Insider Threats: £4.6m in self-signed invoices

Of the three categories of insider threat; theft, fraud and sabotage, fraud is often the most complex,  inventive and difficult to detect. This case however, has a certain simplicity to it.

The case concerns a Mr Kabbaj who worked for an “unnamed global internet company” according to the US Internal Revenue Service, and for Rakuten, according to Linkedin. A few weeks ago this former senior IT executive pleaded guilty to wire Fraud and could face around 20 years in jail.

How did it get to this?

Four years ago, whilst working for Rakuten, Mr Kabbaj formed a company called Interactive Systems. Over the course of the next four years Interactive Systems repeatedly billed Rakuten for non-existent equipment that it hadn’t supplied. These invoices, you will be unsurprised to learn, turned up on the desk of a Mr H. Kabbaj for authorisation.

Kabbaj was creating these fake invoices, emailing them to himself at his work address, authorising them and then sitting back and collecting the money. So far so simple, but what about the lack of tangible equipment? To cover his tracks Kabbaj would put the serial numbers of equipment his employer already owned onto the invoices.

How much did he make?

Kabbaj defrauded the company of £4.6 million over four years on top of his salary and benefits. According to his linkedin bio his skills include being able to  “Transform business processes and streamline them with technology solutions that deliver rapid ROI” –Which is true, if you understand that he meant rapid ROI for himself, not for the company.

How did he get caught?

Bit of an opsec fail on his part. Kabbaj was discovered when another employee looked closer at the invoices. Anomalies were noticed and then someone look at the meta data on the invoices.  They saw that the invoices were being created on Microsoft Word licensed to Kabbaj, proving that he had sent the invoices to himself..

What can I do to defend against this?

  1. Make sure no one person has power to approve invoices. Have multiple people looking at this.
  2. Crucial jobs should be rotated every so often. This helps train all the team on the tasks that need doing and also means people don’t have years in one role to potentially commit fraud.
  3. Train staff to spot odd behaviour. Kabbaj sent himself 52 invoices and made £4.6 million -there may well have been multiple signs he was up to no good that could have been identified and been reported.


Related Posts

Insider Theft of $119M worth of Coca Cola IP

Insider Theft of $119M worth of Coca Cola IP

What happened? An engineer who worked for Coca Cola and other manufacturers is alleged to have stolen valuable trade secrets in order to set up her own company in China using the stolen technology. Xiarong You has been accused of insider theft and economic espionage...

Tesla Insider Threat Case (Khatilov)

Tesla Insider Threat Case (Khatilov)

Tesla Insider Threat Case Study   According to the official Filing, Tesla is suing a former employee and software engineer named Alex Khatilov alleging trade secret theft and breach of contract. What actually happened? Khatilov was hired by Tesla in to work on...

Insider Threat $800K Rogue Admin

Insider Threat $800K Rogue Admin

Rogue Admin: Disgruntled former IT admin Charles E. Taylor quit his job at an unnamed Atlanta based distribution company before going on a sabotage spree costing the company $800,000 USD to redress.