Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
Privacy Security IT Technology

Prison Time For Manager Who Hacked Ex-Employer's FTP Server, Email Account (bleepingcomputer.com) 37

Catalin Cimpanu, writing for BleepingComputer: Jason Needham, 45, of Arlington, Tennessee was sentenced last week to 18 months in prison and two years of supervised release for hacking his former company's FTP server and the email account of one of his former colleagues. Needham did all the hacking after he left his former employer, Allen & Hoshall (A&H), a design and engineering firm for which he worked until 2013. Needham left to create his own company named HNA Engineering together with a business partner. HNA is also a design and engineering firm. According to court documents obtained by Bleeping Computer, between May 2014 and March 2016, Needham hacked into the email account of one of his former co-workers. From this account, the FBI says Needham took sensitive business information, company fee structures, marketing plans, project proposals, and lists of credentials for A&H's FTP server. A&H rotated its FTP credentials every six months, but Needham acquired new logins from his former colleague's email account.
This discussion has been archived. No new comments can be posted.

Prison Time For Manager Who Hacked Ex-Employer's FTP Server, Email Account

Comments Filter:
  • Hacking? (Score:4, Insightful)

    by Nutria ( 679911 ) on Wednesday August 09, 2017 @04:20PM (#54978165)

    Or "using a password you picked up while still at the firm"?

    • This definition of "hacking" has always bugged the shit out of me.
      The act of hacking is a beautiful thing. Figuring out someone's password and proclaiming you "hacked" them is fucking disgraceful.

    • by mjwx ( 966435 )

      Or "using a password you picked up while still at the firm"?

      This, the headline tries to infer that he was imprisoned for hacking, the summary says he was imprisoned for corporate espionage, whether he did that by electonic means or walking out the front door with a bunch of paper files under his arm does not matter.

      • by Shimbo ( 100005 )

        He was imprisoned for unauthorized access to a computer under the CFAA. Commonly, that's hacking.

  • by SensitiveMale ( 155605 ) on Wednesday August 09, 2017 @04:21PM (#54978179)

    Have to plan ahead.

  • before you leave.
    I am fanatical about it. As you are training your replacement remove all your access. Last thing I do is change my password to something like "N[Sf+JbQ*"X5ReXL54DwUp5>%&{lU3`yP^9T>Bumh~N"L"N9CB,Fu58", with me having no record of it. Then have my replacement disable my account. (Since most places I have worked we used Jira, accounts are really difficult to delete.)
    This insures that I am never even tempted to see if I have access, and if some ID10T reactivates my account in the
  • So just because the article contains the word "hacking" (regardless of how aptly it was used), this is now News for Nerds / Stuff that Matters?

    Unless there are some mitigating factors here to discuss, it looks like this is a very open and shut case of "Idiot knowingly accessed a system without authorization and stole his previous company's data to use in direct competition."

    In other news, everyone's local police forces arrested a number of people for various offenses which they allegedly committed.

    • by Quirkz ( 1206400 )

      "Idiot ... stole his previous company's data

      Technically it's not theft, it's copyright infringement.That's much worse.

      (Actually, I'm guessing there's some other term for accessing corporate secrets. Just couldn't resist the knee-jerk Slashdot correction.)

  • by 93 Escort Wagon ( 326346 ) on Wednesday August 09, 2017 @05:17PM (#54978659)

    Guy shouldn't have accessed it without permission... although going into a former colleague's email seems like a bigger deal to me. He deserves whatever he gets.

    But, man, if they're running an FTP server in this day and age, this is likely not their only issue.

    • Given the lack of understanding of most reporters, it might have been an SFTP server, or even a Kerberized FTPS server. I'd suggest not over-interpreting a casual reference in a news report as proof of incompetence on one party's part.

    • We run a Windows 2000 FTP server. It's even connected to the internet and regularly used by customers. Yes, you read that right. Windows 2000. I'm amazed that this thing is still running and not halted to a grind by thousands of trojans and virii.
  • FTP supports TLS and Kerberos. Why was it not a requirement that to use FTP, you need a Kerberos Ticket from the KDC?

  • Did he cause any damage except make a company feel bad the hard way for having bad security policy?

"If you can, help others. If you can't, at least don't hurt others." -- the Dalai Lama

Working...