five years for fraudulently stealing $120 million? and he has to pay back $26 million???
A Lithuanian hacker will spend the next five years behind bars for masterminding a $120m (£92.05m) scam that involved emailing fake IT equipment invoices to Facebook and Google.
A US district court in New York on Thursday handed Evaldas Rimasauskas the 60-month sentence, along with a bill for $26,479,079 in restitution, after he admitted to one count of wire fraud. He had faced a maximum of 30 years in the cooler.
The super-fraud pulled off the massive cash scam by creating lookalike domains and email accounts for Quanta, a Far Eastern contract manufacturer that builds, among other things, server components.
Those fake accounts were then used to contact employees at both Facebook and Google between 2013 and 2015 and supply them with phony invoices that each of the tech giants thought were for real purchases (they were, mind you, likely doing business with the real Quanta while this was going on.)
Rimasauskas then directed his victims to make wire payments into overseas accounts he controlled.
While these sort of business email compromise attacks are hardly new concepts, it is rare to see one succeed against two companies of this size and net such a large payout for the attacker. When all was said and done, it was estimated that the two tech giants filled Rimasauskas’ coffers to the tune of just over $120m.