A developer working for an e-commerce company in Seattle, Washington took inspiration from the movie Office Space when deciding to steal over $300,000 from his employer.
As The Register reports(Opens in a new window), 28-year-old Ermenildo Valdez Castro was hired in 2018 as a developer working on the customer checkout process for e-commerce company Zulily. However, in 2022 Castro decided to take a little more(Opens in a new window) than his agreed salary by making “malicious software edits” to the Zulily.com checkout system.
Those edits initially allowed Castro to divert the shipping fees on customer orders to a Stripe.com account he controlled. Castro subsequently tweaked the code to start charging customers double for shipping and then routed half of that to his Stripe account so Zulily received the other half (clearly hoping the company and customers would’n’t notice). Finally, he manipulated the price of merchandise items on Zulily.com so he could purchase them for “pennies-on-the-dollar.”
Combined, these three malicious acts of software engineering netted Castro $302,278.52. However, it didn’t go unnoticed by the company’s fraud team. This led to him being placed on administrative leave and subsequently fired, but it wasn’t until Castro returned his work laptop that the link to Office Space was discovered.
The 1999 black comedy movie is set in a typical 1990s software company and the plot sees a virus designed by character Michael Bolton used to infect the company’s accounting system to steal fractions of pennies. A bug in the code results in $300,000 being stolen over a single weekend.
Recommended by Our Editors
Castro stole a similar amount from Zulily, which may just be a lucky coincidence, but on further investigation his work laptop contained a OneNote document detailing his plans to steal shipping fees from the company. Within that document he referred to the scheme as his “OfficeSpace project.”
Unfortunately for Castro, the Zulily building didn’t burn down before his fraud was discovered, and the former developer will have to face up to his crime on Jan. 26 at King County Superior Court in Seattle. There’s little chance of Zulily getting its money back as Castro told police he’d already spent it all on (bad) investments.
Like What You’re Reading?
Sign up for SecurityWatch newsletter for our top privacy and security stories delivered right to your inbox.
This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.
Hits: 0
