Cloud Engineer Sentenced for Deleting Ex-employer’s Code Repos & Logs

San Francisco resident Miklos Daniel Brody, 38, took revenge on his former employer, a bank, by hacking valuable computer code and damaging the bank’s cloud system. And the Cloud Engineer Sentenced.

After stealing information from and purposefully damaging a protected computer, he was sentenced to 24 months in prison for breaking the Computer Fraud and Abuse Act. He was also found guilty of making false statements to a government agency.

Brody worked as a cloud engineer for a San Francisco-based First Republic Bank (FRB) until March 11, 2020, when he was fired for breaking corporate policy.

Brody Accessed the FRB’s Bank Computer Network

In the superseding indictment, it is claimed that Brody accessed the FRB’s computer network without permission and caused significant damage later that evening and early the next morning using his company-issued laptop, which he failed to return after being fired.

That evening, after breaking into FRB’s computer system, BRODY started executing scripts to delete code and harm the software infrastructure.

After using the VPN to get access to the FRB computer system, BRODY established a connection to the “Jumpbox,” the secured host server. 

The complaint claims that it allowed him to access the code repositories on “Devbox” and “Github.” Utilizing the “grand.sh” script concealed under a network information folder, he terminated nearly every instance within Amazon Web Services (AWS).

Additionally, he sent himself a proprietary bank code that he had worked on while employed; the code was worth more than $5,000. 

The DOJ claims that BRODY deleted the bank’s code repositories, erased logs containing malicious scripts, left taunts for former colleagues in the bank’s code, and initiated sessions under the identities of other bank workers.

Judge Orrick calculated the overall cost of the system damage to the bank to be at least $220,621.22 during the sentencing hearing.

The superseding indictment also claims that Brody committed several evasive and dishonest acts in the days and weeks that followed his termination, such as submitting a police report in which he lied to the San Francisco Police Department that his company-issued laptop had been stolen from his car while he was exercising at the gym.

Brody doubled down on that false allegation in statements he made to USSS agents during an interview following his arrest in March 2021.

Brody acknowledged making a false claim regarding the company-issued laptop in his guilty plea application, and he acknowledged that he was aware of the dishonesty of the claim at the time.

The Sentencing

Miklos Daniel Brody was given a 24-month prison term today for both hacking into a network and lying to a government organization.

Judge Orrick not only sentenced Brody to jail but also mandated that he pay $529,266.37 in restitution and serve three years of supervised release following his prison term.