Hungarian hotel hacker sentenced to 30 months in prison
US authorities jail man for extorting Marriott International
By Jaikumar Vijayan | Computerworld US | Published: 10:05, 06 February 2012
A Hungarian hacker who attempted to extort money from Marriott by stealing confidential data from its computers and threatening to expose it was sentenced to 30 months in prison last week.
Attila Nemeth, 26, will also serve three years of supervised release following his prison term, US prosecutors said. Nemeth had previously pleaded guilty to charges of transmitting malicious code and attempted extortion.
According to court documents, Nemeth informed Marriott officials in November 2010 that he had gained access to the company's computers and had stolen proprietary information from its systems.
Related Articles on Techworld
As proof, he emailed Marriott eight documents, seven of which were later confirmed to be proprietary company information. The stolen data included sensitive financial information.
An investigation by Marriott showed that Nemeth had planted two remotely controlled Trojans on the company's systems that allowed him access to other systems on the network. Nemeth gained initial access to the systems by getting a handful of Marriott employees to click on infected email attachments that he had sent to them.
Nemeth threatened to release the data he had stolen to Marriott's rivals or to its employees, or post it publicly if the company did not give him a job. His demands included a job based in Europe paying at least $150,000 (£95,000) annually, a hotel room in any hotel of his choice, free flights to wherever he wanted and the right to work whenever he felt like it.
In exchange, Nemeth said he would destroy the stolen data in two years.
"You fire your incompetent IT staff and hire me as an outside contractor to take care of your IT network security," Nemeth wrote. "After my new job works out for a couple of years all the docs I collected from your network going to wanish (sic)," he wrote.
A US Secret Service agent, posturing as "Phillip Bender," a Marriott IT executive, established contact with Nemeth and engaged him in a discussion about a possible job. Nemeth agreed to come to the US for an employment interview with Marriott.
The agent, masquerading as the Marriott executive, interviewed the hacker. Nemeth, believing he was speaking with a Marriott executive, disclosed details of how he had gained access to the company's systems, and the location of the servers where the stolen data was stored.
The loss to Marriott as a result of Nemeth's intrusion was about $1 million in salaries, consultant expenses and other costs.
