Sunday, August 03, 2008

Another Insider Busted: Countrywide Financial Analyst

(updated with new information)

Rene Rebollo, a 36 year old former Countrywide employee from Pasadena, has been charged by the FBI and taken into custody with a co-conspirator Wahid Siddiqi, a 25 year old from Thousand Oaks. Its alleged that Rebollo would come into the office every Sunday and download data from Countrywide's subprime mortgage system, Full Spectrum Lending. He apparently logged in each weekend for two years, downloading information on 20,000 each weekend and carrying it home on a flash drive. For this he was paid $500 per week. In all he is accused of selling identity information on 2 million Countrywide applicants, and pocketing $70,000 for his efforts, which exceeded his annual salary at Countrywide. (The Ventura County Star put that figure at $63,000.)

The LA Times reported yesterday that this means Rebollo was selling identities for about 2.5 cents each. They quote Beth Givens from the Privacy Rights Clearinghouse as saying "This guy obviously didn't do his homework. He doesn't know the value of these on the black market", noting that often social security numbers are sold for dollars each, not pennies.


According to Thom Mrozek, of the US Attorney's Office in Los Angeles, the buyers of the stolen data were using it as lead generators to offer the same subprime loan customers other financial offers.

Its not clear yet how the data was normally transferred from Rebollo to Wahid Siddiqi, but what we do know is that Siddiqi was a reseller of the data Rebollo accessed by logging in with his credentials as a Senior Financial Analyst. According to his LinkedIn Profile, Rebollo worked at Countrywide since September of 1999.

The FBI came into the case when one of their confidential witnesses made a buy from Siddiqi of the stolen customer profiles for several thousand countrywide customers for $4,000. According to the Ventura County Star, the witness met both Siddiqi, who he called "Nico", and Rebolla, who he called "Rob Bello", in a night club and exchanged cash for CDs containing the stolen data.

The charges against Rebollo, who stole the data, could include up to five years in federal prison. Siddiqi, the reseller, could face up to fifteen years.

This isn't the first major mortgage broker to face insider jobs. Online mortgage broker Lending Tree Inc accused two former employees of illegally accessing information on "potentially millions of clients".

Update: We've received a copy of two affadavits sworn by FBI Special Agent Richard Ryan that were presented to the courts. One is a 13-page document, in support of the charges being brought against Rebollo and Siddiqi.

The charge against Rebollo is a violation of Title 18 USC Section 1030(a)(2)(A), "Exceeding Authorized Access to the Computer of a Financial Institution". The charge against Siddiqi is Title 18 USC Section 1028(a)(7), "Fraud and Related Activity in Connection with Identification Documents".


On July 7th, second Confidential Witness made consensually recorded telephone calls to "Nico" (Siddiqi) and ordered several thousand leads, negotiating a price of $4,000 for the data. He met with Nico on July 9th while wearing a wire, and received the data on CDs, which he loaded into an FBI undercover laptop, and got Nico to confirm that they were "fresh Countrywide" leads, and that they contained "full socials" (full social security numbers). He paid Nico the $4,000 in cash, provided by the FBI. Armed with this information, Ryan was ready to go interview Rebollo.

Rebollo was interviewed at his place of employment on July 15th by SA Ryan and SA Medrano. During the interview he confirmed the previous information about his weekly practice of stealing data by exporting it to a personal thumb drive. Rebollo actually opened a bank account at Washington Mutual "Doing Business As" RR Consulting. This account was specifically for receiving and holding the profits from his stolen data.

In the beginning, Rebollo would email the contents of his thumb drive to his buyers from a public computer at Kinko's. Frequently he would export data requested by his buyer, such as "new declines", or people who had a loan offered, but chose not to take the loan. Rebollo confirmed that he knew there was a company policy against sharing Lead Sources outside the company. He also confirmed that he knew that most CountryWide computers had a security feature which prevented the use of a thumb drive. He had found that he had access to one computer which did not have this feature.

According to the affadavit, on July 15th, Rebollo voluntarily turned over the flash drive he used to transport the data and the personal computer he used to broker the data. The flash drive had about "thirty to fifty" spreadsheets on it, each containing thousands of records with names, telephone numbers, addresses, and social security numbers of Countrywide applicants.

Rebollo agreed to sign a "CONSENT TO SEARCH" and to allow the FBI to follow him to his home and allowed them to take his thumb drive and his computer. He also printed many of the email messages showing that he had sent the stolen data from his home computer to various buyers.

Two days after SA Ryan returned to his office with Rebollo's computer and thumb drive, he was contacted by Rebollo's attorney who said their "Consent to Search" had been revoked.

Thanks for reading along . . . here comes the best part!

FIVE DAYS AFTER THAT, a Confidential Witness provided a recording from Rebollo, informing him that he was "camping at Mammoth" and implying he had data to sell. After consulting with the FBI, the CW called Rebollo back, in the presence of the FBI, and asked for 7,000 to 8,000 leads for customers in the states of California, Oregon, Florida, and New York. Rebollo agreed to provide the leads for $400. This a full week AFTER Rebollo had confessed everything to the FBI, lead them to his home, and offered them his thumb drive and computer!!!

Shortly after the call, an email, containing 8,000 leads, was received by the CW.

This second Affidavit, dated July 31st, was for permission to go back and do a court-ordered search (as opposed to the friendly "consent" search previously performed.)

Permission was granted.

No comments:

Post a Comment

Trying a new setting. After turning on comments, I got about 20-30 comments per day that were all link spam. Sorry to require login, but the spam was too much.