Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Tracking & Law Enforcement

Hungarian Man Pleads Guilty to Hacking Marriott Systems, Demanding Job in IT Dept.

Hungarian Hacker Pleads Guilty After Hacking into Marriott Computers and Extorting Job in Company’s IT Department

A tough global economy has certainly created challenges for many people looking for jobs, but one Hungarian man took things to another level in an effort to gain employment at hotel giant Marriott International.

Hungarian Hacker Pleads Guilty After Hacking into Marriott Computers and Extorting Job in Company’s IT Department

A tough global economy has certainly created challenges for many people looking for jobs, but one Hungarian man took things to another level in an effort to gain employment at hotel giant Marriott International.

On Wednesday, Nov. 23, Attila Nemeth, a 26 year-old Hungarian citizen, pleaded guilty after hacking into Marriott computer systems, and threatening to reveal confidential company information he obtained if Marriott didn’t offer him a job.

Attila Nemeth Guilty for Hacking into Marriott Systems

According to court documents, Nemeth started his malicious quest to land a job at Marriott by sending an email to Marriott personnel, letting them know that he had been accessing the company’s computers for months and had obtained proprietary company information.

After not receiving a response, in an effort to prove his claims, Nemeth sent another email, this time containing eight documents, seven of which were confirmed as documents stored on Marriott’s systems. In the email he threatened to reveal the information he obtained if Marriott did not give him a job in the company’s IT department.

This time around, Nemeth got something back. According to the plea agreement, on Nov. 18, 2010, Marriott worked with the U.S. Secret Service to create the identity of fictitious Marriott employee for the use by the Secret Service in an undercover operation to communicate with Nemeth. Nemeth, thinking he was communicating with Marriott HR personnel, continued to call and email the undercover agent, and demanded a job with Marriott in order to prevent the public release of the Marriott documents. Nemeth went as far as to email a copy of his Hungarian passport to prove his identification and have travel arranged to the United States.

You May Like > Man Pleads Guilty to Hacking Neighbor’s Wi-Fi, Sending Threats against Vice President

Assuming his efforts were working, and the possibility of a new job with Marriott in his sights, Nemeth arrived at Washington Dulles Airport on Jan. 17, 2011, on an airline ticket purchased by Marriott for him, for what he thought would be a job interview with Marriott personnel. Unbeknownst to him, he was actually being “interviewed” by a Secret Service agent posing as a Marriott employee.

Advertisement. Scroll to continue reading.

During the course of the “interview,” Nemeth admitted that he accessed Marriott’s computer systems; stole Marriott’s confidential and proprietary information; and initiated the emails to Marriott threatening to publicly release Marriott’s data unless he was given a job on his terms by Marriott.

According to the plea agreement, Nemeth admitted that by using malware sent via email to specific employees at Marriott, he was able install malware on Marriott’s systems, giving him “backdoor” access to Marriott company information.

To further prove his identity as the hacker, Nemeth demonstrated exactly how he accessed the Marriott network; his continued ability to access the Marriott network; and the location of the stolen Marriott proprietary data on a server located in Hungary.

Marriott said it had to engage more than 100 of its employees in a thorough search of its network to determine the scope of the incident and to identify the data that may have been compromised. As a result, Marriott claims that the incident cost the company between $400,000 and $1 million in salaries, consultant expenses and other costs.

Nemeth faces up to 10 years in prison for the transmission of the malicious code and up to 5 years in prison for threatening to expose confidential and proprietary information. He is scheduled to be sentenced on Feb. 3, 2012, and remains in custody in the meantime.

Related Reading:

Former Goldman Sachs Programmer Found Guilty After Stealing Computer Code

Chinese National Pleads Guilty to Stealing Ford Trade Secrets

Former Bristol-Myers Squibb Employee Pleads Guilty to Theft of Trade Secrets

 Akamai Employee Arrested, Accused of Trying to Sell Information to Foreign Government

Written By

For more than 15 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

People on the Move

Former DoD CISO Jack Wilmer has been named CEO of defensive and offensive cyber solutions provider SIXGEN.

Certificate lifecycle management firm Sectigo has hired Jason Scott as its CISO.

The State of Vermont has appointed John Toney as the state’s new CISO.

More People On The Move

Expert Insights

Related Content

Cybercrime

Daniel Kelley was just 18 years old when he was arrested and charged on thirty counts – most infamously for the 2015 hack of...

Cybercrime

No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.

Cybercrime

The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.

Ransomware

The Hive ransomware website has been seized as part of an operation that involved law enforcement in 10 countries.

Privacy

Employees of Chinese tech giant ByteDance improperly accessed data from social media platform TikTok to track journalists in a bid to identify the source...

CISO Strategy

The SEC filed charges against SolarWinds and its CISO over misleading investors about its cybersecurity practices and known risks.

Cybercrime

A global cyber espionage campaign has resulted in the networks of many organizations around the world becoming compromised after the attackers managed to breach...

Ransomware

US government reminds the public that a reward of up to $10 million is offered for information on cybercriminals, including members of the Hive...