Thursday, November 03, 2022

Guilty Plea to Theft of West Haven City Funds & Covid Relief, by State Representative & Employee, DiMassa, illustrates the Insider Threat

Tuesday, the United States Attorney for the District of Connecticut New Haven Division announced that Michael DiMassa, 31, of West Haven, pleaded guilty to conspiracy charges stemming from his involvement in schemes that resulted in the theft of more than $1.2 million dollars in COVID relief funds and other funds from the City of West Haven. We often say that a security professional's worse nightmare is insiders like DiMassa, who have motive, where motive can be money, power, jealousy, revenge, and so on. 


Insiders like DiMassa have #MOM - Motive, Opportunity and Means to commit any crime, including voter fraud. Cybersecurity & Infrastructure Security Agency(CISA)  defines Insider Threats as " the potential for an insider to use their authorized access or understanding of an organization to harm that organization. This harm can include malicious, complacent, or unintentional acts that negatively affect the integrity, confidentiality, and availability of the organization, its data, personnel, or facilities."  Depending on the experts, 70-90% of organizations have been victim of an Inside Threat DiMassa's case is an excellent illustration: For example, fraud prevention 101 in accounting involves accounts payable and accounts receivable. Accounts receivable (AR)  is considered an asset because the company is counting on receiving that money within the timeline defined when the sale was initiated, whereas accounts payable (AP) is considered a liability because the company needs to pay out that amount within a certain timeline.  These two functions need to remain strictly separate, in the hands of different departments or personnel. In fact, the American Institute of CPAs considers the separation of duties a fundamental accounting principle and essential internal control for every business, primarily to reduce the risk of fraud. 



Insiders like DeMassa use schemes to get around the AP/AR obstacle, often use plausible deniability and the most sophisticated is the use of new or modified algorithms.  Why it is said that a design, such as vote counting systems, says more about the designers (or Insiders) than the users.  Plausible deniability  is the ability of people, typically senior officials in a formal or informal chain of command, to deny knowledge of or responsibility for any damnable actions committed by members of their organizational hierarchy. They may do so because of a lack or absence of evidence that can confirm their participation, even if they were personally involved in or at least willfully ignorant of the actions. If illegal or otherwise disreputable and unpopular activities become public, high-ranking officials may deny any awareness of such acts to insulate themselves and shift the blame onto the agents who carried out the acts, as they are confident that their doubters will be unable to prove otherwise. The lack of evidence to the contrary ostensibly makes the denial plausible (credible), but sometimes, it makes any accusations only unactionable. Worse: 


The Insider at West Haven

DiMassa did not rely on plausible deniability, such as Uber’s former Chief Security Officer, or the more sophisticated use of algorithm, but simply get around the Accounts Payable/Accounts Receivable obstacle


The Elegance of Simplicity - 
According to court records DiMassa was a Connecticut State Representative who was also employed by the City of West Haven, serving as the Administrative Assistant to the City Council. In April 2020, the State of Connecticut was allocated money by the U.S. Department of the Treasury through the Coronavirus Relief Fund (“CRF”), which was established by the Coronavirus Aid, Relief, and Economic Security Act (“CARES Act”) for the purpose of helping local governments pay costs incurred in responding to the COVID-19 pandemic. From July 2020 through September 2021, the City of West Haven received approximately $1,150,257 in financial assistance from this fund. DiMassa, who was authorized to approve the designated relief funds for the reimbursement of COVID-related expenditures incurred by West Haven, conspired with others to steal these funds and other West Haven funds through the submission of fraudulent invoices, and subsequent payment, for COVID relief goods and services that were never provided.

Scheme One: Bypassing the AP/AR Obstacle

In one scheme, DiMassa conspired with John Bernardo, who was employed by the City of West Haven as a Housing Specialist in the office of Community Development Administration. In January 2021, DiMassa and Bernardo formed Compass Investment Group, LLC. Beginning in February 2021, Compass Investment Group LLC fraudulently billed the City of West Haven and its “COVID-19 Grant Department” for consulting services purportedly provided to the West Haven Health Department that were not performed. From February 2021 through September 2021, the City of West Haven paid Compass Investment Group a total of $636,783.70 DiMassa made several large cash withdrawals from the Compass Investment Group LLC bank account.

Scheme Two:  Use Family to do the Laundry

DiMassa also conspired with his wife, Lauren DiMassa, through the submission of numerous fraudulent invoices to West Haven for services related to a Youth Violence Prevention Program and for Youth Violence COVID-19 Associated Expenses. These invoices listed charges for in-home counseling, cleaning supplies, special needs hourly service, wi-fi assistance for low/moderate income families, counseling services, license fees, a fall youth clinic, meals, support group supplies, equipment rental, and youth clinic support group. West Haven made at least 16 payments totaling approximately $147,776.10 to Lauren DiMassa, who never provided any services to the City of West Haven.

Scheme Three: Use Friends to do the Laundry

In a third scheme, DiMassa conspired with another individual through the submission of fraudulent invoices from companies, which were controlled by DiMassa’s co-conspirator, to West Haven for goods and services, including thousands of units of Personal Protective Equipment (PPE), HVAC maintenance at multiple municipal locations, COVID supplies for the Board of Education, and cleaning services for various municipal and school buildings, including one school building that had been vacant and abandoned for several years. The co-conspirator’s companies received approximately $431,982 through this scheme. DiMassa has agreed to pay restitution of $1,216,541.80.

So, you still think that voter fraud by Insiders is not possible?

No comments: