Tech Scammer Who Fooled Cisco, Microsoft and Lenovo Out of Millions Jailed For Over Seven Years

An anonymous reader quotes a report from The Register: A scammer who convinced some of the world's biggest tech businesses to send him replacement kit has been sentenced to seven years and eight months in the U.S. prison system. Justin David May, 31, used stolen hardware serial numbers, a plethora of fake websites and online identities, social engineering tactics, and a network of associates, to scam Cisco out of nearly $3.5m in hardware in just 12 months. Microsoft lost 137 Surface laptops (retail cost $364,761) to the crew, with Lenovo US also losing 137 replacement hard drives worth $143,000 and APC (formerly American Power Conversion) getting scammed out of a few uninterruptible power supplies. May pled guilty to 42 counts of mail fraud, 10 counts of money laundering, three counts of interstate transportation of goods obtained by fraud, and two counts of tax evasion.

In the largest scam against Cisco, run from April 2016, according to court documents [PDF] filed in eastern district court of Pennsylvania, May and the team set up domains and email addresses to mimic cisco.com user IDs and harvested serial numbers of legit machinery. They then used these to trick Cisco into sending out replacement kit, such as a Cisco Catalyst 3850-48P-E Switch worth around $21,000 at the time, and a couple of Cisco ASR 9001 routers priced at over $100,000 for the pair. The same scam worked well for Microsoft and Lenovo too, it seems. The court docs note that May was skilled at picking imaginary faults that weren't remotely repairable, such as basic software issues, but which were more obvious as serious flaws needing a replacement unit. In addition the crew digitally altered images of their supposed kit and serial numbers to fool support staff. Once the hardware was received, usually via UPS or FedEx, the companies never got the faulty kit back because it never existed. Meanwhile the packages were picked up, sold on eBay and other second-hand sites, and the cash pocketed, or in the case of Microsoft, some of the hardware shipped to Singapore for resale.

Seems reasonable

[Your Father]

If you steal stuff, you go to jail.

Re:

[lessSockMorePuppet]

His only mistake was not doing it for billions. If you bribe politicians to make protectionist laws for you and you pals, you can fleece taxpayers via the federal government, legally, for decades on end!

Re:

[jobslave]

You have to be in tight with them before you do this, or have them included in your scam from day one AND be part of their social circle to be protected by them. This guy was just some low class, loser, he's going to get the book thrown at him.

Re: Seems reasonable

[klipclop]

Yep, Cisco lies and steals from my company all the time. They lie about the specs, lie about issues and bugs and probably phantom charge them on a bunch of stuff we don't receive too. (caught them a few times trying to charge Smart on devices we removed as decommissioned)

Re:

[ShanghaiBill]

His only mistake was not doing it for billions. If you bribe politicians ...

You need a budget of about $10M to fund an effective lobbying campaign that will net billions. That is a hundred-to-one ROI, but you can't play the game if you don't have the entrance fee. This guy didn't have a spare $10M lying around.

Re:

[retchdog]

if everyone who can think clearly about the problem is automatically part of the problem, you're going to have a rough life. (shrug)

Re:

[DrMrLordX]

He was working on it! He just got caught before he hit $10 mil.

Re:

[Gravis Zero]

If you steal stuff, you go to jail.

His mistake was not being an executive in large corporation with powerful lawyers.

Re:

[greenfruitsalad]

But 7 years for stealing 2 routers and 3 transceivers? It's not like he stole a Pearson textbook and ruined the company.

Re:

[DrMrLordX]

Nah he hit four different companies. His biggest haul was the $3.5 mil in gear from Cisco.

Re:

[CoolDiscoRex]

If you steal stuff, you go to jail.

Oh please. If you steal a candy bar from Walmart, you’re charged under criminal law, face time in a cage, and will have trouble getting a job and/or apartment in perpetuity.

If you’re a CEO and you knowingly and willfully overcharge tens of millions of customers, causing their bank accounts to be debited for an amount in excess of what they owe ... the customers have to hire a lawyer at which point the case will be tried under CIVIL law. Zero cage time possib

I mean, classic

[rmdingler]

Yeah, he exploited a loophole in the warranty system and he ran the same scam long enough that the rubes caught on. Brilliant, but lazy and a lot greedy, too.

Seems like whether it's credit card gas pump skimmers, junk bond purveyors, or those engaged in Madoff-level Ponzis; they all play the short game long. It's a live for the moment, scam now, pay later scheme, destined to end in having your bills paid by the State for longer than it seems worth it.

The most difficult part of working a successful hustle is knowing when to get out and work another.

Re:

[fuzzyfuzzyfungus]

I assume that he went with a target he was familiar with; but IT hardware actually seems like a poor choice for a plan that involves acquiring stuff illegally and then trying to cash out.

For the purposes of your prosecution and sentencing you are presumably on the hook for the full list price (even in cases where full list price is either just a joke that you and your account rep use to break the ice before discussing the real price; or where vendor-authorized FRUs have nominal prices wildly higher than

Re:

[tlhIngan]

What I want to know is how they get advance replacement hardware sent out without needing some payment authorization.

It's easy on a subscription product because the subscription gets transferred over but for warranty replacements almost always require putting a credit card or something.

Then again, I guess people who spend millions on equipment and support plans get special treatment

Companies should hire him

[mtmra70]

He got a hold of Cisco TAC *and* got replacement equipment sent out? This is impossible with a valid contract. Hire him!

Re: Companies should hire him

[Goatbot]

LOL funny cause it's TRUE.

Re:

[freeze128]

If you're having trouble getting Cisco TAC to send replacement equipment for your faulty devices, then you just don't spend enough money with them. I work at an international conglomerate that spends hundreds of millions of dollars on equipment from Cisco, and never had a problem getting replacements.

Re: What kind of hard-drives are those?!

[MrNaz]

Ones that have had a sticker put on them that says "For Servers".

So tech support is only defense for scams?

[rapjr]

The people often paid the least among tech jobs and worked the hardest and trained the least are the only thing standing between criminals and millions of dollars of gear going missing and the serial number is the secret authentication code to verify you own the equipment. Brilliant! How many other companies use the same approach? This could beat ransomeware for easy remote theft.

Re:

[Antique Geekmeister]

The data often is sold, both to criminals and to intelligence agencies.

Re: So tech support is only defense for scams?

[Goatbot]

True that commercial for profit surveillance. We complain about the odd government form but hell not only do we work for free for social media companies we also provide them a virtually unlimited amount of information about us. Used to be only the telephone companies made money providing data, now even the NSA purchases data lol.

Scam dependent on low product quality

[John.Banister]

You'd think if product quality was a priority that they'd send out a person to hand deliver a replacement $50k router and investigate how the original failed. If Cisco sent him $3.5M in hardware in 12 months, for how many millions of dollars worth of hardware they sold do they think they got away with selling crap but didn't get called on it?