back to article IT fraudster facing four years' bird time for $10k blackmail

An IT contractor who sabotaged a client's website and demanded $10,000 to restore it was this week convicted of wire fraud and sentenced to four years behind bars. Tavis Tso, 40, from Arizona, was also ordered by US District Judge David Campbell to pay $9,145 in restitution to the unnamed victim of his crime. Tso had …

  1. colinb

    Not funny

    "redirected their website to"

    Unhuh, I suspect he'll be in for a stiff sentence.

    I'm here all week and i'll get my coat.

    1. Jtom

      Re: Not funny

      And doing hard labour.

  2. 404

    Why did he do it though? Pure dicketry?

    Or did the victim owe him money for services rendered?

    I'm not defending what he did, interested in the motivation. Annnnd why is that? I personally am owed $33k+ for a website I designed from scratch under near impossible deadlines - almost cost me my marriage in fact. Clients skipped, I found the bastards and hit them with a lawyer stick, several sticks. By law I'm entitled to three times the original invoice and some day maybe I'll get my money. That was five years ago... still ongoing. I lost one of two company service trucks in a repossession and laid off the tech who used it due to the loss. He had a young family, I hated doing it, but I was facing personal bankruptcy by being fucked over at a critical time.

    Five years ago and I/my company still haven't fully recovered - yet those bastards who skipped have already formed new companies with cash reserves in the 7 figures... Laws.... pfft.

    1. HellDeskJockey

      Re: Why did he do it though? Pure dicketry?

      That's why I work for other people. In my 30 years there have been a lot of changes. Fighting to get paid hasn't changed one bit, still the same from when I was wet behind the ears to being a grizzled oldster. Today when they ask me about working on a PO I nicely explain they have to go through accounting and get approval first.

      1. MonkeyCee

        Re: Why did he do it though? Pure dicketry?

        Get paid up front :)

        Whenever there is a discussion about payments in cash it is often implied that it's all about dodging the tax. The only real test is if they won't give you a VAT receipt, then it's dodgy. You can do it on a back of a fag packet if needed.

        I have to price in bad debts, late payments, billing and admin time to my charge for computer fixing. Assuming all the above, I'll take up to 40% off my hourly and halve my margin on kit for being paid in cash. Cash flow is king and all that.

        Oh, and sorry to hear about your travails OP. Way too many shysters who are successful at the expense of the honest business owner.

    2. usbac

      Re: Why did he do it though? Pure dicketry?

      A similar situation, but in reverse, happened to me recently.

      The company I work for purchased another smaller company that was having financial difficulties, and about to go bankrupt. Apparently, this deal was in the works for months. The first I hear about it is when the executives come to me and ask me to get the domain moved over to us, and to get the phone numbers ported.

      About this time I find out that they just received their second disconnect notice for their phones. Here in the US, once a number is disconnected, you lose the phone number forever, and it can't be ported. They knew about this deal for months, but didn't tell me about any of it until way late. Fortunately, our VOIP provider was able to get the porting request through in less than 24 hours, and we were able to keep the numbers.

      The domain was a bigger problem. This company didn't have any in house IT staff, and relied on a small IT service firm that was local to them. When they had this firm register the domain for them, the owner of the IT service firm registered it to himself. Not the best way to handle things, but not a big problem. At least that was what I thought. It turns out that while the company was having financial problems, they failed to pay the IT firm. About $13K to be exact.

      At this point I figure there is going to be lawyers and lawsuits involved to get the domain name back. And, I would kind of understand the IT contractor wanting to get paid before handing over the domain name. So I decide to take a shot at resolving this myself. I called the owner of this IT firm (Jay), and presented it as IT guy to IT guy just trying to solve the problem. It turns out that Jay is a very professional and honest guy. His response was "no problem, how can I help?" He was very helpful getting the domain registered to us. Frankly, even though I consider myself a very ethical person, I'm not sure I would have been so cooperative when someone owed me $13K! I, many years ago ran my own IT contracting company, and people stiffing me was one of the reasons I don't anymore.

      After getting everything worked out, I go to our CEO to update him on where everything is. He was very worried earlier when I told him the domain was registered to the IT contractor that was owed a lot of money. When I explained that Jay was very cooperative, our CEO was surprised. He made a comment about not many people that honest around anymore. He told me to give Jay his email address and have Jay send him the outstanding invoices. He said he would tell accounting to pay Jay what he is owed.

      Our CEO is a very good guy. That's why I still work here. I could make a lot more money elsewhere, but one needs to look at the big picture. When you work for someone that respects you, and trusts you, it makes a big difference. This is the same guy that took a sizable personal pay cut to avoid having to layoff anyone during the recession.

      This whole story is a good example of why doing the right thing should always the way to go.

      1. MonkeyCee

        Re: Why did he do it though? Pure dicketry?

        Kudos to your boss. My kind of capitalist :)

        You can justify paying the money to Jay as a debt incurred by the takeover, and write it off if things go well. You can justify it to the board (or yourself) on the basis that Jay has proven himself to be a Good 'Un, based on current dealings, and the ability to hire or consult him is going to be worth every cent.

        Reward loyalty at every turn.

        Then you get usbac running your IT ;D

      2. Potemkine! Silver badge

        Re: Why did he do it though? Pure dicketry?

        This whole story is a good example of why doing the right thing should always the way to go.

        True, however I believe this story is more an exception than the average rule: Your CEO being a very good and honest guy sadly proves it! I'm lucky to say now that my CEO is the same kind of yours but from my previous experiences, I can tell that either I was very unlucky or that many of them are ugly bastards, ranging from standard exploiters to the psychopathic kind.

    3. Aodhhan

      Re: Why did he do it though? Pure dicketry?

      I agree with you...

      Typical with reporters today... they provide a half-ass story because they're too lazy or too ignorant to do a bit of research in order to come up with questions and ensure all are answered.

      A business doesn't hire a contractor unless the contractors has an excellent work history. So there must have been something which triggered this individuals dark sided motivation to maliciously attack his client's network.

      However, no matter what this company did to him, it doesn't justify his actions. There are a lot of other things he could have done without putting his own freedom at risk.

  3. Youngone Silver badge

    Rhyming Slang

    Is it just me or should it be "Bird Lime"?

    1. toxicdragon

      Re: Rhyming Slang

      Possibly. Wiki says birdlime was a sticky substance used in catching birds. Not sure what the link there is but syrup of prunes and all that.

  4. Carl Pearson

    Sibling Rivalry

    In the latter 90's, I worked for an IT support company in Houston that was called upon to help troubleshoot email delivery issues at a small brokerage house.

    They had a - for then - blazingly fast ISDN connection, and the owner of the firm read his email on a workstation running NT 3.5.

    Unfortunately Outlook Express started freezing up, and he couldn't receive new messages after a certain date.

    He had also recently fired his brother, the IT guy for the firm, after discovering he was using that "fast" connection to run a porno BBS on the side.

    I looked at it for a while and finally figured out something in Outlook Express was timing out, so the next message in the queue would never get delivered. We didn't have access to the email server so all I could do was try to download the message another way.

    Don't recall which app I used, but switching to another program finally did let the message get downloaded onto his machine.

    Turns out it was a 30 second or so movie of a gal with a donkey.

    We were all sure the brother did it on purpose for getting fired, but our job was done so we wished the owner well and moved on to the next gig.

    Would imagine their next family get-together was fairly tense...

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like

  • State of internet crime in Q1 2022: Bot traffic on the rise, and more
    According to this cybersecurity outfit that wants your business, anyway

    The fraud industry, in some respects, grew in the first quarter of the year, with crooks putting more human resources into some attacks while increasingly relying on bots to carry out things like credential stuffing and fake account creation.

    That's according to Arkose Labs, which claimed in its latest State of Fraud and Account Security report that one in four online accounts created in Q1 2022 were fake and used for fraud, scams, and the like.

    The biz, which touts device and network defense software, said it came to this conclusion after analyzing "billions of sessions ... across our global network" during the first three months of the year. These sessions apparently spanned account registrations, logins, and interactions with financial, ecommerce, travel, social media, gaming, and entertainment services. Take all these numbers with a grain of salt as ultimately Arkose wants you to buy its stuff to prevent all this kind of crime.

    Continue reading
  • US recovers a record $15m from the 3ve ad-fraud crew
    Swiss banks cough up around half of the proceeds of crime

    The US government has recovered over $15 million in proceeds from the 3ve digital advertising fraud operation that cost businesses more than $29 million for ads that were never viewed.

    "This forfeiture is the largest international cybercrime recovery in the history of the Eastern District of New York," US Attorney Breon Peace said in a statement

    The action, Peace added, "sends a powerful message to those involved in cyber fraud that there are no boundaries to prosecuting these bad actors and locating their ill-gotten assets wherever they are in the world."

    Continue reading
  • World Economic Forum wants a global map of online crime
    Will cyber crimes shrug off Atlas Initiative? Objectively, yes

    RSA Conference An ambitious project spearheaded by the World Economic Forum (WEF) is working to develop a map of the cybercrime ecosystem using open source information.

    The Atlas initiative, whose contributors include Fortinet and Microsoft and other private-sector firms, involves mapping the relationships between criminal groups and their infrastructure with the end goal of helping both industry and the public sector — law enforcement and government agencies — disrupt these nefarious ecosystems.  

    This kind of visibility into the connections between the gang members can help security researchers identify vulnerabilities in the criminals' supply chain to develop better mitigation strategies and security controls for their customers. 

    Continue reading
  • Cops' Killer Bee stings credential-stealing scammer
    Fraudster and two alleged accomplices nabbed in joint op

    An Interpol-led operation code-named Killer Bee has led to the arrest and conviction of a Nigerian man who was said to have used a remote access trojan (RAT) to reroute financial transactions and steal corporate credentials. Two suspected accomplices were also nabbed.

    The trio, aged between 31 and 38, were detained as part of a sting operation involving law enforcement agencies across 11 countries: Brunei, Cambodia, Indonesia, Laos, Malaysia, Myanmar, Nigeria, Philippines, Singapore, Thailand, and Vietnam. 

    The suspects were arrested in the Lagos suburb of Ajegunle and in Benin City, Nigeria. At the time of their arrests, all three men were in possession of fake documents, including fraudulent invoices and forged official letters, it is claimed.

    Continue reading
  • Microsoft seizes 41 domains tied to 'Iranian phishing ring'
    Windows giant gets court order to take over dot-coms and more

    Microsoft has obtained a court order to seize 41 domains used by what the Windows giant said was an Iranian cybercrime group that ran a spear-phishing operation targeting organizations in the US, Middle East, and India. 

    The Microsoft Digital Crimes Unit said the gang, dubbed Bohrium, took a particular interest in those working in technology, transportation, government, and education sectors: its members would pretend to be job recruiters to lure marks into running malware on their PCs.

    "Bohrium actors create fake social media profiles, often posing as recruiters," said Amy Hogan-Burney, GM of Microsoft's Digital Crimes Unit. "Once personal information was obtained from the victims, Bohrium sent malicious emails with links that ultimately infected their target's computers with malware."

    Continue reading
  • Cloud services proving handy for cybercriminals, SANS Institute warns
    Flying horses, gonna pwn me away...

    RSA Conference Living off the land is so 2021. These days, cybercriminals are living off the cloud, according to Katie Nickels, director of intelligence for Red Canary and a SANS Certified Instructor.

    "It's not enough to pay attention to the operating systems, the endpoints, said Nickels, speaking on a SANS Institute panel about the most dangerous new attack techniques at RSA Conference. "Adversaries, a lot of their intrusions, are using cloud services of different types."  

    And yes, living off the land (or the cloud), in which intruders use legitimate software and cloud services to deploy malware or spy on corporations and other nefarious activities, isn't a new type of attack, Nickels admitted. "But what's new here is the levels to which using cloud services [for cyberattacks] has risen." 

    Continue reading
  • FBI, CISA: Don't get caught in Karakurt's extortion web
    Is this gang some sort of Conti side hustle? The answer may be yes

    The Feds have warned organizations about a lesser-known extortion gang Karakurt, which demands ransoms as high as $13 million and, some cybersecurity folks say, may be linked to the notorious Conti crew.

    In a joint advisory [PDF] this week, the FBI, CISA and US Treasury Department outlined technical details about how Karakurt operates, along with actions to take, indicators of compromise, and sample ransom notes. Here's a snippet:

    Continue reading
  • Super-spreader FluBot squashed by Europol
    Your package is delayed. Click this innocent-looking link to reschedule

    FluBot, the super-spreader Android malware that infected tens of thousands of phones globally, has been reportedly squashed by an international law enforcement operation.

    In May, Dutch police disrupted the mobile malware's infrastructure, disconnecting thousands of victims' devices from the FluBot network and preventing more than 6.5 million spam text messages propagating the bot from reaching potential victims, according to Finland's National Bureau of Investigation on Wednesday.

    The takedown followed a Europol-led investigation that involved law enforcement agencies from Australia, Belgium, Finland, Hungary, Ireland, Spain, Sweden, Switzerland, the Netherlands and the US. 

    Continue reading
  • Indian authorities issue conflicting advice about biometric ID card security
    Government authority forced to backtrack warning that photocopied Aadhaar cards represent a risk

    The Unique Identification Authority of India (UIDAI) has backtracked on advice about how best to secure the "Aadhaar" national identity cards that enable access to a range of government and financial serivces.

    UIDAI promotes the cards as "a single source offline/online identity verification" for tasks ranging from passport applications, accessing social welfare schemes, opening a bank account, dispersing pensions, filing taxes or buying insurance.

    Although Bill Gates has lauded Aadhaar cards for improving access to services, the scheme has been the subject of many security-related scares as inappropriate access to personal information has sometimes been possible, UIDAI's infosec has sometimes been lax, and the biometrics captured to create citizens' records have sometimes been used for multiple individuals. Privacy concerns have also been raised over whether biometric data is properly stored and secured, if surveillance of individuals is made possible through Aadhaar, and and possible data mining of the schemes' massive data store.

    Continue reading
  • Stolen university credentials up for sale by Russian crooks, FBI warns
    Forget dark-web souks, thousands of these are already being traded on public bazaars

    Russian crooks are selling network credentials and virtual private network access for a "multitude" of US universities and colleges on criminal marketplaces, according to the FBI.

    According to a warning issued on Thursday, these stolen credentials sell for thousands of dollars on both dark web and public internet forums, and could lead to subsequent cyberattacks against individual employees or the schools themselves.

    "The exposure of usernames and passwords can lead to brute force credential stuffing computer network attacks, whereby attackers attempt logins across various internet sites or exploit them for subsequent cyber attacks as criminal actors take advantage of users recycling the same credentials across multiple accounts, internet sites, and services," the Feds' alert [PDF] said.

    Continue reading

Biting the hand that feeds IT © 1998–2022