Programmer sentenced for accessing ATMs using malicious code

A former Bank of America (BOA) computer programmer was sentenced to 27 months in federal prison for unauthorized access to the financial institution’s protected computers.

U.S. District Judge Frank D. Whitney also ordered Rodney Reed Caverly to pay restitution in the amount of $419,310.90. The restitution amount includes $284,750 Caverly stole from ATMs and $134,750.90 in costs incurred by BOA to remove from the bank’s ATM computer system a malicious computer code entered by Caverly. U.S. Secret Service agents also recovered $167,010 of stolen cash based on information provided by the defendant.

According to court records and sentencing proceedings, Caverly, who was hired by BOA to design and maintain its computer systems, had been assigned to work on a project involving the bank’s ATM system.

Filed documents and court records show that from March 2009 to October 2009, Caverly knowingly and with intent to defraud exceeded his authorized access by gaining access to one or more protected BOA computers and deployed a malicious computer code to select BOA ATMs.

The malicious code caused a limited number of infected ATMs to disburse cash from the ATMs without any transaction record of the cash disbursements. The code Caverly entered caused only the unauthorized disbursement of cash stored in the ATM machines and did not affect any financial accounts of BOA’s customers.

Caverly pleaded guilty on April 13, 2010 and was released pending his sentencing hearing. Upon designation to a federal facility, he will report to the custody of the Federal Bureau of Prisons. Federal sentences are served without the possibility of parole.