Yesterday I reported on the Epsilon email address breachand discussed "phishing"... Who falls for such things you may have asked...

 

Condé Nast does. In case you don't know who they are, they publish Vogue, GQ, Glamour and about 20 more very popular magazines. There is a very witty article written in Forbes about this "breach" that manages to use the various Condé Nast publication names throughout the article.

 

When you are a rookie DA or if the facts are just so clear that you don't want to screw up the trial by being "creative" you ask the most simple of all trial questions, "what happened next" ... so following that tradition:

 

What happened next?

This guy in Texas sent an email to Condé Nast requesting that future payments for printing of their magazines should now be sent to BBVA Compass Bank with routing/account number: XXXXXX-XXXXXXX. This gentleman had opened an account at the Alvin, Texas branch of that bank under the name "Quad Graphs". The real printers' company name is Quad/Graphics and is located in Wisconsin.

 

What happened next?

Condé Nast follows the instructions on the email, fills out the necessary forms to facilitate payment to the new account and over the next 44 days (Nov 17 - Dec 20) transferred $7,969.330.02 to this bank in Alvin, Texas. THAT WAS ALMOST EIGHT MILLION DOLLARS FOLKS.

 

What happened next?

On or about December 30th someone over at the real printer, Quad/Graphics, realized "hey, where's our money?" and contacted the brain surgeons and rocket scientists over at Condé Nast.

 

What happened next?

Not wanting to be outdone by the brilliance of the accounting department at Condé Nast, our "villain" in the story has his own moment of brilliance. The cash is in the "Quad Graphs" (his) account, which is in his home town, but he fails to get away. How do you not have an exit strategy when you are stealing EIGHT MILLION DOLLARS? The guy apparently transferred $84K into an account in his own name, just to make it that much easier to name him.

You can't make this stuff up... Sir, you just made off with almost eight million dollars, what do you want to do now? Disney World? No, you go to a country without an extradition treaty with the United States. You have that money hidden in a private bank somewhere - trust me, for the right fee you can hide almost anything, especially money.

 

What happened next?

Condé Nast contacted those good folks over at US Secret Service who in short order had the money all nice and tidy and frozen solid. (well except for, by my math, about $51,662 which appears to not be accounted for in the complaint filed in court )

 

 

I am an honest fella, but if you were to offer me a challenge... can I get EIGHT MILLION DOLLARS and myself out of the country and out of reach of law enforcement with a 44 day head start? I am most certainly sure that the only thing you'd find of mine would be old clothes and a whole lot of rumors about where I went.

 

This whole thing started with a targeted e-mail (spear phishing), became a theft of $8mil and luckily came to an end quickly. In order for this to have happened the way it did you need only a few people who "just can't be bothered with details", on both sides.

 

**Remember, I did not name the gentleman involved, but you should know that he has not been charged with a crime and if/when he is, he is presumed innocent until found guilty in a court of law.

** As for Condé Nast - they are so lucky to get that money back, they should give the guy a finders fee for "finding a hole in their operation."