at play...

      Coming to think of it, hasn't the guy Rimasauskas just set out to recover the money Facebook and Google made on selling his life?

  12. chivo243 Silver badge
    Coat

    Google and FB swindled

    I'm slightly torn on this one... Part of me says, WhooHooo! Couldn't have happened to a crappier couple of companies. The other part is being shushed by the first part!

  13. Roj Blake Silver badge

    Billing Services

    I remember a Judge Dredd story where someone sent invoices for billing services to companies. Dredd couldn't arrest them because it was perfectly legit.

  14. s. pam
    Devil

    Truly Divine Retribution

    Screw your customers? Check.

    Give away customer data? Check.

    Mislead politicians that you won't do it again? Check.

    Looks like the Karma Gods have smiled, shame the guy got caught!

  15. Frank Bitterlich
    Devil

    Some math...

    Ok, the guy milked $122m with his scam. He will give back $50m. Subtract $300k fine. So he spent, or hid, $71.7m.

    Facing (up to) 9 years of federal accommodation, that makes +/- $7.9m per year.

    See, kids, crime doesn't pay!

  16. Rainer

    Secret projects

    AFAIK, when the invoices were questioned, he claimed it was hardware for a secret project aligned directly under the CEO's office and details were "need to know".

    That shut up most of the nosy beancounters, apparently.

    BTW: our boss is said to have a habit of checking all invoices about the equivalent of 100 USD, personally.

    At least he did until recently.

    We don't think it's a good use of his time, but it's his company.

  17. Simon B-52

    Free Pass

    Given the identity of the victims, I'd say give that man a free pass.

    Or perhaps more honestly, I'd give myself a free pass on those grounds if I'd had the cojones to even think of something like that.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019