Who Wants to Be a Millionaire?

["Richard M. Smith" <rms () bsf-llc com>]

I just got a letter from my mortgage company saying that they had an
extortion attempt by a former employee and that my loan application data
might have been compromised.  I did a search at Google News and came up with
the attached article about alledged crime.  If the defense lawyer is to be
believed, the defendant appears to have picked a pretty odd method of
pointing out a security problem......
 
Richard
 
 
http://hartfordadvocate.com/gbase/News/content?oid=oid:157126

Who Wants to Be a Millionaire?
A former employee at a Middletown company allegedly tried to cash in big on
his access to 230,000 personal records 

by Meir  <http://hartfordadvocate.com/gbase/archives/index?author=oid:85637>
Rinde - June 1, 2006 


IMAGE COURTESY MIDDLETOWN POLICE        
 Feature <http://hartfordadvocate.com/binary/157126-273-1/news-6313.jpeg>

Paul W. Schenkel has been accused of trying to blackmail his employer.  
The alleged extortion of Mortgage Lenders Network USA began innocently
enough. Paul W. Schenkel, a 35-year-old product and portfolio analyst at the
Middletown company, e-mailed his boss in late April and complained he wasn´t
paid enough. 

MLN will make loans worth an estimated $12 billion in 2006, but the
percentage trickling down to Schenkel was evidently too small. ¨I love the
work I do at MLN,¨ he wrote to his supervisor, David Mills, but ¨without the
additional income, I am running at a deficit.¨ 


In the e-mail, which Mills would later turn over to the police, Schenkel
proposed the company promote him to assistant vice president and give him a
salary of $110,000, which is more than vice presidents make. Otherwise,
after 16 months with the company, he´d quit and take a better job at
American Home Mortgage on Long Island. 


According to a warrant detailing the Middletown police investigation, the
next day Mills told Schenkel he couldn´t meet those demands, and asked for
his resignation. 


On Friday, May 5, which was to be his last day, Schenkel allegedly told
Mills he´d downloaded over 230,000 records of the company´s borrowers,
including names and Social Security numbers, and made DVD copies of them. He
apparently said he had a friend who ran pornographic websites and funneled
customer account information to a relative in Nigeria, according to the
warrant. Schenkel estimated the MLN data would be worth $25 to $30 per name
on the street. If that data got out, the company could also face $20 million
in penalties, plus bad publicity and issues with government agencies, he
said. 


  _____  

Schenkel said if MLN wouldn´t pay him a salary ¨commensurate with the value
of the data he handles,¨ it could help set him up as a hedge fund manager by
giving him an interest-only loan equal to the value of the records. When
Mills asked how much that was, Schenkel said, ¨Figure it out. You have a
calculator,¨ according to court documents. 


Mills punched in the numbers. ¨That´s $6.93 million,¨ he said. ¨That´s
right,¨ Schenkel responded. ¨I want a $6.9 million loan.¨ 


Mills told police, ¨By the way that he spoke ... Schenkel made it very clear
... that he wanted a $6.9 million loan from the company to keep him from
selling the information he clearly had in his possession,¨ the warrant said.



Mills reportedly asked Schenkel if he was trying to blackmail the company.
Schenkel shrugged and said, ¨That´s just a tag name.¨ Schenkel said he had
other information, too, including personal information of MLN employees who
had received their mortgages through the company. When Mills went to talk to
his supervisor, Schenkel left. 


Schenkel sent another e-mail on Sunday, saying he felt morally obligated to
disclose to the public that he´d been able to download the records. ¨I
respectfully ask that MLN give me credit for recognizing the potential
risk,¨ the e-mail said, as quoted in the warrant. ¨I have to admit I am
somewhat proud that I am responsible for protecting the identities of more
than 231,000 people.¨ If MLN didn´t hold a press conference, Schenkel would
call the Hartford Courant , he said. 


MLN searched Schenkel´s work computer and found the hard drive contained
about three times as much data as other employees´. One file, named ¨birth
defects¨ and dated about three months after the birth of Schenkel´s son,
contained references to a genetic abnormality that is usually fatal. If the
son did have a birth defect, it might explain Schenkel´s need for money,
Mills told police. 


The computer contained information about a mortgage consultancy Schenkel was
apparently setting up at a Wethersfield address, along with a web page,
www.mymortgage-moneysaver.com <http://www.mymortgage-moneysaver.com/> . The
company also found information about 1,200 loan applications denied by a
former MLN loan officer who Schenkel was friends with, the warrant said. It
appeared Schenkel wanted to offer the unsuccessful applicants his
credit-consulting services. 


  _____  

On May 20 the Middletown police searched Schenkel´s home in Wethersfield and
seized three computers, 23 DVDs, three CDs, a list of passwords, literature
on identity theft, and handwritten notes of business plans. Schenkel was
charged with computer crimes and larceny by extortion and released on
$250,000 bail. 


Schenkel´s attorney, Greg Cerritelli, said the arrest of his client was a
mistake. ¨In his tenure at Mortgage Lenders Network, he was an absolutely
stellar employee,¨ Cerritelli said. ¨This incident truly is a gross
misunderstanding that was blown out of all proportion. He sought to expose a
weakness in the way their data system was maintained, and instead of doing
some internal review of their own to address these deficiencies, they have
Paul arrested. 


¨It´s a powerful, politically connected person who we believe is behind
this,¨ Cerritelli said. He would not identify the person, saying, ¨I´m not
casting blame on anyone,¨ but added, ¨I believe that there´s more to this
than meets the eye. There´s more going on behind the scenes.¨ 


The president of MLN, Mitch Heffernan, did not return a call from the
Advocate . Schenkel is scheduled to appear in court again on June 16. 



We want your feedback. 
Email mrinde () hartfordadvocate com 
Email editor () hartfordadvocate com

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.