Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Maryland Man Gets 12 Months in Prison for Hacking Former Employer

A Maryland man was sentenced to 12 months and one day in prison for hacking into and damaging the computers of his former employer.

From January 5, 2004, through August 6, 2015, the man, Shannon Stafford, 50, of Crofton, Maryland, was employed at an unnamed international company with thousands of offices worldwide, in the IT department.

A Maryland man was sentenced to 12 months and one day in prison for hacking into and damaging the computers of his former employer.

From January 5, 2004, through August 6, 2015, the man, Shannon Stafford, 50, of Crofton, Maryland, was employed at an unnamed international company with thousands of offices worldwide, in the IT department.

Employed at the company’s Washington office, Stafford provided IT technical support to the organization’s Washington, McLean, Virginia, and Baltimore offices. He had access to the system login credentials of other employees and was authorized to use them for technical support.

The organization provided Stafford with a laptop in 2014 and, the same year, he was promoted to technical site lead for the Washington office, but was demoted in March 2015, due to performance issues.

As these issues continued, Stafford was fired on August 6, 2015, yet he did not return the laptop that was provided to him the year before.

On the same day, evidence shows, he repeatedly attempted to remotely access the organization’s network from that laptop, using his credentials and those of a former co-worker. Two days later, using the co-worker’s credentials, Stafford successfully accessed the computer under his desk in the Washington office.

Leveraging the unauthorized access, he erased all file storage drives used by the Washington office, then changed the credentials for the storage management system.

“The deletion of the files caused a severe disruption to the company’s operations and the loss of some customer and user data. Changing the password hindered the company’s efforts to determine what happened and restore access to its remaining files,” the Department of Justice announced.

The company’s Washington users were unable to access their files for roughly three days, until the company was able to restore them from backups. However, customer and user data not included in the most recent backup prior to Stafford’s actions was lost.

During the following weeks, he unsuccessfully attempted to remotely access the organization’s network from his home multiple times using credentials that were not his, and wouldn’t stop even after a company representative asked him to cease and desist his attempts.

On September 14, 2015, Stafford attempted to access the network file storage system at the company’s Baltimore office, with the intent of erasing data, but failed as passwords were changed following his intrusion at the Washington office.

Stafford’s actions resulted in actual losses of at least $38,270. His former employer also incurred legal fees totaling $133,950, as well as a fee of over $21,000 for a forensic investigation.

In addition to prison time, Stafford was sentenced to three years of supervised release and was ordered to pay $193,258 in restitution.

Related: Nigerian Hacker Sentenced to Prison in U.S. for Targeting Government Employees

Related: ‘Dark Overlord’ Hacker Sentenced to 5 Years in Prison

Related: Moderator of AlphaBay Dark Web Marketplace Gets 11 Years in Prison

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Cybercrime

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cybercrime

The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.

Cybercrime

A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of...

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

CISA, NSA, and MS-ISAC issued an alert on the malicious use of RMM software to steal money from bank accounts.

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.

Cybercrime

Video games developer Riot Games says source code was stolen from its development environment in a ransomware attack