A thief in Linden, N.J., snatched a VeriFone Systems Inc. point of sale terminal from a ShopRite supermarket and used it to steal $80,000 from the store, The Star-Ledger of Newark, N.J., reported Nov. 24. He then loaded the cash on to refillable Dunkin' Donuts and Visa-branded gift cards.

Police arrested Juan M. Perez of Elizabeth, N.J., on charges of theft and receiving stolen property. His alleged crime remains under investigation.

Perez allegedly stole the VeriFone terminal in May and it took police six months to track him down, during which time they watched his moves online. Perez allegedly hooked up the terminal to a computer and a phone line to load the money on to cards.

VeriFone provided the police with a phone number on one occasion, but when police tracked down the address, Perez had already gone. VeriFone also provided an Internet IP address, which police tracked to a basement apartment in Elizabeth and made the arrest. VeriFone shut down the rogue terminal in October, after which Perez destroyed it.

The Star-Ledger reported that the crime may also have been an inside job because the terminal relied on a secret store code to conduct the transactions. Perez is being held in jail in lieu of bail.

Gone Phishin'

A recent Gmail break-in could provide some valuable lessons to bankers worried about the latest phishing scams. reported on Nov. 22 that a hacker recently built a blog that harvested the Gmail addresses of people who visited the site while logged into Google Inc.'s free e-mail service.

The blog automatically e-mailed visitors at their Google accounts with a header that read: "Kinda Important Message." The message said they were receiving the note because they had visited the site. The exploit sparked a lot of chatter in the blogosphere and prompted this reaction from Google, as reported by on Nov. 20:

"We quickly fixed the issue in the Google Apps Script API that could have allowed for e-mails to be sent to Gmail users without their permission if they visited a specially designed website while signed into their account. We immediately removed the site that demonstrated this issue, and disabled the functionality soon after. We encourage responsible disclosure of potential application security issues to"

Family Jeweler

His alleged crimes touched the rich and famous, stretched across the globe and involved bankruptcy fraud and wire fraud.

Fourth-generation jeweler Ralph O. Esmerian allegedly used as collateral a portion of the $217 million in loans he had obtained from Merrill Lynch Mortgage Capital to buy and finance his business, the famed jewelry company Fred Leighton, The New York Times reported on Nov. 22.

Fred Leighton has decked out numerous red-carpet denizens, including Nicole Kidman and Sarah Jessica Parker. Esmerian is charged with hiding the sale of jewels, including a 13-carat Burma ruby, designated as collateral for part of the Merrill Lynch loans. The ruby was estimated to be worth nearly $3 million.

Prosecutors said tens of millions of dollars of collateral, including other gems, brooches and trinkets, like a gilt album commissioned by Marie Antoinette, have simply vanished. If convicted, Esmerian could face 30 years in prison. He was charged in U.S. District Court in Manhattan.

Some People

One of Goldman Sachs' highest paid programmers is accused of stealing confidential source code for the prominent investment bank's high-frequency trading platform, The Wall Street Journal reported on Tuesday.

In their opening statement, federal prosecutors alleged that Sergey Aleynikov located a corporate server in Germany that was not blocked by a Goldman Sachs firewall and used it to secretly upload portions of the code just days before he left the bank.

Aleynikov was on the verge of leaving Goldman in 2008 to join UBS AG but Goldman offered him $400,000 annually to stay, according to the report. He considered leaving the bank again the next year, but negotiated a $300,000 base salary, plus a $700,000 guaranteed bonus and profit-sharing of $150,000, according to the Journal.

In order to get around Goldman's security procedures, prosecutors said Aleynikov wrote a program capable of downloading thousands of files and hundred of thousands of lines of code. Aleynikov left Goldman in June and allegedly deleted files that revealed his criminal doings. He faces 10 years in prison if convicted on the most serious charge, theft of trade secrets. Aleynikov has maintained his innocence, saying he took what he thought was open source code not owned by anyone.

Bronx Cheer

A Bronx, N.Y., man was arrested for allegedly stealing $4.5 million from Columbia University and diverting it to accounts at TD Bank and other financial institutions, The Wall Street Journal reported Tuesday.

George Castro was charged with grand larceny and criminal possession of stolen property. He is accused of adding a TD Bank account to the accounts payable system at Columbia University Medical Center and siphoning funds to it and other institutions. Castro's exact relationship to the medical center is unclear. His lawyer said he is not an employee there but he did not clarify the relationship.

TD Bank told investigators that the money was paid to the account in October and November. From there it was transferred to other accounts, including at Capital One Financial Corp.

Police said Castro had $200,000 in his possession when he was arrested, and he had withdrawn an additional $140,000 the day before he was apprehended. Officers allege Castro admitted that he used some of the money to purchase an $80,000 Audi, which police confiscated in front of his Bronx residence.

The criminal activity was uncovered when an employee working in the accounts payable system noticed a large irregularity involving the transfer of millions of dollars to the TD Bank account, which was apparently linked to a dummy business called IT Security Solutions LLC. Castro is being held on $2 million bail in Manhattan.

Security Watch is a weekly roundup of news and developments in data security and their impact on financial services companies.
Please e-mail us any comments, ideas, and suggestions about this column.