Thursday, June 13, 2024

Cloud Engineer Sentenced for Deleting Ex-employer’s Code Repos & Logs

San Francisco resident Miklos Daniel Brody, 38, took revenge on his former employer, a bank, by hacking valuable computer code and damaging the bank’s cloud system. And the Cloud Engineer Sentenced.

After stealing information from and purposefully damaging a protected computer, he was sentenced to 24 months in prison for breaking the Computer Fraud and Abuse Act. He was also found guilty of making false statements to a government agency.

Brody worked as a cloud engineer for a San Francisco-based First Republic Bank (FRB) until March 11, 2020, when he was fired for breaking corporate policy.

Brody Accessed the FRB’s Bank Computer Network

In the superseding indictment, it is claimed that Brody accessed the FRB’s computer network without permission and caused significant damage later that evening and early the next morning using his company-issued laptop, which he failed to return after being fired.

That evening, after breaking into FRB’s computer system, BRODY started executing scripts to delete code and harm the software infrastructure.

After using the VPN to get access to the FRB computer system, BRODY established a connection to the “Jumpbox,” the secured host server. 

The complaint claims that it allowed him to access the code repositories on “Devbox” and “Github.” Utilizing the “grand.sh” script concealed under a network information folder, he terminated nearly every instance within Amazon Web Services (AWS).

Additionally, he sent himself a proprietary bank code that he had worked on while employed; the code was worth more than $5,000. 

The DOJ claims that BRODY deleted the bank’s code repositories, erased logs containing malicious scripts, left taunts for former colleagues in the bank’s code, and initiated sessions under the identities of other bank workers.

Judge Orrick calculated the overall cost of the system damage to the bank to be at least $220,621.22 during the sentencing hearing.

The superseding indictment also claims that Brody committed several evasive and dishonest acts in the days and weeks that followed his termination, such as submitting a police report in which he lied to the San Francisco Police Department that his company-issued laptop had been stolen from his car while he was exercising at the gym.

Brody doubled down on that false allegation in statements he made to USSS agents during an interview following his arrest in March 2021.

Brody acknowledged making a false claim regarding the company-issued laptop in his guilty plea application, and he acknowledged that he was aware of the dishonesty of the claim at the time.

The Sentencing

Miklos Daniel Brody was given a 24-month prison term today for both hacking into a network and lying to a government organization.

Judge Orrick not only sentenced Brody to jail but also mandated that he pay $529,266.37 in restitution and serve three years of supervised release following his prison term.

Website

Latest articles

CISA Warns of Scammers Impersonating as CISA Employees

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about a surge...

Microsoft Windows Ntqueryinformationtoken Flaw Let Attackers Escalate Privileges

Microsoft has disclosed a critical vulnerability identified as CVE-2024-30088.With a CVSS score of 8.8, this flaw affects Microsoft...

256,000+ Publicly Exposed Windows Servers Vulnerable to MSMQ RCE Flaw

Cybersecurity watchdog Shadowserver has identified 256,000+ publicly exposed servers vulnerable to a critical Remote...

Indian National Jailed For Hacked Servers Of Company That Fired Him

An Indian national was sentenced to two years and eight months in jail for...

JetBrains Warns of GitHub Plugin that Exposes Access Tokens

A critical vulnerability (CVE-2024-37051) in the JetBrains GitHub plugin for IntelliJ-based IDEs (2023.1 and...

Critical Flaw In Apple Ecosystems Let Attackers Gain Unauthorized Access

Hackers go for Apple due to its massive user base along with rich customers,...

Hackers Exploiting Linux SSH Services to Deploy Malware

SSH and RDP provide remote access to server machines (Linux and Windows respectively) for...
Guru baran
Guru baranhttps://gbhackers.com
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Free Webinar

API Vulnerability Scanning

71% of the internet traffic comes from APIs so APIs have become soft targets for hackers.Securing APIs is a simple workflow provided you find API specific vulnerabilities and protect them.In the upcoming webinar, join Vivek Gopalan, VP of Products at Indusface as he takes you through the fundamentals of API vulnerability scanning..
Key takeaways include:

  • Scan API endpoints for OWASP API Top 10 vulnerabilities
  • Perform API penetration testing for business logic vulnerabilities
  • Prioritize the most critical vulnerabilities with AcuRisQ
  • Workflow automation for this entire process

Related Articles