Last week, Garrison Courtney, a former spokesman for the US Drug Enforcement Administration, was sentenced to seven years in prison for running a massive Ponzi scheme involving dozens of unwitting US government officials and private companies. The Washington Post has an account of Courtney’s crimes, which involved telling companies that he was an undercover CIA operative and convincing them to put him on their payroll in order to provide covert funding for classified projects. The victims believed they would be reimbursed by the government in the form of lucrative contracts.
“Courtney told some people...that he was trying to stop the next Edward Snowden,” the Post explains. “Others thought he was supporting secret military maneuvers in Africa or fighting Chinese commercial espionage. To some people, he was flashy, bragging falsely about being a sniper in Iraq, but to others, he was serious-minded. People who worked with Courtney said he was good at isolating them; it was never clear who knew what. And the classified nature of the project made it potentially illegal to ask. Some of Courtney’s victims still won’t talk to law enforcement for fear of revealing classified information; others who did cooperate still think there was a real program that went off the rails.”
Courtney made around $4.5 million through this scheme over the course of four years; he pocketed around $1 million while the rest was spent on sustaining the scam. Additionally, at the time he was arrested, he was well on his way to influencing $3.7 billion worth of contracts.
- Zachary Terwilliger, US attorney for the Eastern District of Virginia, said the US government should learn from this case to prevent similar incidents from occurring in the future.
“If you’re extremely brazen and arrogant...and diabolical, there is a lot you can get away with,” Terwilliger said. “It’s a huge teachable moment for the government.”
So it’s a con, and even sophisticated, security-conscious organizations fell for it, at least for awhile. These scams cascade: once the con finds a mark, others think, well, if so-and-so thinks these people are legit, maybe they really are. New-school security awareness training can give your employees a healthy sense of suspicion so they can be on the lookout for red flags even when everything seems legitimate on the surface.
The Washington Post has the story.
New-school Security Awareness Training is critical to enabling you and your IT staff to connect with users and help them make the right security decisions all of the time. This isn't a one and done deal, continuous training and simulated phishing are both needed to mobilize users as your last line of defense. Request your one-on-one demo of KnowBe4's security awareness training and simulated phishing platform and see how easy it can be!
