Cloud engineer wreaks havoc on bank network after getting fired

Trending 2 months ago

An ex-First Republic Bank unreality technologist was sentenced to 2 years successful situation for causing much than $220,000 successful harm to his erstwhile employer's machine web aft allegedly utilizing his company-issued laptop to watch pornography.

Miklos Daniel Brody, 38, of San Francisco, pleaded blameworthy successful April to 2 charges of violating nan Computer Fraud and Abuse Act aft obtaining accusation from and intentionally damaging a protected computer, and 1 complaint of making mendacious statements to a authorities agency. 

In summation to spending 2 years down bars, nan judge ordered Brody to salary $529,266.37 successful restitution and service 3 years of supervised merchandise aft he's retired of jail.

 Brody worked arsenic a unreality technologist for First Republic Bank until March 11, 2020, erstwhile he was fired for violating institution policy. Earlier that month, nan bank's infosec squad received a notification that Brody had utilized 1 of his company-issued computers for non-work purposes, allegedly plugging aggregate flash drives into nan laptop, and downloading files, immoderate of which contained pornography. 

This prompted a gathering pinch nan bank's VP of quality resources, and during that speech Brody allegedly claimed friends gave him nan USB drives that he thought contained nan movie "The Matrix," and each he did was unwittingly  plug them into his computer.

The pursuing day, March 11, 2020 Brody sent a rambling email to nan VP, according to tribunal documents [PDF]. Here's a snippet, arsenic written:

Those excuses did not work, and later that day, Brody was fired during different gathering pinch slope executives and escorted disconnected nan premises. His bosses had asked him to bring his company-issued MacBook to nan meeting, but he did not, truthful they told him to return it via mail. 

But alternatively of doing that, Brody allegedly went location and that evening wreaked havoc connected First Republic Bank's web successful retaliation for getting canned, according to tribunal documents. aft much than 2 hours earlier his credentials were revoked.

"Once Brody accessed nan FRB machine strategy done nan VPN connection, he connected to FRB's protected Jumpboxhost server "Jumpbox." This enabled him to entree nan codification repositories successful nan "Devbox" and "Github," nan title alleges.

He allegedly deployed malware and near code-related "taunts" for his erstwhile co-workers, deleted codification repositories and machine logs, "broke" Ansible Tower, locked users retired of 1 of nan bank's Amazon services, damaged "multiple areas" of nan IT environment, and emailed himself proprietary slope codification that he had worked connected and was weighted astatine much than $5,000.

While Brody logged successful pinch his ain ID and multi-factor password, he besides impersonated a coworker, "senior unreality technologist A.A," who had received a promotion that, it's claimed, Brody "coveted." A.A confirmed that they had not accessed nan strategy astatine that time.

According to nan bank's estimates, nan full harm exceeded $220,000.

  • Rogue ex-Motorola techie admits cyberattack connected erstwhile employer, passport fraud
  • 'Serial cybercriminal and scammer' jailed for 8 years, told to salary backmost $1.2M
  • Interpol moves against quality traffickers who enslave group to scam you online
  • BlackCat ransomware crims frighten to straight extort victim's customers

After discovering nan integer break-in, nan bank's HD section called Body and demanded he surrender his computer. Brody didn't, and successful an email to nan slope said:

"You guys and frankly FRB near maine successful a financial hardship business successful nan mediate of nan corona microorganism outbreak pinch this abrupt termination and nary severance package. In my sentiment this is particularly harsh and sadistic fixed my ~2 years of work and difficult activity pinch bully religion and fantabulous performance."

Over nan adjacent days and weeks, Brody allegedly came up pinch respective much excuses arsenic to why he couldn't return nan bank-issued device, including filing a mendacious constabulary study pinch nan San Francisco Police Department claiming nan laptop had been stolen from his car while he was moving retired astatine nan gym. 

Brody past doubled down connected that mendacious allegation successful statements he made to US Secret Service agents. He later admitted making mendacious statements astir nan company-issued laptop successful his blameworthy plea.

At his sentencing hearing, nan judge wished nan full costs to nan bank's systems was slightest $220,621.22. It would person truthful overmuch easier, and cheaper, to simply fastener down nan relationship arsenic they near nan building, but it seems immoderate folks still haven't sewage that message. ®