Found Guilty on 18 Charges Tied to Theft From Retail Platform
A former Microsoft software engineer has been sentenced to nine years in prison after being found guilty on 18 criminal charges earlier this year, according to the Justice Department.
In February, a federal jury found Voldymyr Kvashuk, a Ukrainian resident who first worked as a contractor and then as a full-time engineer at Microsoft from 2016 to 2018, guilty on charges connected to the theft of more than $10 million through the company’s online retail platform (see: Former Microsoft Engineer Convicted of Insider Fraud).
In addition to the federal prison sentence, a judge ordered that Kvashuk pay $8.3 million in restitution, and he will face deportation when his sentence is complete, according to the U.S. Attorney’s Office for the Western District of Washington, which oversaw the case.
In a statement, Internal Revenue Service Criminal Investigation Special Agent in Charge Ryan Korner notes that the case was the first of its kind to involve federal tax charges related to bitcoin transactions.
“The Volodymyr Kvashuk trial marked a big win for IRS Criminal Investigation and the federal cybercrimes team. Kvashuk’s criminal acts of stealing from Microsoft, and subsequent filing false tax returns, is the nation’s first bitcoin case that has a tax component to it,” Korner says.
Following a five-day trial in February, a jury found Kvashuk guilty on five counts of wire fraud, six counts of money laundering, two counts of aggravated identity theft, two counts of filing false tax returns, and one count each of mail fraud, access device fraud and access to a protected computer in furtherance of fraud, according to the Justice Department.
Kvashuk was hired by Microsoft in 2016 to help test the software company’s online retail platform. Eventually, however, he used his system administrator credentials and access to steal digital currency and gift cards, prosecutors say.
Over seven months, Kvashuk stole more than $10 million through Microsoft’s retail platform, according to the Justice Department. He then indulged in expensive purchases, such as a $1.6 million lakefront home and a $160,000 Tesla.
To commit fraud, Kvashuk used not only his email testing accounts, but also accounts belonging to other Microsoft employees, according to the Justice Department. This helped mask his theft of “currency stored value” within the platform. This included gift cards and digital currency.
At first, Kvashuk kept the thefts small, using his accounts to steal about $12,000, federal prosecutors say. Later, when he began using testing accounts belonging to other employees, Kvashuk began expanding his scheme.
Kvashuk also used a bitcoin “mixing” service to help hide the source of the income flowing into his bank accounts, according to the Justice Department. Over seven months, about $2.8 million in bitcoin was transferred into Kvashuk’s accounts, federal prosecutors say.
During the trial, he told the jury that he never intended to defraud the company and that he was merely working on a special project, according to the Justice Department.
Other Insider Cases
The 2020 Verizon Data Breach Investigations Report released in May notes that insider threat cases now account for about 30% of breaches and security incidents that organizations and their security teams must confront (see: Verizon: Breaches Targeting Cloud-Based Data Doubled in 2019)
In another recent insider case, a former vice president of a personal protective equipment packaging firm was sentenced in October to prison and ordered to pay restitution for sabotaging the company’s electronic shipping records during the COVID-19 pandemic – causing delays in deliveries – after he was terminated from his job (see: Insider Sentenced for Sabotaging PPE Shipments).
In August, a former Cisco engineer pleaded guilty to intentionally accessing a protected computer without authorization and recklessly causing damage (see: Ex-Cisco Engineer Pleads Guilty in Insider Threat Case).