Wednesday, October 9, 2024
HomeCloudCloud Engineer Sentenced for Deleting Ex-employer’s Code Repos & Logs

Cloud Engineer Sentenced for Deleting Ex-employer’s Code Repos & Logs

Published on

San Francisco resident Miklos Daniel Brody, 38, took revenge on his former employer, a bank, by hacking valuable computer code and damaging the bank’s cloud system. And the Cloud Engineer Sentenced.

After stealing information from and purposefully damaging a protected computer, he was sentenced to 24 months in prison for breaking the Computer Fraud and Abuse Act. He was also found guilty of making false statements to a government agency.

Brody worked as a cloud engineer for a San Francisco-based First Republic Bank (FRB) until March 11, 2020, when he was fired for breaking corporate policy.

- Advertisement - EHA

Brody Accessed the FRB’s Bank Computer Network

In the superseding indictment, it is claimed that Brody accessed the FRB’s computer network without permission and caused significant damage later that evening and early the next morning using his company-issued laptop, which he failed to return after being fired.

That evening, after breaking into FRB’s computer system, BRODY started executing scripts to delete code and harm the software infrastructure.

After using the VPN to get access to the FRB computer system, BRODY established a connection to the “Jumpbox,” the secured host server. 

The complaint claims that it allowed him to access the code repositories on “Devbox” and “Github.” Utilizing the “grand.sh” script concealed under a network information folder, he terminated nearly every instance within Amazon Web Services (AWS).

Additionally, he sent himself a proprietary bank code that he had worked on while employed; the code was worth more than $5,000. 

The DOJ claims that BRODY deleted the bank’s code repositories, erased logs containing malicious scripts, left taunts for former colleagues in the bank’s code, and initiated sessions under the identities of other bank workers.

Judge Orrick calculated the overall cost of the system damage to the bank to be at least $220,621.22 during the sentencing hearing.

The superseding indictment also claims that Brody committed several evasive and dishonest acts in the days and weeks that followed his termination, such as submitting a police report in which he lied to the San Francisco Police Department that his company-issued laptop had been stolen from his car while he was exercising at the gym.

Brody doubled down on that false allegation in statements he made to USSS agents during an interview following his arrest in March 2021.

Brody acknowledged making a false claim regarding the company-issued laptop in his guilty plea application, and he acknowledged that he was aware of the dishonesty of the claim at the time.

The Sentencing

Miklos Daniel Brody was given a 24-month prison term today for both hacking into a network and lying to a government organization.

Judge Orrick not only sentenced Brody to jail but also mandated that he pay $529,266.37 in restitution and serve three years of supervised release following his prison term.

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Badge and CyberArk Announce Partnership to Redefine Privacy in PAM and Secrets Management

Partnership aims to help businesses eliminate vulnerable attack surfaces and provide a more streamlined...

LemonDuck Malware Exploiting SMB Vulnerabilities To Attack Windwos Servers

The attackers exploited the EternalBlue vulnerability to gain initial access to the observatory farm,...

Critical Automative 0-Day Flaws Let Attackers Gain Full Control Over Cars

Recent discoveries in the automotive cybersecurity landscape have unveiled a series of critical zero-day...

Likho Hackers Using MeshCentral For Remotely Managing Victim Systems

The Awaken Likho APT group launched a new campaign in June of 2024 with...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

Likho Hackers Using MeshCentral For Remotely Managing Victim Systems

The Awaken Likho APT group launched a new campaign in June of 2024 with...

Hackers Gained Unauthorized Network Access to Casio Networks

Casio Computer Co., Ltd. has confirmed that a third party illegally accessed its network...

Open-Source Scanner Released to Detect CUPS Vulnerability

A new open-source scanner has been released to detect a critical vulnerability in the...