Sysadmin passed over for promotion quits, then strikes back
Courtesy Lee Hutchinson, ArsTechnica
The idea of the disgruntled sysadmin turning techno-Robin Hood and giving his or her employer a taste of their own medicine is almost universally popular on tech-centric sites and message boards. However, things almost never work out positively for the people who turn revenge-fantasy into reality. The latest sysadmin to strike back, Smithtown, NY-based Michael Meneses, is facing federal charges for allegedly causing over $90,000 in damage to his employer, the Spellman High Voltage Electronics Corporation.
According to the New York Times and several other sources (including ComputerWorld), Meneses’ primary task at Spellman was managing the company’s enterprise resources management application. As anyone who’s been in IT for any length of time knows, ERP applications are almost always cranky and expensive beasts that require employees dedicated to their care and feeding. Meneses’ specialty looks to have been with Fujitu’s Glovia ERP application (indeed, on a LinkedIn page that appears to belong to Meneses, he describes himself as an "ERP Guru").
Meneses was one of two employees responsible for the ERP management and customization, and multiple sources describe Meneses as being angry in late 2011 for being passed over for promotion. So angry, in fact, that he allegedly tendered his two-weeks notice in response. His role as ERP administrator gave him privileged access to at least some of the company’s IT systems, and though it’s impossible to say exactly what happened, the Times’ piece reports that before his access was removed, coworkers witnessed Meneses copying files off of his company computer onto a flash drive.
After his employment was terminated, the FBI claims Meneses embarked on a three-week revenge campaign against the company, causing "over $90,000" in damage to Spellman’s business. The actual descriptions of what Meneses is supposed to have done and the methods allegedly used are annoyingly vague across all the available sources, with all agreeing that he "hacked into the company’s network." According to the reports, Meneses then deployed "a program that captured user log-in names and passwords" of his former coworkers. The FBI’s press release also says that he used stolen user credentials to access Spellman’s network via a VPN connection, where he then "corrupt[ed] the network," whatever that means.
However, more than just stealing credentials and "corrupting the network," the FBI says that Meneses also inflicted substantial damage on the company’s operations. Once in possession of several employees’ credentials, he is alleged to have altered the company’s business calendar by a full month, causing problems across all aspects of the business, including finance and production. He also is alleged to have sent at least one e-mail to a prospective new employee seeking to fill his old job, telling the candidate, "Don’t accept any position" with the company.
Federal investigators, responding to the company’s complaints, examined the changes to the business calendar and noted that they were made by an account logged in via VPN, which they "traced" to a hotel in North Carolina, near Meneses’ new job. The hotel’s guest register showed that Meneses was staying there when the calendar hack occurred, and he was taken into federal custody shortly after.
Now back in New York, Meneses last Thursday officially denied the allegations of "hacking" and was released on a $50,000 bond. If the case goes to trial and Meneses is convicted, he will face up to ten years in prison and a $250,000 fine.