The man, Attila Nemeth, 26, used data he stole from Marriott in an effort to force them to hire him into the IT department. Dark READING summarized the scam:
The case puts a whole new spin on the targeted attack; rather than trying to cash in on the intelligence or use it for competitive purposes, the perpetrator used it as leverage. Nemeth’s methods were similar to those of advanced persistent threat (APT) attackers: He got a foot in the door of Marriott’s computers by targeting some of its employees with spear-phishing emails. Marriott did not publicize details about what happened next, but one or more of the users appear to have fallen for the phony emails and either opened infected documents or a link that silently installed a backdoor on Marriott’s systems.
On Nov. 11, 2010, Nemeth contacted Marriott’s HR department by email and told them that he had been able to compromise their systems and steal confidential information. He warned Marriott that if they did not give him a job maintaining their systems, he would disclose confidential information he had stolen. Two days later he followed-up the threat with an email that contained stolen documents.
On November 18, 2010, Marriott called on the U.S. Secret Service. The Secret Service set up a sting operation in which an agent pretended to be a Marriott HR employee. Dark READING reports:
Nemeth fell for it: He telephoned and emailed the undercover agent, continuing his threats to release the private Marriott documents. Then he emailed the agent his passport and volunteered to meet in the U.S., which they did on Jan. 17, 2011.
Nemeth assumed he was meeting the Marriott “employee” for a job interview, where he admitted his alleged crimes of hacking and stealing Marriott files and threatening them with exposing the data if they didn’t give him a job. Meanwhile, he also demonstrated how he got into the Marriott network and showed where he stored the data on a server back in Hungary.
Nemeth will be sentenced on Feb. 3, 2012 and faces 10 years in federal prison for transmission of malicious code and 5 years for attempted blackmail.
Although Nemeth failed to extort Marriott, the scheme was very costly to Marriott. Federal prosecutors alleged that the security breach cost Marriott between $400,000 and $1 million dollars in salaries, consultant expenses and other costs to determine the extent of the compromise of its computers and to identify the compromised data.
While Nemeth did not demonstrate the best way to seek an IT job, he provides a powerful reminder that social engineering deceives the email recipients into becoming the agents of the criminals. What can be done to defend the enterprise against spearphishing? The enterprise can adopt a tool that identifies trusted email so that the target of the spearphishing attack can distinguish real email from fake email. That tool is SP Guard from Iconix.
SP Guard provides the recipient with three confirmations that a message is real:
- List View. There is an integrity indicator in the list view of the email client.
- Message. The open message has a further indicator of authenticity.
- Mouseover. Mousing over the authentication indicator in the message prompts the display of a certificate that further identifies the sender.
SP Guard now offers a fraud filtering enhancement. This additional protection is becoming increasingly important given the latest generation of highly targeted spear-phishing emails which are so well crafted that users cannot tell real from fake.
SP Guard is available now from Iconix. For further information, contact us at 408-727-6342, ext 3 or use our online form.