A Bank of America worker who installed malicious software on his employer’s ATMs was able to siphon at least $200,000 from the hacked machines before he was caught, according to a plea agreement he entered with prosecutors last week.
Rodney Reed Caverly, 53, was a member of the bank’s IT staff when he installed the malware, which instructed the machines to dispense free cash without creating a record of the transaction. The Charlotte, North Carolina, man made fraudulent withdrawals over a seven-month period ending in October 2009, according to prosecutors, who’ve charged him with one count of computer fraud.
Caverly has agreed to plead guilty and is set to appear in court on Tuesday. Nobody involved in the case -- Caverly, his defense attorney, prosecutors and Bank of America -- has revealed how much Caverly stole, but the April 7 plea agreement (.pdf) discloses that the crime resulted in a "loss of more than $200,000 and less than $400,000."
The document lays out the terms of the plea deal but provides no additional facts about the nature of the malware Caverly installed or how he conducted the fraudulent withdrawals.
Caverly faces a maximum five years in prison and a possible fine up to $250,000. Assuming Caverly has no prior convictions, federal sentencing guidelines recommend a sentence of 24 to 30 months.
A Bank of America spokeswoman told the Associated Press last week that the bank discovered the thefts internally. It's not known how much, if any, of the stolen cash was recovered.
Caverly was formerly the founder and CEO of Sovidian, LLC, a North Carolina software development company established in 1999. The company merged in April 2003 with Data On CD, a document management and archiving firm.
Prior to the merger, Sovidian provided “tailored software and software integration solutions for the finance industry for over 10 years,” according to a press release on its website, and counted Bank of America, First Union and Bank of Nova Scotia, Canada, as customers.
Tom Chase, general manager for Sovidian, told Threat Level that the company hasn’t had any banking or finance customers since 2004, and that Caverly hasn’t worked there for years. Though he’s still a major investor in the business, he has ”very little involvement” with it now, said Chase.
Caverly took the job with Bank of America some time around 2007, said Chase.
Photo: James Merithew/Wired.com
See also:
