nav search
Data Center Software Security Transformation DevOps Business Personal Tech Science Emergent Tech Bootnotes BOFH

Engineer gets 18 months in the clink for looting ex-bosses' FTP server

Chap admits he carried on accessing confidential email, schematics after qutting

By Iain Thomson, 8 Aug 2017

An engineer has been jailed for 18 months after admitting to stealing blueprints from his former employer's FTP server.

Jason Needham, 45, of Arlington, Tennessee, USA, worked at engineering firm Allen & Hoshall until 2013, when he left to set up his own consultancy, HNA. But in the two years following his departure he hacked his former employer's file server repeatedly and downloaded schematics, staff emails, and budget and marketing documents.

"This case shows that law enforcement officials throughout the Western District of Tennessee will work together to ensure that individuals participating in any criminal act will be brought to justice," said acting state attorney Lawrence Laurenzi.

"The corporate community is a vital part of growth and development for any city. Security crimes will not be tolerated in this district. We will come after you."

Earlier this year, a Tennessee district heard that Needham accessed the email account of a former colleague at Allen & Hoshall and used it to plunder documents. The IP address Needham used to illegally access the inbox was logged, and traced back to Needham's home internet connection.

He also got access to Allen & Hoshall's FTP server and downloaded more than 100 PDF documents and 82 AutoCAD files containing A&H's schematics, job bids, and other proprietary information.

Even though the passwords were changed routinely on the FTP service, Needham was still able to get in, the court heard. Needham's business partner at HNA urged him to stop raiding the remote servers, comparing it to the St Louis Cardinals hacking scandal.

"I never had a criminal intent. It was a habit, like checking in with an extended family," Needham told the court.

"I had a desire to maintain continuity of the projects I started at A&H. I can see now in hindsight that continuing to access their system could give someone a competitive advantage, but I never intended to use that to gain an advantage."

Continuity, mmm hmm

The intrusion was uncovered when a client of Allen & Hoshall got in contact with the engineering and design biz after receiving an unsolicited business proposal from Needham that matched the language used in a similar pitch from Allen & Hoshall. The FBI were called in and the computer intrusion discovered.

"We are grateful that the government conducted such a prosecution in this case," said a spokesperson for Allen & Hoshall.

"We believe the Court's sentence will send a clear message to Mr Needham and the greater business community that cybercrimes, electronic snooping and otherwise accessing electronic information without authorization are real crimes that are unacceptable under the law and are subject to severe penalties."

In April this year, Needham pleaded guilty to one count of intentionally accessing a computer network without authorization and agreed to forfeit his engineering license. On Friday last week, US District Judge John Fowlkes sentenced the rogue employee to 18 months in prison and two years' supervised release, and instructed him to pay $172,393.71 to Allen & Hoshall. ®

The Register - Independent news and views for the tech sector. Part of Situation Publishing