3-year Prison Sentence for Hacker Who Fraudulently Ordered $1M Worth of Agency Office Supplies

A judge on Wednesday sent a Nigerian man to prison for breaking into federal employees' email accounts to send orders for print toner and other administrative items, according to the Justice Department.

Abiodun Adejohn, 31, pled guilty to his involvement in the scam last June and had faced up to 20 years of incarceration, Justice officials said at the time.

This week, U.S. District Judge William H. Walls, in a federal court in Newark, ordered him to serve 36 months in jail and pay $630,806 to compensate for the government's losses, New Jersey U.S. Attorney Paul J. Fishman announced.

Adejohn's scheme worked by sending agency personnel fraudulent messages that looked like legitimate government emails, court papers state. The messages would direct an employee to a spoofed government login website, such as the Environmental Protection Agency or Census Bureau site. When the employee typed in credentials, the site stole the username and password.

Adejohn and accomplices then used these stolen logins to access the employees’ email accounts and place fraudulent orders for office products, typically printer toner cartridges, in the employees’ names, according to filings. The items were ordered from companies authorized to do government business. The criminals had the packages delivered to New Jersey and other places, to be repackaged and shipped to Nigeria. From there, Adejohn sold the cartridges on the black market for profit.

The investigation was undertaken by officials at EPA, the General Services Administration, the Commerce Department, the Pentagon and the FBI, Fishman said. Adejohn was initially arrested in Arizona on Sept. 24, 2013.

Last year, White House and State Department staff reportedly fell victim to a phishing scheme with more dire consequences. Attackers allegedly breached State staff emails and from there sent targeted spearphishing emails to the Oval Office. In that incident, the intruders apparently were able to access the White House's unclassified network.

Phishing attacks are successfully baiting more people now than in years past, according to the latest Verizon data breach investigations study, released last month. About 23 percent of malicious email recipients last year opened the messages and 11 percent clicked on the infected attachments. In previous years, the overall effectiveness of phishing operations was between 10 and 20 percent.

(Image via wk1003mike/ Shutterstock.com)