Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Job Seeking Hacker Gets 30 Months in Prison

wiredmikey (1824622) writes | more than 2 years ago

Security 4

wiredmikey (1824622) writes "A hacker who tried to land an IT job at Marriott by hacking into the company’s computer systems and then unwisely extorting the company into hiring him, has been sentenced to 30 months in prison.

The hacker started his malicious quest to land a job at Marriott by sending an email to Marriott containing documents taken after hacking into Marriott servers to prove his claim. He then threatened to reveal confidential information he obtained if Marriott did not give him a job in the company’s IT department.

He was granted a job interview, but little did he know, Marriott worked with the U.S. Secret Service to create a fictitious Marriott employee for the use by the Secret Service in an undercover operation to communicate with the hacker. He then was flown in for a face to face “interview” where he admitted more and shared details of how he hacked in. He was then arrested and pleaded guilty back in November 2011.

Marriott claims that the incident cost the company between $400,000 and $1 million in salaries, consultant expenses and other costs."

Link to Original Source

cancel ×

4 comments

Sorry! There are no comments related to the filter you selected.

$1m ? haahah (1)

cheekyboy (598084) | more than 2 years ago | (#38930803)

I think the real criminals as usual are corporations who fraudulently over estimate 'losses'

but cops are too dumb to know any maths.

Re:$1m ? haahah (1)

Hyperhaplo (575219) | more than 2 years ago | (#38932709)

It's a pity that someone in the auditing field has not weighed in on this to respond, but yes - $500,000 to $1,000,000 is not an unreasonable effort as to the costs involved to a corporate to deal with this type of problem.

To make this simple: For every *minute* that someone has to spend dealing with a problem, a company must *pay* for that time in salary. We won't go into hardware or software costs here.

You need employee time:
- to identify and document the root cause, identify incidents and the actual problems
    - root cause: a hacker is getting into our systems from an external network; probably from the internet (don't assume this - many corporations have backbone internal fiber networks that make for excellent back doors)
- identify systems affected and determine a solution to any problem per system
- resolve all incidents
  For example "hacked took over 3 services, email is offline as is one SAN - fix it now"
- Resolve all problems
  For example, "A hacker manged to get system administrator access to four servers. Fix it and make sure it doesn't happen again."
- Audit current systems - servers and pcs - to ensure that no further problems will occur
    This may include a sweep for malicious software / rootkits / accounts
- Audit for lost company information
    Has company data been stolen? How? Email system? File transfer? Are there any existing holes in the network that can / are being exploited?
- etc etc etc I am not going into it - to read up basic and advanced computer security if you are interested
- Auditing
    It costs to have an external company audit you. If your financial data is compromised then you may not have a choice but to fork out $20,000 to $100,000 to have someone perform various audits and certify compliance

You can easily have the time of several employees at $100,000 salary per year each looking into this problem and fixing issues for several months and up to a year, as well as time spent management meetings, doing reports, creating new reports for information that previously wasn't high priority but now is (usually this one is buying software and enabling web / internet access reporting for the entire organization) as well as a lot of other miscellaneous activities.

I have been a part of one of these. It is not pretty, it is not nice and it can be damn expensive.

Imagine you run a company and are told that for the better part of the next year several employees and a host of management and external resources are going to be spent dealing with a problem cause by a hacker.

There are templates for calculating the cost of this type of problem. Insurance companies use them as part of their core business.

I'd say that, over the course of the next 5 to 10 years, $1m is a conservative estimate.

Re:$1m ? haahah (1)

evanism (600676) | more than 2 years ago | (#38933677)

Good write up, but I'd bet some IT dude went to ask for ten bucks for some software to prevent exactly this problem and s/he would have been told no.

Corporates disgust me in how they allocate costs when it is trendy, or for appearances!

Ha... (1)

Zooperman (1182761) | more than 2 years ago | (#38934939)

For the lulz, indeed.
Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>