Criminal IT Executive Undone by Microsoft Word Metadata
Microsoft Word metadata has led to the undoing of an IT executive who swindled his employer out of US$6 million.
Hicham Kabbaj, of Floral Park, Long Island, New York, set up a fake business named Interactive Systems and made phony purchases over four years - May 2015 to August 2019 - from his "unnamed employer", described in court documents as a "global internet company" based in Manhattan (a Linkedin search shows one Hicham Kabbaj of the "Greater New York City Area" working as the "SVP Tech Ops & Engineering at Rakuten Marketing").
Over this four year period, Interactive Systems sent 52 invoices claiming it had performed services and purchased firewalls and servers for the unnamed employer. Kabbaj both received and approved the invoices.
In reality, Interactive Systems did none of what was stated in the invoices. Instead, Kabbaj transferred the money paid to Interactive Systems to his personal bank accounts.
The goings on came to the attention of the United States Attorney's Office (USAO) and one of its special agents, Scott McNeil, spoke with more than one of Habbaj's workmates who had never heard of Interactive Systems and said the purchases made by Interactive Systems didn't make sense.
According to an affadavit from McNeil (obtained by The Register), all the Interactive Systems invoices were addressed to Kabbaj, and, most damning of all was the metadata of four invoices.
"Four of these invoices were submitted in Word document format, and the metadata for these four invoices identified Kabbaj as the author," said McNeil in his affadavit.
Furthermore, McNeil's affadavit stated that the Interactive Systems PO Box is registered to Hicham Kabbaj ... the same address where the banks handling Kabbaj's account sent his statements.
Kabbaj has pled guilty to one count of Wire Fraud. He has forfeited his homes in Hewitt, New Jersey, and Palm Beach Gardens, Florida, (both properties "traceable to the offense"), and will pay restitution of $6,051,453.
Kabbaj is yet to be sentenced and his crime carries a maximum 20-year sentence.
. . .
If you want to stay notified of vulnerabilities that affect you, register for a weekly security report customised to your stack.