Amazon: Insider Threats at the Online Bookstore
February 22, 2022
When I mention that insider threats are a big deal for organizations, some people roll their eyes. Executives want to hear that smart software, equipped with real time threat intelligence, and adaptive perimeter devices eliminate most security threats.
Yeah, but not in my experience. Most people don’t realize how desperate some people are for money or attention. One of those odd ball posts in a free news service said that in the US up to two thirds of the working class have no savings. Big earners don’t need money, or that’s what many people think.
Quick example: Years ago I worked for a big time financial executive at a then super big time financial services firm. When he and I went to lunch, he would ask me to pick up the tab. He explained that he could expense me more easily than shove more charges into his company expense report. I asked how that was possible. The person made more than $1 million per year excluding the new year bonus. The answer was instructive.
I noted these points:
- The need for a New York Athletic Club membership. His employer wanted him to go to Crunch.
- The need for three country club memberships. The company paid for one.
- The need for three nannies because his wife worked long hours and the children required attention because the pride number three
- The need for a car service. The company only paid for rides from the Manhattan office to his home when he worked after 7 pm. He needed more flexible car service.
- Mortgage payments sucked up cash for the big house in a state bordering New York and a weekend getaway in Florida.
- His desire to invest in hot growth companies.
- Miscellaneous expenses like personal auto leases, sneakers, and private schools for his pride or future influencers.
I have not forgotten about the other six deadly sins nor the simple desire to make more money to outdo one’s MBA classmates. Nor have I forgotten the power of carnal desire and the unreasonable effectiveness of honey traps, old Facebook posts, or leaked email.
Against this backdrop think about the information in this allegedly true story: “Former Amazon Employee Sentenced to 10 Months in Prison for Involvement in Bribery Scheme.” The write up reports:
Kadimisetty is one of six individuals who the U.S. Department of Justice charged with conspiracy for allegedly bribing Amazon employees to gain an “upper hand” over other sellers on Amazon’s online marketplace. In addition to Kadimisetty, the group of individuals included seller consultant Ed Rosenberg, Joseph Nilsen, Kristen Leccese, Hadis Nuhanovic and Nishad Kunju, who was employed by Amazon in India until 2018. Between late 2017 and 2020, these people allegedly bribed Amazon employees to leak information about the company’s search and ranking algorithms, as well as share confidential data on third-party sellers they competed with on the marketplace. [emphasis added]
Insiders? Yep. Friends of insiders? Maybe? Do automated smart cyber systems identify these individuals? Sure in marketing presentations. In real life? Well… Companies are big and management is tough. When images of a malfunction which allowed an F 35 fall off the deck of an aircraft carrier suggested that’s the way things are. Sure.
Stephen E Arnold, February 22, 2022