Expedia support tech raided his CFO to rack up insider trades

Used staffer creds, work laptop, to snoop on execs


Former Expedia worker Jonathan Ly has admitted to hacking his own chief financial officer and investor relations head to commit US$331,000 in insider stock-trading.

Ly, 28, of San Francisco, pleaded guilty to securities fraud in a Seattle District Court and faces up to 25 years prison and a US$375,907 settlement including some US$81,592 in repayments for expenses Expedia incurred during its investigation.

All told Ly is said to have made US$331,000 in net profit through the securities trades.

The former senior support technician used his remote login credentials and those of others he was supplied during his job to access the data.

Prosecutors say he also used the credentials of other employees to mask his intrusions.

Ly is accused of stealing the information over the three years to 2016 including market speculation about pending announcements which helped the hacker gain an edge in his share trading efforts.

Prosecutors say Ly continued to plunder Expedia after he voluntarily left the company last year using software loaded onto a corporate laptop still in his possession.

CNN reports that Ly's lawyer, John Runfola, says his client is "deeply sorry" and has "certainly learned his lesson".

Sentencing is scheduled for 28 February. ®

Similar topics

Narrower topics


Other stories you might like

  • Apple's guy in charge of stopping insider trading guilty of … insider trading
    He had one job

    One of Apple's most senior legal executives, whom the iGiant trusted to prevent insider trading, has admitted to insider trading.

    Gene Levoff pleaded guilty to six counts of security fraud stemming from a February 2019 complaint, according to a Thursday announcement from the US Department of Justice on Thursday.

    Levoff used non-public information about Apple's financial results to inform his trades on Apple stock, earning himself $227,000 and avoiding $377,000 of losses. He was able to access the information as he served as co-chairman of Apple's Disclosure Committee, which reviewed the company's quarterly draft, annual report and Securities and Exchange Commission (SEC) filings.

    Continue reading
  • Interpol anti-fraud operation busts call centers behind business email scams
    1,770 premises raided, 2,000 arrested, $50m seized

    Law enforcement agencies around the world have arrested about 2,000 people and seized $50 million in a sweeping operation crackdown of social engineering and other scam operations around the globe.

    In the latest action in the ongoing "First Light", an operation Interpol has coordinated annually since 2014, law enforcement officials from 76 countries raided 1,770 call centers suspected of running fraudulent operations such as telephone and romance scams, email deception scams, and financial crimes.

    Among the 2,000 people arrested in Operation First Light 2022 were call center operators and fraudsters, and money launderers. Interpol stated that the operation also saw 4,000 bank accounts frozen and 3,000 suspects identified.

    Continue reading
  • Five Eyes alliance’s top cop says techies are the future of law enforcement
    Crims have weaponized tech and certain States let them launder the proceeds

    Australian Federal Police (AFP) commissioner Reece Kershaw has accused un-named nations of helping organized criminals to use technology to commit and launder the proceeds of crime, and called for international collaboration to developer technologies that counter the threats that behaviour creates.

    Kershaw’s remarks were made at a meeting of the Five Eyes Law Enforcement Group (FELEG), the forum in which members of the Five Eyes intelligence sharing pact – Australia, New Zealand, Canada, the UK and the USA – discuss policing and related matters. Kershaw is the current chair of FELEG.

    “Criminals have weaponized technology and have become ruthlessly efficient at finding victims,” Kerhsaw told the group, before adding : “State actors and citizens from some nations are using our countries at the expense of our sovereignty and economies.”

    Continue reading
  • China reveals its top five sources of online fraud
    'Brushing' tops the list, as quantity of forbidden content continue to rise

    China’s Ministry of Public Security has revealed the five most prevalent types of fraud perpetrated online or by phone.

    The e-commerce scam known as “brushing” topped the list and accounted for around a third of all internet fraud activity in China. Brushing sees victims lured into making payment for goods that may not be delivered, or are only delivered after buyers are asked to perform several other online tasks that may include downloading dodgy apps and/or establishing e-commerce profiles. Victims can find themselves being asked to pay more than the original price for goods, or denied promised rebates.

    Brushing has also seen e-commerce providers send victims small items they never ordered, using profiles victims did not create or control. Dodgy vendors use that tactic to then write themselves glowing product reviews that increase their visibility on marketplace platforms.

    Continue reading
  • State of internet crime in Q1 2022: Bot traffic on the rise, and more
    According to this cybersecurity outfit that wants your business, anyway

    The fraud industry, in some respects, grew in the first quarter of the year, with crooks putting more human resources into some attacks while increasingly relying on bots to carry out things like credential stuffing and fake account creation.

    That's according to Arkose Labs, which claimed in its latest State of Fraud and Account Security report that one in four online accounts created in Q1 2022 were fake and used for fraud, scams, and the like.

    The biz, which touts device and network defense software, said it came to this conclusion after analyzing "billions of sessions ... across our global network" during the first three months of the year. These sessions apparently spanned account registrations, logins, and interactions with financial, ecommerce, travel, social media, gaming, and entertainment services. Take all these numbers with a grain of salt as ultimately Arkose wants you to buy its stuff to prevent all this kind of crime.

    Continue reading
  • Indian authorities issue conflicting advice about biometric ID card security
    Government authority forced to backtrack warning that photocopied Aadhaar cards represent a risk

    The Unique Identification Authority of India (UIDAI) has backtracked on advice about how best to secure the "Aadhaar" national identity cards that enable access to a range of government and financial serivces.

    UIDAI promotes the cards as "a single source offline/online identity verification" for tasks ranging from passport applications, accessing social welfare schemes, opening a bank account, dispersing pensions, filing taxes or buying insurance.

    Although Bill Gates has lauded Aadhaar cards for improving access to services, the scheme has been the subject of many security-related scares as inappropriate access to personal information has sometimes been possible, UIDAI's infosec has sometimes been lax, and the biometrics captured to create citizens' records have sometimes been used for multiple individuals. Privacy concerns have also been raised over whether biometric data is properly stored and secured, if surveillance of individuals is made possible through Aadhaar, and and possible data mining of the schemes' massive data store.

    Continue reading

Biting the hand that feeds IT © 1998–2022