Threat Management, Incident Response, Network Security, TDR

IT worker pleads guilty to crippling ex-employer’s network

A former IT worker pleaded guilty in federal court Tuesday to launching an attack that crippled his ex-employer's computer network and caused the company hundreds of thousands of dollars in damages.

Jason Cornish, 37, of Smyrna, Ga., faces up to 10 years in prison and a $250,000 fine for breaking into the  network of Shionogi, the U.S.-based subsidiary of a Japanese pharmaceutical company, and deleting the contents of 15 virtual hosts that housed the equivalent of 88 servers, U.S. prosecutors said in a news release Tuesday.

Cornish, who began working for Shionogi in 2009, but quit the following year after a dispute with a senior manager, carried out the cyber assault after a close friend was fired from the company, prosecutors said.

According to court documents, Cornish launched the attack in the early morning hours of Feb. 3 over the Wi-Fi network of a McDonald's in Smyrna. He used legitimate user credentials to gain access to a company server, and then, one by one, deleted the contents of each virtual host on Shionogi's networks. To delete the hosts, he used a program, vSphere, that he planted on the server several weeks earlier.

The deleted servers housed most of Shionogi's computer infrastructure, including its email and BlackBerry servers, order tracking system and financial management software, according to the U.S. Justice Department.

“The attack effectively froze Shionogi's operations for a number of days, leaving company employees unable to ship product, cut checks or communicate by email,” the release said.

In its investigation, FBI agents examined firewall logs that were not affected by attack and traced the activity back to a computer connected to the free network at the McDonald's. Agents discovered that Cornish had used his credit card at the restaurant to make a purchase just minutes before the attack.

In total, Shionogi incurred $300,000 in damages responding to the attack, conducting damage assessments and restoring its network, prosecutors said. Cornish is scheduled to be sentenced on Nov. 10.

An In-Depth Guide to Network Security

Get essential knowledge and practical strategies to fortify your network security.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds