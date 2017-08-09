Catch up on stories from the past week (and beyond) at the Slashdot story archive

 


Prison Time For Manager Who Hacked Ex-Employer's FTP Server, Email Account (bleepingcomputer.com) 23

Catalin Cimpanu, writing for BleepingComputer: Jason Needham, 45, of Arlington, Tennessee was sentenced last week to 18 months in prison and two years of supervised release for hacking his former company's FTP server and the email account of one of his former colleagues. Needham did all the hacking after he left his former employer, Allen & Hoshall (A&H), a design and engineering firm for which he worked until 2013. Needham left to create his own company named HNA Engineering together with a business partner. HNA is also a design and engineering firm. According to court documents obtained by Bleeping Computer, between May 2014 and March 2016, Needham hacked into the email account of one of his former co-workers. From this account, the FBI says Needham took sensitive business information, company fee structures, marketing plans, project proposals, and lists of credentials for A&H's FTP server. A&H rotated its FTP credentials every six months, but Needham acquired new logins from his former colleague's email account.

  • Hacking? (Score:3)

    by Nutria ( 679911 ) on Wednesday August 09, 2017 @04:20PM (#54978165)

    Or "using a password you picked up while still at the firm"?

    • Re: (Score:2)

      by Nutria ( 679911 )

      The kind of stuff he wanted gets stale very fast. That's why he had to keep "hacking".

    • Have to plan ahead.

      And use a service account or root if it is unix naming it after something sounding technical and legit.

  • before you leave.
    I am fanatical about it. As you are training your replacement remove all your access. Last thing I do is change my password to something like "N[Sf+JbQ*"X5ReXL54DwUp5>%&{lU3`yP^9T>Bumh~N"L"N9CB,Fu58", with me having no record of it. Then have my replacement disable my account. (Since most places I have worked we used Jira, accounts are really difficult to delete.)
    This insures that I am never even tempted to see if I have access, and if some ID10T reactivates my account in the

  • So just because the article contains the word "hacking" (regardless of how aptly it was used), this is now News for Nerds / Stuff that Matters?

    Unless there are some mitigating factors here to discuss, it looks like this is a very open and shut case of "Idiot knowingly accessed a system without authorization and stole his previous company's data to use in direct competition."

    In other news, everyone's local police forces arrested a number of people for various offenses which they allegedly committed.

  • Guy shouldn't have accessed it without permission... although going into a former colleague's email seems like a bigger deal to me. He deserves whatever he gets.

    But, man, if they're running an FTP server in this day and age, this is likely not their only issue.

