Ex employee hacked into high-voltage power manufacturer’s network

A criminal complaint was unsealed on Thursday in federal court in the Eastern District of New York charging Michael Meneses – who was arrested earlier that day in Smithtown, Long Island – with hacking into the computer network of a company that manufactures high-voltage power supplies, causing the company over $90,000 in damage.

According to the complaint, until January 2012, he was employed at Spellman High Voltage Electronics Corporation as a software programmer and system manager specializing in developing and customizing the software that the company used to run its business operations.

A specialist in “enterprise resource planning” who had worked at the victim company for years, Meneses was one of two employees who were primarily responsible for ensuring that the software that drove the company’s manufacturing business- including its production planning, purchasing, and inventory control – operated efficiently. His responsibilities gave him high-level access to the company’s computer network.

As alleged in the complaint, Meneses, who had voiced displeasure at having been passed over for promotions, tendered his resignation from the victim company in late December 2011, giving two weeks’ notice.

After his network access was terminated, he allegedly launched a three-week campaign to inflict damage on the company by gaining unauthorized access to its network and sabotaging the company’s business.

He employed various high-tech methods to hack into the victim company’s network and steal his former colleagues’ security credentials, including writing a program that captured user log-in names and passwords. He then used the security credentials of at least one former colleague to remotely access the network via a virtual private network (VPN) from his home and from a hotel located near his new employer, corrupting the network.

His efforts ranged from using a former colleague’s e-mail account to discourage new applicants from taking his position, to sending commands to alter the business calendar by one month, disrupting the company’s production and finance operations. The company suffered over $90,000 in damages as a result of his intrusions.

If convicted, he faces a maximum sentence of 10 years’ imprisonment, a $250,000 fine, and restitution. He has pleaded “not guilty” to the charges and has been release on a $50,000 bond until the start of the trial.

Don't miss