Stupid Tech Criminal of the Day

HardOCP News

[H] News
Joined
Dec 31, 1969
Messages
0
We've seen plenty of disgruntled IT guys getting revenge on the company that fired them...but never one that did it using free McDonald's Wi-Fi. :D

Jason Cornish, 37, formerly an IT staffer at the U.S. subsidiary of Japanese drug-maker Shionogi, pleaded guilty Tuesday to computer intrusion charges in connection with the attack on Feb. 3, 2011. He wiped out 15 VMware host systems that were running e-mail, order tracking, financial and other services for the Florham Park, New Jersey, company.
 
.... I'm curious how he got caught? He did use an unsecured wireless it looks like.
 
He probably used his login information to access the network infrastructure and they were able to track the IP back to the McDonalds and used security cameras to find him in that timeframe
 
.... I'm curious how he got caught? He did use an unsecured wireless it looks like.

Probably didn't cover his tracks well enough. Its one thing to pull off an attack knowing every backdoor there is to a place you work at. Its another to CYA and get away with it.
 
Well he did the right thing in one respect, he wasnt stupid enough to sit there playing warcraft and then break in from his home computer between doing dailies...lol... but if i've learned anything from doing stupid shit all my life, its expect to be caught...and act accordingly to limit your exposure once you are caught...lol
 
He probably used his login information to access the network infrastructure and they were able to track the IP back to the McDonalds and used security cameras to find him in that timeframe

That probably does seem most likely... Though I would have done it well disguised and denied it all the way. That REALLY isn't something that is easily proven, regardless of using your old LOGIN.
 
Tsk tsk on their IT department for not deactivating his user account and any access if that is how he got back in to do all that damage.
 
Tsk tsk on their IT department for not deactivating his user account and any access if that is how he got back in to do all that damage.

Maybe he made a false account, with all the access rights he would have had?
 
He was caught as simply as using his own name and password, I'm sure. (the company "did a "bad job revoking passwords...")

Maybe he was smart enough to not use his own account, but not smart enough to deny everything when the company came to him, suspecting him. (a disgruntled IT man, a natural suspect)

He was probably so angry that he really wanted to be identified so that the company would know he had his revenge.

I highly doubt McDonald's security cameras played a role in discovering who he is.
 
He was caught as simply as using his own name and password, I'm sure. (the company "did a "bad job revoking passwords...")

Maybe he was smart enough to not use his own account, but not smart enough to deny everything when the company came to him, suspecting him. (a disgruntled IT man, a natural suspect)

He was probably so angry that he really wanted to be identified so that the company would know he had his revenge.

I highly doubt McDonald's security cameras played a role in discovering who he is.

Use of his account != he used his account.You need a WEE bit more proof than it was his username.
 
Stupid tech journalists... "vSphere VMware management console that he'd secretly installed"... ummm, no such thing. If you are running VSphere, you have the management console, nothing secret. He may have used a secret account that he created. But he didn't install another console.

They probably had network auditing control, like I do at several company locations. I can quickly check the usage logs and see who or what IP address was used to login during any time. Back tracing the IP location is usually pretty easy, I can tell if you logged in from a Starbucks or a couple of other businesses because they are using static registered IPs. I have even traced foreign IPs back to their respective internet cafes. So, this McDs probably had a static IP for their free WiFi and the company traced it back to there. They probably requested the security feeds from that time frame and spotted their ex employee on a laptop.
 
So, this McDs probably had a static IP for their free WiFi and the company traced it back to there. They probably requested the security feeds from that time frame and spotted their ex employee on a laptop.

The ISP would have told them to take a flying leap. After getting past the ISP, McDonald's would have told them to take a flying leap. And, if you think he was too smart to avoid using his own account and too smart to avoid admitting it when they questioned him, then he would have been too smart to be seen on a McDonald's security camera.
 
Stupid tech journalists... "vSphere VMware management console that he'd secretly installed"... ummm, no such thing. If you are running VSphere, you have the management console, nothing secret. He may have used a secret account that he created. But he didn't install another console.

They probably had network auditing control, like I do at several company locations. I can quickly check the usage logs and see who or what IP address was used to login during any time. Back tracing the IP location is usually pretty easy, I can tell if you logged in from a Starbucks or a couple of other businesses because they are using static registered IPs. I have even traced foreign IPs back to their respective internet cafes. So, this McDs probably had a static IP for their free WiFi and the company traced it back to there. They probably requested the security feeds from that time frame and spotted their ex employee on a laptop.

Sounds about right. I think I would have just done a bit of war driving and found and unsecured wifi router in some neighborhood. That way they would have had a slightly more difficult time of finding me. Seriously! If I'm going to go delete my old companies servers like that, I'm not going to hesitate to steal a bit of bandwidth to do so... ;)
 
Sounds about right. I think I would have just done a bit of war driving and found and unsecured wifi router in some neighborhood. That way they would have had a slightly more difficult time of finding me. Seriously! If I'm going to go delete my old companies servers like that, I'm not going to hesitate to steal a bit of bandwidth to do so... ;)

+1 on the war driving. And I would have used a dummy account. And I would have connect through another system through another system back through the 1st one and so on......

And no, I haven't put much thought into doing something like this.
 
Correct me if I'm wrong, but can't you also change/spoof your MAC address so it doesn't look like your computer is the one connecting? So even if he did use MickyDees wireless they still wouldn't know what computer since the MAC would be different? Or is there a way to tell?
 
Yes you can easily change your MAC address, but it this case they caught him because of the McD's IP address and his credit card charges. Like a lot of businesses McD is probably using a registered static IP, which means all if you look up their IP you can also see who owns it. You don't need to contact an ISP for this information. Once they knew the origin of the attack, they just asked the restaurant for its information, which in this case happened to be CC information. If he hadn't used his CC and left behind evidence that he created a backdoor for himself, he might have gotten away with it.

If you were really set on doing something like this, there is no need to go to war driving or anything really exotic. Just setup a proxy relay or purchase one from some of those shady places and then be careful to cover your tracks. Thankfully, some computer criminals are either pretty stupid, careless or angry so most leave very obvious paths to them even if they think they are being clever.
 
Back
Top