Kevin Lee of Chula Vista, CA. Lee, worked within the Defense Contract Management Agency (DCMA) and created a scheme that allowed him to steal the identity of 37 individuals and defraud “various banks and loan companies by using stolen identities to apply for and obtain loans,” the Department of Justice advises. Lee pleaded guilty in a federal court on January 26 and will be sentenced in April 2022.
On paper, Lee is a pretty intelligent individual.
Lee is a veteran of the U.S. Army, a graduate of the United States Military Academy at West Point, and has an MBA from the University of Phoenix. His LinkedIn profile identifies him as a Senior Cost/Price Analyst with DCMA a position which he obtained post-military service in February 2010.
Rare is the instance when an individual entrusted with a Top Secret, Sensitive Compartmented Information (TS/SCI) clearance attempts to execute wholesale fraud by harvesting data to which they are entrusted, yet this is exactly what occurred in the case, evidencing that he may not have been that intelligent after all.
Personal Identifying Information theft
Lee used his 10 + years of DCMA experience to contrive a means by which he could leverage his authorized access to the DCMA’s SharePoint site to create a money train for himself.
The court documents, which included a 21-page plea agreement, detail how Lee harvested the personal identifying information (PII) of 37 individuals, including at least one DCMA colleague. The court documents bracket his criminal activity to have occurred between September 2018 and September 2020.
To support his fraudulent loan applications, he leveraged Google’s online service capabilities by creating email accounts in the names of the individuals whose identities he had stolen and used the “Google Voice” service to create numerous telephone numbers which he used as the loan applicant’s ostensible contact telephone number. He then took the PII and created “fraudulent documents, including false driver’s licenses, passports, pay stubs and other documents” and created necessary support documents. With the information package complete, he then set out to apply for loans from a bevy of financial services companies, to include federal credit unions.
Infosec absent?
The DoJ announcement and the court documents document how Lee searched the DCMA 360 Sharepoint for the PII of his victims. The plea agreement provides a detailed review of his efforts to gather the PII on one of his victims of identity theft, which by way of deduction, should be viewed as representative of his efforts to garner information on the other 36 victims.
Lee targeted a colleague at DCMA, identified as D.B. To support his efforts, Lee created a Gmail account using the last name and first initial of D.B. in January 2020, then in March 2020, Lee conducted at least six separate searches within the DCMA 360 SharePoint with the purpose of harvesting D.B.’s PII.
What is not clear from court documents is whether Lee’s behavior was viewed as anomalous by the DCMA’s information security protocols. While certainly illegal, given the purpose of his searches, the question remains, were the searches within the scope of his day-to-day activities and this is why no alert was created within the DCMA 360 for the system administrators of his engagement with the DCMA 360 when he first began his nefarious efforts in September 2018.
Thus, we should give DCMA InfoSec the benefit of the doubt and lean toward the narrative that his access was authorized and that over the course of two years enough information evolved which resulted in the Office of the Inspector General within DCMA to open an investigation, resulting in Lee’s eventual arrest and this guilty plea.
Lee’s fraud and attempted fraud
All told, he attempted to garner $244, 513.45, by applying for loans on behalf of 37 separate individuals with 16 separate financial entities. He was successful in landing approximately $82,825 in loans which he used to pay off his personal debts and for his personal living expenses.
As part of his plea agreement, Lee has agreed to repay the defrauded financial entities the $82,825 (or the final audited amount) which he fraudulently garnered:
- Kashable LLC – $33,500
- Golden 1 Credit Union – $5,000
- Patelco Credit Union – $9,750
- Star One Credit Union – $5,075
- Citizens Equity First Credit Union – $5,000
- Arizona Federal Credit Union – $9,500
- America Firs Credit Union – $7,500
- Aero Federal Credit Union – $2,000
“Government employees hold positions of public trust,” said U.S. Attorney Randy S. Grossman. “The identity theft and fraud in this case is particularly egregious because Mr. Lee violated that public trust for his own selfish ends. Those who engage in fraud and identity theft will be prosecuted to the full extent of the law.”
