back to article Ex Netflix IT ops boss pocketed $500k+ in bribes before awarding millions in tech contracts

Michael Kail, former veep of IT Operations at Netflix, was convicted on Friday on 28 counts of wire fraud, mail fraud, and money laundering after a federal jury found that he took advantage of his position to demand bribes from vendors. "As Netflix’s Vice President of IT Operations, Michael Kail wielded immense power to …

  1. Brian Miller

    Don't trust those with purse strings!

    Money breeds corruption, it just does. But the alternative is a barter system, so we're stuck with it.

    Swap out people on a regular basis, that's the only way to make sure that if one starts it, then it's found out soon enough. Letting your organization become static is always an ingredient for disaster.

    1. Throatwarbler Mangrove Silver badge
      Holmes

      Re: Don't trust those with purse strings!

      This is why purchases are supposed to be audited. Who wants to bet that Netflix has tightened up their processes?

      1. BillG
        Devil

        Obvious Evidence of Fraud

        And September 2013, while getting paid as an advisor at Platfora, he signed a $250,000 annual contract to have Platfora provide software to Netflix. He then urged employees to find a use for the software, despite their objections and the fact that Netflix was already using and paying for a competing product.

        Anyone who has been in the corporate world long enough knows if you already have a working product, and if you are being pushed to use a competing and inferior product, then there's either money or connections involved.

        The real issue here is why wasn't this flagged and caught much earlier? Why wasn't this exposed during an audit? You don't get away with this type of open and obvious fraud unless more executives are involved.

        1. throe a. wai

          Re: Obvious Evidence of Fraud

          After seeing that it took 3-4 years to catch I was expecting some sort embezzlement mastermind, but after reading I have to agree its insane that he wasn't caught right out the gate. Its not even low-hanging fruit, it already fell off the tree and has been rotting for months.

    2. Anonymous Coward
      Anonymous Coward

      Re: Don't trust those with purse strings!

      Not money, *greed*.

      The subtle difference is that you can have enough money. Here, he clearly wants something (a yacht, a fancy house, a mistress, f-u money to go travel the world, whatever he's seen on TV to make it desirable), these sums are not so huge as to be for simply collecting money for money's sake.

      Swapping people out isn't the fix, that just breeds inconsistency. Each new IT director taking things off in a new direction simply to 'own' the decision process. Sure its a bad decision, but its *their* decision, its not the company on autopilot.

      The thing to do is to prosecute these "you have to do me a favor though" events as a deterrent. Throw them in prison, even if they're rich old white guys covered in fake tan. Let them rot, so the others screwing over their companies are deterred from heading down that route.

      The reason white collar crime is so prevalent is because its mostly unpunished. Fix that and you fix white collar crime.

      1. Neil Barnes Silver badge

        Re: Don't trust those with purse strings!

        Yes. He has been charged; but where are the charges for the people who paid the bribes. In the UK at least, and I assume this would apply anywhere with a sane justice system, it is equally illegal both to offer and to accept a bribe. Many companies - including all the ones I worked at - had very strict rules about it, too, and interminable training courses about how to avoid and how to report it.

        1. Anonymous Coward
          Anonymous Coward

          Re: Don't trust those with purse strings!

          At the very least, those companies that paid the bribes should be cleaning house too, starting with whoever signed off on the options. It's fairly easy to hide a bung as a "consulting fee"; stock options, not so much.

          And then somebody should take a good long look at whoever audited the books of those companies and signed them off...

      2. DJ

        Re: Don't trust those with purse strings!

        See also Warren Buffet.

        e.g. Chapter 8 of https://www.amazon.com/Fine-Print-Companies-Plain-English/dp/1591843588

        He's a charmer!

      3. Michael Wojcik Silver badge

        Re: Don't trust those with purse strings!

        The reason white collar crime is so prevalent is because its mostly unpunished. Fix that and you fix white collar crime.

        I find your abundance of faith disturbing.

        Pretty much everything we know about human beings, particularly from psychology and behavioral economics, tells us that people are not rational economic agents. The credible threat of punishment may deter some crime; it does not, and never will, eliminate it.

    3. Plest Silver badge
      Mushroom

      Re: Don't trust those with purse strings!

      "Swap out people on a regular basis,"

      Absolute cods-wallop! Why should I lose my job 'cos of your paranoia while I'm good at my job, that's not fair or right.

      What you do is get your compliance dept and IT compliance officer ( you do have one of those right?! eveyr company needs ones! ) put proper auditing in place, ensure oversight and paperwork is in place and make people take holidays and ensure things are checked while they're not about to cover things up IF they're up to no good.

      1. Anonymous Coward
        Anonymous Coward

        Re: Don't trust those with purse strings!

        I've been through hundreds of project audits over the years (all clean). Auditors have asked very incisive questions. I once had to explain why I was writing off £300,000 worth of 3 com kit after 12 months, the simple answer was that a new entrant had produced a new switch which was more powerful offered greater management for less than the annual maintenance cost of the 3com monsters we had been using. The new entrant was Cisco LOL.

        We had a similar conversation about 'missing' £250,000 worth of network switches after our county wide network had experienced multiple lightning strikes. We had had to deploy all our spare kit initially then swap cards between switches to get the network back on its feet. We did completely lose track of where individual switches were for a while as we had a constant stream being sent of for repair for months. Done even get me started on some of he 'vapourware' purchases I had to make to keep discount levels on mainframe operating systems, Trying to explain, why I'd be spending £40,000 on a piece of software I would never get installed to gain £300,000 worth of discount on other produces I needed was always interesting. It eould have been easy to gloss these over with some auditors as its just so bloody confusing

  2. Anonymous Coward
    Anonymous Coward

    "His actual sentence, however, will be balanced by US Sentencing Guidelines"

    Which is to say, he will face the white man's justice, and serve less time than someone who held up a taco truck at spork point.

    The only question is weather he will get the usual white collar sentencing guidelines, of if the DA will REALLY throw the book at him by making sure the fines are actually more then what he swindled in kickbacks.

    But I'm sure he's just a great guy who made a mistake, unlike taco truck guy. That guy's evil. He probably didn't even share the stolen tacos with is family. The monster.

    1. Yet Another Anonymous coward Silver badge

      Re: "His actual sentence, however, will be balanced by US Sentencing Guidelines"

      Compared to most Hollywood deals he is a saint - he didn't even rape anyone to get them a part

    2. Kane Silver badge
      Joke

      Re: "His actual sentence, however, will be balanced by US Sentencing Guidelines"

      "Which is to say, he will face the white man's justice, and serve less time than someone who held up a taco truck at spork point."

      Hey, don't knock it, those sporks are dangerous.

    3. O RLY
      Headmaster

      Re: "His actual sentence, however, will be balanced by US Sentencing Guidelines"

      This is federal court, so it's a United States Attorney, not a District Attorney.

      The US Sentencing Guidelines have a long document that indicates more stringent penalties when related to drugs, terrorism, sexual explotation of minors, and, in the case of money laundering, sophisitication of the money laundering scheme. I'd wager the US Attorney will push for a long sentence based on the shell company. See page 326 in this document here.

      Overall federal sentencing guidelines page:

      https://www.ussc.gov/guidelines

      1. First Light Silver badge

        Re: "His actual sentence, however, will be balanced by US Sentencing Guidelines"

        What do you bet he ends up in Club Fed with tennis courts and his lawyers work on an appeal reducing whatever sentence the judge hands out? Add in early release and the sporker will do more time in worse conditions than Mr. White Privilege.

  3. Matthew "The Worst Writer on the Internet" Saroff

    This is Not Embezzlement, This is Capitalist Entrepreneurial Spirit

    So say we all.

    1. Fy
      Thumb Down

      Re: This is Not Embezzlement, This is Capitalist Entrepreneurial Spirit

      Not at all.

      This is criminal

    2. Michael Wojcik Silver badge

      Re: This is Not Embezzlement, This is Capitalist Entrepreneurial Spirit

      Looks like a Poe factor of 0.8 on that comment.

      Of course, meta-Poe says we can't tell whether you're trying for a high Poe factor (a deliberately ambiguous post intended to elicit a maximally-mixed reaction), or for a low one and you just aren't making your tone clear.

      If it's the latter, name checks out.

  4. Steve Aubrey
    Joke

    Not a politician

    Or at least not an honest one.

    "An honest politician is one who stays bought"

  5. Anonymous Coward
    Anonymous Coward

    I hope he has

    an Insta account. Maybe he could claim to just being an "Influencer"

    Or even better, start a business as a lobbyist and give bungs to lawmakers to throw contracts his way. Then he could collect his cut. Sorted

  6. Robert 22

    His timing is very unlucky. A year ago, he would have had a shot at a presidential pardon, particularly if he wisely invested some of his proceedings in campaign contributions.

  7. JWLong

    This is why

    Well at least one reason why the C suit crowd do what they do. Just for personal gain.

    This asswipe was just stupid enough to get caught. The dumb ass should have put the LLC's in his mommy's name.

    Everybody knows that's the way you do it.

    1. Yet Another Anonymous coward Silver badge

      Re: This is why

      This was just an IT minion, stealing $0.5M from a multi-$Bn company is hardly worth the effort

    2. CrackedNoggin

      Re: This is why

      This guy is a lowly egoriminal who broke the law. The smart guys get the law tailor made to suit them.

  8. CrackedNoggin

    "Unix Mercenary"? The man is obviously a highly functional sociopath. Bet there were some skeletons in his closet before he got the job.

    1. Michael Wojcik Silver badge

      I think you're giving him too much credit, and he just thought he was being clever. Criminals often overestimate their own skills.

  9. Potemkine! Silver badge

    "Gifts"

    I've seen this kind of behaviour a lot of times, without any conviction. However the level of greed was not so high.

  10. sebacoustic

    shrewd investment

    Netflix will make that half a mission bucks back by turning the story into a gripping drama series but this time they don't have to pay the writers.

  11. tonyyaman

    he is only human and that's what humans do ever since man was on the earth rob steal sqrew kill nothing different man is man some get caught but most getaway Hayhoe thatslife

    1. teknopaul Silver badge

      change your social circle mate.

  12. Anonymous Coward
    Anonymous Coward

    As soon as you have in-house people "championing" 3rd parties, you have a problem. Microsoft seem to be doing this a lot at the moment - be our unpaid salesperson and get awards.

  13. Anonymous Coward
    Anonymous Coward

    Nothing new.

    PHB does shady stuff to line his own pockets. Elsewhere in today's news, a bear shit in the woods....

  14. Tuesday Is Soylent Green Day

    The makings of a great South African politician

    He'd be right at home among the country's current ruling regime who have made an art form out of corruption.

  15. Zarno
    Holmes

    Film rights.

    So, who has the film rights to this one?

    And for every one we see, there are a few more that ran a scheme like it and escaped capture.

  16. Rainer
    Mushroom

    They could make a Netflix movie out of this.

    On second thought, I doubt they will.

  17. dinsdale54

    Bizarre decision making on his part.

    As he was a VP at Netflix there's a decent chance he was already on a seven figure salary which makes grifting for half a million seem rather poor value given that he's likely to do time.

  18. Anonymous Coward
    Facepalm

    Netflix should make a series about this.

    They could call it Greedy Twat.

  19. Miss Config
    Thumb Up

    Where's The Movie ?

    Thanks to the Reg for explaining clearly what happened here.

    Seems there is more than enough interesting stuff to make a movie.

    There must be SOME streaming service, at least, that would like to stream it to YOU ASAP.

  20. John Savard

    Fines?

    He should have to fully reimburse Netflix for what he stole from them before he is allowed to pay a penny of either his fines or his taxes. Otherwise, after fines of twice what he stole, he might not have enough money to reimburse the victim for what was stolen, which should be the first priority.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like

  • Cisco warns of security holes in its security appliances
    Bugs potentially useful for rogue insiders, admin account hijackers

    Cisco has alerted customers to another four vulnerabilities in its products, including a high-severity flaw in its email and web security appliances. 

    The networking giant has issued a patch for that bug, tracked as CVE-2022-20664. The flaw is present in the web management interface of Cisco's Secure Email and Web Manager and Email Security Appliance in both the virtual and hardware appliances. Some earlier versions of both products, we note, have reached end of life, and so the manufacturer won't release fixes; it instead told customers to migrate to a newer version and dump the old.

    This bug received a 7.7 out of 10 CVSS severity score, and Cisco noted that its security team is not aware of any in-the-wild exploitation, so far. That said, given the speed of reverse engineering, that day is likely to come. 

    Continue reading
  • India extends deadline for compliance with infosec logging rules by 90 days
    Helpfully announced extension on deadline day

    Updated India's Ministry of Electronics and Information Technology (MeitY) and the local Computer Emergency Response Team (CERT-In) have extended the deadline for compliance with the Cyber Security Directions introduced on April 28, which were due to take effect yesterday.

    The Directions require verbose logging of users' activities on VPNs and clouds, reporting of infosec incidents within six hours of detection - even for trivial things like unusual port scanning - exclusive use of Indian network time protocol servers, and many other burdensome requirements. The Directions were purported to improve the security of local organisations, and to give CERT-In information it could use to assess threats to India. Yet the Directions allowed incident reports to be sent by fax – good ol' fax – to CERT-In, which offered no evidence it operates or would build infrastructure capable of ingesting or analyzing the millions of incident reports it would be sent by compliant organizations.

    The Directions were roundly criticized by tech lobby groups that pointed out requirements such as compelling clouds to store logs of customers' activities was futile, since clouds don't log what goes on inside resources rented by their customers. VPN providers quit India and moved their servers offshore, citing the impossibility of storing user logs when their entire business model rests on not logging user activities. VPN operators going offshore means India's government is therefore less able to influence such outfits.

    Continue reading
  • Europol arrests nine suspected of stealing 'several million' euros via phishing
    Victims lured into handing over online banking logins, police say

    Europol cops have arrested nine suspected members of a cybercrime ring involved in phishing, internet scams, and money laundering.

    The alleged crooks are believed to have stolen "several million euros" from at least "dozens of Belgian victims," according to that nation's police, which, along with the Dutch, supported the cross-border operation.

    On Tuesday, after searching 24 houses in the Netherlands, officers cuffed eight men between the ages of 25 and 36 from Amsterdam, Almere, Rotterdam, and Spijkenisse, and a 25-year-old woman from Deventer. We're told the cops seized, among other things, a firearm, designer clothing, expensive watches, and tens of thousands of euros.

    Continue reading
  • Google battles bots, puts Workspace admins on alert
    No security alert fatigue here

    Google has added API security tools and Workspace (formerly G-Suite) admin alerts about potentially risky configuration changes such as super admin passwords resets.

    The API capabilities – aptly named "Advanced API Security" – are built on top of Apigee, the API management platform that the web giant bought for $625 million six years ago.

    As API data makes up an increasing amount of internet traffic – Cloudflare says more than 50 percent of all of the traffic it processes is API based, and it's growing twice as fast as traditional web traffic – API security becomes more important to enterprises. Malicious actors can use API calls to bypass network security measures and connect directly to backend systems or launch DDoS attacks.

    Continue reading
  • Zero Trust: What does it actually mean – and why would you want it?
    'Narrow and specific access rights after authentication' wasn't catchy enough

    Systems Approach Since publishing our article and video on APIs, I’ve talked with a few people on the API topic, and one aspect that keeps coming up is the importance of security for APIs.

    In particular, I hear the term “zero trust” increasingly being applied to APIs, which led to the idea for this post. At the same time, I’ve also noticed what might be called a zero trust backlash, as it becomes apparent that you can’t wave a zero trust wand and instantly solve all your security concerns.

    Zero trust has been on my radar for almost a decade, as it was part of the environment that enabled network virtualization to take off. We’ve told that story briefly in our SDN book – the rise of microsegmentation as a widespread use-case was arguably the critical step that took network virtualization from a niche technology to the mainstream.

    Continue reading
  • CISA and friends raise alarm on critical flaws in industrial equipment, infrastructure
    Nearly 60 holes found affecting 'more than 30,000' machines worldwide

    Updated Fifty-six vulnerabilities – some deemed critical – have been found in industrial operational technology (OT) systems from ten global manufacturers including Honeywell, Ericsson, Motorola, and Siemens, putting more than 30,000 devices worldwide at risk, according to private security researchers. 

    Some of these vulnerabilities received CVSS severity scores as high as 9.8 out of 10. That is particularly bad, considering these devices are used in critical infrastructure across the oil and gas, chemical, nuclear, power generation and distribution, manufacturing, water treatment and distribution, mining and building and automation industries. 

    The most serious security flaws include remote code execution (RCE) and firmware vulnerabilities. If exploited, these holes could potentially allow miscreants to shut down electrical and water systems, disrupt the food supply, change the ratio of ingredients to result in toxic mixtures, and … OK, you get the idea.

    Continue reading
  • OpenSSL 3.0.5 awaits release to fix potential worse-than-Heartbleed flaw
    Though severity up for debate, and limited chips affected, broken tests hold back previous patch from distribution

    The latest version of OpenSSL v3, a widely used open-source library for secure networking using the Transport Layer Security (TLS) protocol, contains a memory corruption vulnerability that imperils x64 systems with Intel's Advanced Vector Extensions 512 (AVX512).

    OpenSSL 3.0.4 was released on June 21 to address a command-injection vulnerability (CVE-2022-2068) that was not fully addressed with a previous patch (CVE-2022-1292).

    But this release itself needs further fixing. OpenSSL 3.0.4 "is susceptible to remote memory corruption which can be triggered trivially by an attacker," according to security researcher Guido Vranken. We're imagining two devices establishing a secure connection between themselves using OpenSSL and this flaw being exploited to run arbitrary malicious code on one of them.

    Continue reading
  • 1Password's Insights tool to help admins monitor users' security practices
    Find the clown who chose 'password' as a password and make things right

    1Password, the Toronto-based maker of the identically named password manager, is adding a security analysis and advice tool called Insights from 1Password to its business-oriented product.

    Available to 1Password Business customers, Insights takes the form of a menu addition to the right-hand column of the application window. Clicking on the "Insights" option presents a dashboard for checking on data breaches, password health, and team usage of 1Password throughout an organization.

    "We designed Insights from 1Password to give IT and security admins broader visibility into potential security risks so businesses improve their understanding of the threats posed by employee behavior, and have clear steps to mitigate those issues," said Jeff Shiner, CEO of 1Password, in a statement.

    Continue reading
  • Info on 1.5m people stolen from US bank in cyberattack
    Time to rethink that cybersecurity strategy?

    A US bank has said at least the names and social security numbers of more than 1.5 million of its customers were stolen from its computers in December.

    In a statement to the office of Maine's Attorney General this month, Flagstar Bank said it was compromised between December and April 2021. The organization's sysadmins, however, said they hadn't fully figured out whose data had been stolen, and what had been taken, until now. On June 2, they concluded criminals "accessed and/or acquired" files containing personal information on 1,547,169 people.

    "Flagstar experienced a cyber incident that involved unauthorized access to our network," the bank said in a statement emailed to The Register.

    Continue reading
  • TikTok: Yes, some staff in China can access US data
    We thought you guys were into this whole information hoarding thing

    TikTok, owned by Chinese outfit ByteDance, last month said it was making an effort to minimize the amount of data from US users that gets transferred outside of America, following reports that company engineers in the Middle Kingdom had access to US customer data.

    "100 percent of US user traffic is being routed to Oracle Cloud Infrastructure," TikTok said in a June 17, 2022 post, while acknowledging that customer information still got backed up to its data center in Singapore. The biz promised to delete US users' private data from its own servers and to "fully pivot to Oracle cloud servers located in the US."

    That pivot has not yet been completed. According to a June 30, 2022 letter [PDF] from TikTok CEO Shou Zi Chew, obtained by the New York Times on Friday, some China-based employees with sufficient security clearance can still access data from US TikTok users, including public videos and comments.

    Continue reading

Biting the hand that feeds IT © 1998–2022