Did Verizon engineer's girlfriend have more faulty parts than the network?
Here's a story suggesting that the insider threat is alive and kicking: A former network engineer for Verizon Wireless schemed to steal millions of dollars worth of Cisco gear over about 10 years while working for Verizon (NYSE: VZ) in Alpharetta, Ga., according to the FBI. The engineer, Michael Baxter, was sentenced last week to four years in federal prison.
Baxter used his insider access at Verizon Wireless to profit from Cisco's (NASDAQ: CSCO) program for replacing pricey infrastructure on a moment's notice, said U.S. Attorney Sally Quillian Yates. Verizon had extended warranties from Cisco for certain networking gear, such as processors, which required the manufacturer to replace malfunctioning parts before they were returned. The idea behind the warranty contracts was to keep the network--critical infrastructure, mind you--running without interruption. As a network engineer, Baxter was authorized to order replacement parts and make service requests via an online customer service database.
Over the course of at least nine years, the Verizon insider sent in hundreds of fraudulent requests for parts that did not need to be replaced, according to the FBI. He also schemed to have Verizon buy nearly a half-million dollars' worth of Cisco network gear outright. Cisco sent millions of dollars worth of parts in response, which Baxter brought home and then sold to resellers. According to the FBI, he lived high off the hog courtesy of the fraud, buying cars, jewelry, fancy trips and--wait for it--"multiple cosmetic surgeries" for his girlfriend.
In addition to the prison sentence, Baxter was ordered to pay more than $2.3 million in restitution to Cisco and $462,828 to Verizon.
So, what can we take away from this little anecdote? If the deals from your resellers sound too good to be true, they probably are? If you're in the business of replacing faulty parts, you should periodically review your records and make sure you're eventually getting the parts back? If your engineers' girlfriends look a lot different from one Christmas party to the next, it's time to supervise more diligently?
It doesn't seem unreasonable that the fraudulent replacement parts orders could have dodged detection at Verizon. After all, they weren't directly costing the company anything. But it seems that a manufacturer's parts request form would include a field that gets checked off once a malfunctioning part is returned. If a dozen or so requests from the same customer aren't closed out because the field isn't checked off in a reasonable time period, an alarm would be triggered. It seems pretty simple. Let me know why it isn't. - Caron