Former Expedia employee hacked bosses to net $350,000 in 'get-rich-quick scheme'

A former IT technician working for travel website Expedia pleaded guilty in a US federal court this week (5 December) for hacking into the emails of senior company executives and using stolen information to illegally profit from an insider trading scheme.

Jonathan Ly, 28, of San Francisco, employed at Expedia subsidiary Hotwire.com between March 2013 and April 2015, allegedly used his network privileges to access devices belonging to Expedia's chief financial officer (CFO) and the head of investor relations.

Using his authorised access, Ly was able to make a series of well-timed trades in Expedia stock options to net nearly $348,500 in illicit profit. The trades came in advance of seven Expedia earnings announcements and two Expedia agreement-related announcements, court filings said.

According to the US Department of Justice, even after Ly left the company he kept an Expedia laptop and continued to access the executives' inboxes.

Securities fraud is punishable by up to 25 years in prison and a $250,000 fine. Sentencing will take place on 28 February 2017.

The Securities and Exchange Commission (SEC) elaborated on how Ly's hacking activities eventually "expanded" to rely on "deceptive means" to access company computers – including using privileged access to conceal his identity and hacking into a computer holding administrator passwords.

After uncovering the computer intrusion, Expedia reported it to the FBI and undertook its own forensic investigation. The DoJ said Ly will have to pay back the profits made in the scheme. Additionally, as part of a plea, he will repay Expedia the $81,592 it spent investigating the intrusions.

"This case was particularly egregious because Mr Ly abused his special access privileges as an IT administrator," said Jay Tabb, FBI special agent in charge at the Seattle field division. "On top of violating the trust of the public and his company, he violated the privacy of fellow employees.

"Insider trading erodes the public's trust in the financial markets. Reassuringly, most employees never exploit their unique knowledge for unfair investment advantages."

US attorney, Annette Hayes, said: "The irony of our increasingly digital world is that the greatest threat to our networks is a human one.

"In this case, an IT professional used his employer's networks to facilitate a get-rich-quick scheme. I commend Expedia for quickly contacting law enforcement when they identified the computer intrusion. Their willingness to do the right thing made it possible to effectively investigate and prosecute the matter – protecting our financial markets from unfair manipulation."