Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Hacker Gets 30 Months for Trying to “Hack” His Way Into a Job With Marriott

Hacker Sentenced to 30 Months in Prison for Hacking into Marriott Systems to Extort Employment from the Company

A hacker who tried to land an IT job at Marriott by hacking into the company’s computer systems and then unwisely extorting the company into hiring him, has been sentenced to 30 months in prison.

Hacker Sentenced to 30 Months in Prison for Hacking into Marriott Systems to Extort Employment from the Company

A hacker who tried to land an IT job at Marriott by hacking into the company’s computer systems and then unwisely extorting the company into hiring him, has been sentenced to 30 months in prison.

The Department of Justice announced on Friday that Attila Nemeth, 26, a Hungarian citizen, was sentenced by a U.S. District Judge and will serve a prison sentence for transmitting malicious code to Marriott International Corporation’s computers and threatening to reveal confidential information obtained from the company’s systems if Marriott didn’t offer him a job.

Hacker Goes to PrisonAccording to court documents, Nemeth started his malicious quest to land a job at Marriott by sending an email to Marriott personnel, letting them know that he had been accessing the company’s computers for months and had obtained proprietary company information. After not receiving a response, in an effort to prove his claims, Nemeth sent another email, this time containing eight documents, seven of which were confirmed as documents stored on Marriott’s systems. In the email he threatened to reveal the information he obtained if Marriott did not give him a job in the company’s IT department.

This time around, Nemeth got something back. According to the plea agreement, on Nov. 18, 2010, Marriott worked with the U.S. Secret Service to create the identity of fictitious Marriott employee for the use by the Secret Service in an undercover operation to communicate with Nemeth. Nemeth, thinking he was communicating with Marriott HR personnel, continued to call and email the undercover agent, and demanded a job with Marriott in order to prevent the public release of the Marriott documents. Nemeth went as far as to email a copy of his Hungarian passport to prove his identification and have travel arranged to the United States.

Assuming his efforts were working, and the possibility of a new job with Marriott in his sights, Nemeth arrived at Washington Dulles Airport on Jan. 17, 2011, on an airline ticket purchased by Marriott for him, for what he thought would be a job interview with Marriott personnel. Unbeknownst to him, he was actually being “interviewed” by a Secret Service agent posing as a Marriott employee.

During the course of the “interview,” Nemeth admitted that he accessed Marriott’s computer systems; stole Marriott’s confidential and proprietary information; and initiated the emails to Marriott threatening to publicly release Marriott’s data unless he was given a job on his terms by Marriott.

According to the plea agreement, Nemeth admitted that by using malware sent via email to specific employees at Marriott, he was able install malware on Marriott’s systems, giving him “backdoor” access to Marriott company information.

To further prove his identity as the hacker, Nemeth demonstrated exactly how he accessed the Marriott network; his continued ability to access the Marriott network; and the location of the stolen Marriott proprietary data on a server located in Hungary.

You May Like > Man Pleads Guilty to Hacking Neighbor’s Wi-Fi, Sending Threats against Vice President

Marriott said it had to engage more than 100 of its employees in a thorough search of its network to determine the scope of the incident and to identify the data that may have been compromised. As a result, Marriott claims that the incident cost the company between $400,000 and $1 million in salaries, consultant expenses and other costs.

Nemeth was facing up to 10 years in prison for the transmission of the malicious code and up to 5 years in prison for threatening to expose confidential and proprietary information, so the sentence he recieved was significantly less than he could have been slapped with.

Nemeth, who originally pleaded guilty in Maryland on November 23, 2011, was also ordered to serve three years of supervised release following his prison term.

Written By

For more than 10 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.

Click to comment

Expert Insights

Related Content

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Cybercrime

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cyberwarfare

Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Network Security

NSA publishes guidance to help system administrators identify and mitigate cyber risks associated with transitioning to IPv6.

Cybercrime

A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of...

Cybercrime

The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Cybercrime

Video games developer Riot Games says source code was stolen from its development environment in a ransomware attack