Hacker Sentenced to 30 Months in Prison for Hacking into Marriott Systems to Extort Employment from the Company
A hacker who tried to land an IT job at Marriott by hacking into the company’s computer systems and then unwisely extorting the company into hiring him, has been sentenced to 30 months in prison.
The Department of Justice announced on Friday that Attila Nemeth, 26, a Hungarian citizen, was sentenced by a U.S. District Judge and will serve a prison sentence for transmitting malicious code to Marriott International Corporation’s computers and threatening to reveal confidential information obtained from the company’s systems if Marriott didn’t offer him a job.
According to court documents, Nemeth started his malicious quest to land a job at Marriott by sending an email to Marriott personnel, letting them know that he had been accessing the company’s computers for months and had obtained proprietary company information. After not receiving a response, in an effort to prove his claims, Nemeth sent another email, this time containing eight documents, seven of which were confirmed as documents stored on Marriott’s systems. In the email he threatened to reveal the information he obtained if Marriott did not give him a job in the company’s IT department.
This time around, Nemeth got something back. According to the plea agreement, on Nov. 18, 2010, Marriott worked with the U.S. Secret Service to create the identity of fictitious Marriott employee for the use by the Secret Service in an undercover operation to communicate with Nemeth. Nemeth, thinking he was communicating with Marriott HR personnel, continued to call and email the undercover agent, and demanded a job with Marriott in order to prevent the public release of the Marriott documents. Nemeth went as far as to email a copy of his Hungarian passport to prove his identification and have travel arranged to the United States.
Assuming his efforts were working, and the possibility of a new job with Marriott in his sights, Nemeth arrived at Washington Dulles Airport on Jan. 17, 2011, on an airline ticket purchased by Marriott for him, for what he thought would be a job interview with Marriott personnel. Unbeknownst to him, he was actually being “interviewed” by a Secret Service agent posing as a Marriott employee.
During the course of the “interview,” Nemeth admitted that he accessed Marriott’s computer systems; stole Marriott’s confidential and proprietary information; and initiated the emails to Marriott threatening to publicly release Marriott’s data unless he was given a job on his terms by Marriott.
According to the plea agreement, Nemeth admitted that by using malware sent via email to specific employees at Marriott, he was able install malware on Marriott’s systems, giving him “backdoor” access to Marriott company information.
To further prove his identity as the hacker, Nemeth demonstrated exactly how he accessed the Marriott network; his continued ability to access the Marriott network; and the location of the stolen Marriott proprietary data on a server located in Hungary.
Marriott said it had to engage more than 100 of its employees in a thorough search of its network to determine the scope of the incident and to identify the data that may have been compromised. As a result, Marriott claims that the incident cost the company between $400,000 and $1 million in salaries, consultant expenses and other costs.
Nemeth was facing up to 10 years in prison for the transmission of the malicious code and up to 5 years in prison for threatening to expose confidential and proprietary information, so the sentence he recieved was significantly less than he could have been slapped with.
Nemeth, who originally pleaded guilty in Maryland on November 23, 2011, was also ordered to serve three years of supervised release following his prison term.