Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Maryland Man Gets 12 Months in Prison for Hacking Former Employer

A Maryland man was sentenced to 12 months and one day in prison for hacking into and damaging the computers of his former employer.

From January 5, 2004, through August 6, 2015, the man, Shannon Stafford, 50, of Crofton, Maryland, was employed at an unnamed international company with thousands of offices worldwide, in the IT department.

A Maryland man was sentenced to 12 months and one day in prison for hacking into and damaging the computers of his former employer.

From January 5, 2004, through August 6, 2015, the man, Shannon Stafford, 50, of Crofton, Maryland, was employed at an unnamed international company with thousands of offices worldwide, in the IT department.

Employed at the company’s Washington office, Stafford provided IT technical support to the organization’s Washington, McLean, Virginia, and Baltimore offices. He had access to the system login credentials of other employees and was authorized to use them for technical support.

The organization provided Stafford with a laptop in 2014 and, the same year, he was promoted to technical site lead for the Washington office, but was demoted in March 2015, due to performance issues.

As these issues continued, Stafford was fired on August 6, 2015, yet he did not return the laptop that was provided to him the year before.

On the same day, evidence shows, he repeatedly attempted to remotely access the organization’s network from that laptop, using his credentials and those of a former co-worker. Two days later, using the co-worker’s credentials, Stafford successfully accessed the computer under his desk in the Washington office.

Leveraging the unauthorized access, he erased all file storage drives used by the Washington office, then changed the credentials for the storage management system.

“The deletion of the files caused a severe disruption to the company’s operations and the loss of some customer and user data. Changing the password hindered the company’s efforts to determine what happened and restore access to its remaining files,” the Department of Justice announced.

Advertisement. Scroll to continue reading.

The company’s Washington users were unable to access their files for roughly three days, until the company was able to restore them from backups. However, customer and user data not included in the most recent backup prior to Stafford’s actions was lost.

During the following weeks, he unsuccessfully attempted to remotely access the organization’s network from his home multiple times using credentials that were not his, and wouldn’t stop even after a company representative asked him to cease and desist his attempts.

On September 14, 2015, Stafford attempted to access the network file storage system at the company’s Baltimore office, with the intent of erasing data, but failed as passwords were changed following his intrusion at the Washington office.

Stafford’s actions resulted in actual losses of at least $38,270. His former employer also incurred legal fees totaling $133,950, as well as a fee of over $21,000 for a forensic investigation.

In addition to prison time, Stafford was sentenced to three years of supervised release and was ordered to pay $193,258 in restitution.

Related: Nigerian Hacker Sentenced to Prison in U.S. for Targeting Government Employees

Related: ‘Dark Overlord’ Hacker Sentenced to 5 Years in Prison

Related: Moderator of AlphaBay Dark Web Marketplace Gets 11 Years in Prison

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cybercrime

Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.