IT admin used inside knowledge to hack and steal
A former San Jose, California, network administrator is facing 12 years in prison after pleading guilty to hacking, ID theft, burglary and drug charges.
According to the Santa Clara District Attorney's office, Andrew Madrid, 34, used his IT experience to pull off a variety of crimes between September 2006 and March 2008.
"This was one of the most sophisticated computer crimes our office has prosecuted," said Ben Field, Santa Clara's deputy district attorney. "There's computer intrusion in the first place, there's the introduction of spyware, there's the theft of proprietary data from a computer network, and sometimes the destruction of proprietary data from a computer network."
One of Madrid's victims was his former employer, a Sunnyvale, California, high-technology company. According to Field, Madrid destroyed data on the company's servers in the hope that "they would ask him to come back and fix the very problem that he created."
The Santa Clara District Attorney's office declined to name any of the victims of Madrid's crimes.
To make his hacking harder to trace, Madrid would often use his neighbor's open wireless networks, Field said.
Posing as a security guard or an IT person, he also breezed through Bay Area companies late at night looking for laptops and other computer equipment to steal, Field said. "He had a good eye for what was valuable," he said.
He sometimes gained access to different parts of the building by picking up security badges he found lying in unoccupied cubes, Field said.
If stopped by company employees, "he would talk to them as if he was completely justified in being there," Field said. "Like he was an IT person doing some work or a security guard making sure the place was secure."
"Being a former network administrator, he could talk the talk as an IT guy," he added.
Madrid even wore clothes that resembled a security guard's uniform, Field said.
In another scheme, Madrid would change bar-code tags on computer equipment in stores in order to pay retailers less than the value of their merchandise. He sometimes manufactured his own price tags, Field said, and a mobile bar-code printer was found in his car. Sometimes the scam was as simple as taking the bar code off a cheap eMachine and putting it on a more expensive Hewlett-Packard computer, Field said.
Madrid pleaded guilty on Friday in Santa Clara superior court. He faces six to 12 years in prison on the various charges. Sentencing is set for Jan. 22.
IDG News Service
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
On Twitter now
security
Powered by TwitterOn Twitter now
security
Brian Proffitt
Microsoft/Novell: Breaking Down the Coupon Numbers
Esther Schindler
Drupal's Dries Buytaert on Building the Next Drupal
Tom Henderson
Top Ten General Operating Systems Rants
pasmith
PS3 motion controller delayed; goes up against Project Natal
sjvn
Neolithic Windows security hole alive and well in Windows 7
claird
Perl source code comparison makes for good reading
mikelgan
Cell phones don't create stress or interrupt much
Sandra Henry-Stocker
How to: The Unix Interview
Where Google Chrome security fails: the password
I heard mention that the Chrome OS will have some sort of encryption available a la bitlocker. If it's possible to encrypt personal data using another password or key, then it may have potential for very secure data.... And Ubuntu has an 'encrypt home directory' option, perhaps google should follow suit.
- Dann
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
- Ubuntu advances: Why Ubuntu server installations will surge in 2010
- Social media marketing: How to make friends with benefits
- More...
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.
