Cryptocurrency Fraud , Fraud Management & Cybercrime , Fraud Risk Management

Former Microsoft Engineer Sentenced to 9 Years in Prison

Found Guilty on 18 Charges Tied to Theft From Retail Platform
Former Microsoft Engineer Sentenced to 9 Years in Prison

A former Microsoft software engineer has been sentenced to nine years in prison after being found guilty on 18 criminal charges earlier this year, according to the Justice Department.

See Also: Breaking Down Silos With a Holistic View of Security, Risk

In February, a federal jury found Voldymyr Kvashuk, a Ukrainian resident who first worked as a contractor and then as a full-time engineer at Microsoft from 2016 to 2018, guilty on charges connected to the theft of more than $10 million through the company's online retail platform (see: Former Microsoft Engineer Convicted of Insider Fraud).

In addition to the federal prison sentence, a judge ordered that Kvashuk pay $8.3 million in restitution, and he will face deportation when his sentence is complete, according to the U.S. Attorney's Office for the Western District of Washington, which oversaw the case.

In a statement, Internal Revenue Service Criminal Investigation Special Agent in Charge Ryan Korner notes that the case was the first of its kind to involve federal tax charges related to bitcoin transactions.

"The Volodymyr Kvashuk trial marked a big win for IRS Criminal Investigation and the federal cybercrimes team. Kvashuk’s criminal acts of stealing from Microsoft, and subsequent filing false tax returns, is the nation’s first bitcoin case that has a tax component to it," Korner says.

Following a five-day trial in February, a jury found Kvashuk guilty on five counts of wire fraud, six counts of money laundering, two counts of aggravated identity theft, two counts of filing false tax returns, and one count each of mail fraud, access device fraud and access to a protected computer in furtherance of fraud, according to the Justice Department.

Insider Scheme

Kvashuk was hired by Microsoft in 2016 to help test the software company's online retail platform. Eventually, however, he used his system administrator credentials and access to steal digital currency and gift cards, prosecutors say.

Over seven months, Kvashuk stole more than $10 million through Microsoft's retail platform, according to the Justice Department. He then indulged in expensive purchases, such as a $1.6 million lakefront home and a $160,000 Tesla.

To commit fraud, Kvashuk used not only his email testing accounts, but also accounts belonging to other Microsoft employees, according to the Justice Department. This helped mask his theft of "currency stored value" within the platform. This included gift cards and digital currency.

At first, Kvashuk kept the thefts small, using his accounts to steal about $12,000, federal prosecutors say. Later, when he began using testing accounts belonging to other employees, Kvashuk began expanding his scheme.

Kvashuk also used a bitcoin "mixing" service to help hide the source of the income flowing into his bank accounts, according to the Justice Department. Over seven months, about $2.8 million in bitcoin was transferred into Kvashuk's accounts, federal prosecutors say.

During the trial, he told the jury that he never intended to defraud the company and that he was merely working on a special project, according to the Justice Department.

Other Insider Cases

The 2020 Verizon Data Breach Investigations Report released in May notes that insider threat cases now account for about 30% of breaches and security incidents that organizations and their security teams must confront (see: Verizon: Breaches Targeting Cloud-Based Data Doubled in 2019)

In another recent insider case, a former vice president of a personal protective equipment packaging firm was sentenced in October to prison and ordered to pay restitution for sabotaging the company's electronic shipping records during the COVID-19 pandemic - causing delays in deliveries - after he was terminated from his job (see: Insider Sentenced for Sabotaging PPE Shipments).

In August, a former Cisco engineer pleaded guilty to intentionally accessing a protected computer without authorization and recklessly causing damage (see: Ex-Cisco Engineer Pleads Guilty in Insider Threat Case).

About the Author

Chinmay Rautmare

Chinmay Rautmare

Senior Correspondent

Rautmare is senior correspondent on Information Security Media Group's Global News Desk. He previously worked with Reuters News, as a correspondent for the North America Headline News operations and reported on companies in the technology, media and telecom sectors. Before Reuters he put in a stint in broadcast journalism with a business channel, where he helped produced multimedia content and daily market shows. Rautmare is a keen follower of geo-political news and defense technology in his free time.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.