Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Hacker Gets 30 Months for Trying to “Hack” His Way Into a Job With Marriott

Hacker Sentenced to 30 Months in Prison for Hacking into Marriott Systems to Extort Employment from the Company

A hacker who tried to land an IT job at Marriott by hacking into the company’s computer systems and then unwisely extorting the company into hiring him, has been sentenced to 30 months in prison.

Hacker Sentenced to 30 Months in Prison for Hacking into Marriott Systems to Extort Employment from the Company

A hacker who tried to land an IT job at Marriott by hacking into the company’s computer systems and then unwisely extorting the company into hiring him, has been sentenced to 30 months in prison.

The Department of Justice announced on Friday that Attila Nemeth, 26, a Hungarian citizen, was sentenced by a U.S. District Judge and will serve a prison sentence for transmitting malicious code to Marriott International Corporation’s computers and threatening to reveal confidential information obtained from the company’s systems if Marriott didn’t offer him a job.

Hacker Goes to PrisonAccording to court documents, Nemeth started his malicious quest to land a job at Marriott by sending an email to Marriott personnel, letting them know that he had been accessing the company’s computers for months and had obtained proprietary company information. After not receiving a response, in an effort to prove his claims, Nemeth sent another email, this time containing eight documents, seven of which were confirmed as documents stored on Marriott’s systems. In the email he threatened to reveal the information he obtained if Marriott did not give him a job in the company’s IT department.

This time around, Nemeth got something back. According to the plea agreement, on Nov. 18, 2010, Marriott worked with the U.S. Secret Service to create the identity of fictitious Marriott employee for the use by the Secret Service in an undercover operation to communicate with Nemeth. Nemeth, thinking he was communicating with Marriott HR personnel, continued to call and email the undercover agent, and demanded a job with Marriott in order to prevent the public release of the Marriott documents. Nemeth went as far as to email a copy of his Hungarian passport to prove his identification and have travel arranged to the United States.

Assuming his efforts were working, and the possibility of a new job with Marriott in his sights, Nemeth arrived at Washington Dulles Airport on Jan. 17, 2011, on an airline ticket purchased by Marriott for him, for what he thought would be a job interview with Marriott personnel. Unbeknownst to him, he was actually being “interviewed” by a Secret Service agent posing as a Marriott employee.

During the course of the “interview,” Nemeth admitted that he accessed Marriott’s computer systems; stole Marriott’s confidential and proprietary information; and initiated the emails to Marriott threatening to publicly release Marriott’s data unless he was given a job on his terms by Marriott.

According to the plea agreement, Nemeth admitted that by using malware sent via email to specific employees at Marriott, he was able install malware on Marriott’s systems, giving him “backdoor” access to Marriott company information.

To further prove his identity as the hacker, Nemeth demonstrated exactly how he accessed the Marriott network; his continued ability to access the Marriott network; and the location of the stolen Marriott proprietary data on a server located in Hungary.

Advertisement. Scroll to continue reading.

You May Like > Man Pleads Guilty to Hacking Neighbor’s Wi-Fi, Sending Threats against Vice President

Marriott said it had to engage more than 100 of its employees in a thorough search of its network to determine the scope of the incident and to identify the data that may have been compromised. As a result, Marriott claims that the incident cost the company between $400,000 and $1 million in salaries, consultant expenses and other costs.

Nemeth was facing up to 10 years in prison for the transmission of the malicious code and up to 5 years in prison for threatening to expose confidential and proprietary information, so the sentence he recieved was significantly less than he could have been slapped with.

Nemeth, who originally pleaded guilty in Maryland on November 23, 2011, was also ordered to serve three years of supervised release following his prison term.

Written By

For more than 15 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.