IT employee piggybacked on cyberattack for personal gain

A 28-year-old former IT employee of an Oxford-based company has been convicted of blackmailing his employer and unauthorized access to a computer with intent to commit other offences, after pleading guilty during a hearing at Reading Crown Court, England.

IT employee blackmailing his own company

The man was employed as an IT Security Analyst when, on February 27, 2018, the company suffered a cyber security incident that resulted in the attacker gaining unauthorized access to part of the company’s computer systems.

“The attacker notified senior members of the company and demanded a ransom payment,” the South East Regional Organised Crime Unit (SEROCU) has shared.

The convicted employee was the one who began to investigate the incident and, along with colleagues and the police, tried to mitigate it and its fallout.

But he also realized that he could take advantage of the breach to line his own pockets.

“He accessed a board member’s private emails over 300 times as well as altering the original blackmail email and changing the payment address provided by the original attacker. This was in the hope that if payment was made, it would be made to him rather than the original attacker,” SEROCU revealed.

He went as far as creating an almost identical email address to that of the original attacker, using it to pressure his employer into making the payment.

Getting caught

Ultimately, the payment was not made, and the unauthorized access to the emails was discovered and traced back to the man’s home. Following his arrest, the police conducted a search of his residence, seizing a computer, laptop, phone, and USB stick.

Although the man had attempted to wipe all the data, law enforcement authorities were able to recover it successfully, presenting it as crucial evidence against him.

For the past five years, he denied any involvement in the crime, but during a recent hearing at the Reading Crown Court, he finally pleaded guilty to the charges and will be sentenced on July 11.

Insider threats

The unlucky company had to contend not only with an external attack, but also an internal one.

This incident has showcased the dangers posed by malicious insiders within organizations.

While some insider threats may stem from negligence or ignorance, this case highlights a more sinister scenario involving an malicious, opportunistic individual. Malicious insiders exploit their authorized access and privileges to engage in harmful, unethical, or illegal activities.

UPDATE (July 18, 2023, 03:40 a.m. ET):

The man has been sentenced to a jail term of three years and seven months.

Don't miss