The street view of Tech Data’s corporate campus at 5350 Tech Data Drive in Largo, as shown on Google Maps.
LARGO – Computer equipment valued at $59,805 was delivered to a home in Canada Feb. 19 before Tech Data, an international IT distributor based in Largo, realized their customer had been a victim of a Russian cybercrime.
The company has Largo police detectives to thank for helping to recover more than $20,000 of the equipment before it shipped overseas, likely to Russia or possibly Ukraine, said Tech Data fraud manager Scott Heim.
The scam started with a Zeus virus or a similar variant that infected one of their customer’s computers, Heim said. The virus, specifically a keylogger Trojan, was designed to track keystrokes and relay the user names and passwords, even online banking credentials, back to the cybercriminals, who then were able to log on to Tech Data Canada’s website as the victim and place an order using their account.
Heim said it’s a problem the company has been dealing with in the United States and Canada for about two years.
“All the major tech distributors are dealing with the same activity,” he explained.
In fact, any company that provides electronic commerce access for its customers has to defend against these types of attacks, he said. Rarely, however, is such an attack on Tech Data’s websites successful.
“We catch almost all of them. It’s less than 1 percent that actually get fulfilled,” Heim said. “Slips though, occasionally will occur, and it’s nice to know that we have partners with law enforcement that can jump on this for us.”
In this case, the order requesting 50 different items was placed Feb. 17 and shipped to a home in Laval, Quebec later that day. When Tech Data identified the order as fraudulent, the company contacted UPS to try to stop the delivery, but the equipment had already arrived about an hour beforehand, at 8:04 a.m. Feb. 19.
The company contacted the Largo Police Department to help intercept the stolen merchandise. Canadian authorities usually are reluctant to take up a case based on a private referral, Heim said. So Largo’s Detective Lara Young coordinated with police officials in Canada to obtain a search warrant at the address of the delivery.
Canadian authorities arrested two people and were able to recover some of the stolen computer equipment, according to Largo police. Police Lt. Stephen Slaughter said he was proud of the investigative services division for their quick action.
“They jumped on the case within hours or the rest of the shipped equipment would have been gone,” he said.
More than $30,000 worth of equipment was not recovered from the Quebec home.
“It’s our belief is that it’s already gone to Russia, and there’s not been great cooperation with the Russian authorities,” Slaughter said.
Heim said that in his experience tracing similar attacks through email communications and IP addresses, they “almost always tie back to locations in Russia, typically in the St. Petersburg area.”
The two who were arrested aren’t cooperating, meaning that the equipment still unaccounted for likely won’t be recovered, Heim said, though Canadian authorities continue to investigate.
“We want businesses to be aware and maintain their virus protection software. This is what can happen,” Slaughter said. “Offenders know that time is on their side.”
The two who were arrested are mostly likely unwitting participants in the scheme, charged with receiving the equipment and reshipping it overseas in a “work-at-home” set-up, Heim said. It’s likely they won’t know much those behind the fraud anyway, Slaughter said.
“They wouldn’t want somebody to have that much intimate knowledge,” he explained.
Heim said Tech Data has a system in place to track its customers’ order trends. An atypical order that is sent via expedited shipping to a residential address, as opposed to a business, will be flagged for manual review. If it’s found to be fraud, it will be canceled. Tech Data will follow up with its customer – in this particular case, a Canadian IT reseller – to let them know they’ve been infected with a virus and walk them through what needs to be done to fix it.
“We would warn them too, it’s not just going to be Tech Data, but their other supplier accounts,” Heim said.
Cybercriminals usually order equipment like laptop computers, processors and hard drives. Since whatever they obtain is almost 100 percent profit, they can sell the equipment for prices dramatically less than their real worth.
“They’re obviously selling on black market,” Heim said.
Still he said he was pleased with the collaboration with Largo police “to jump all over this” and recover some of the stolen merchandise.
Most of Tech Data’s corporate campus is within Largo city limits, at 5350 Tech Data Drive, near the St. Peter-Clearwater International Airport. The company is in the process of planning to build a new 46,800-square-foot office building on the campus, according to Largo economic development documents.