Man Who Hacked His Wages Must Pay $300,000

Everyone has occasional fantasies of piracy from the computer system of his employer in order to pay a massive salary that they have never earned. In the United States, news has emerged about a former security guard who did exactly that.

The story surrounds Yovan Garcia, a former security patrolman in California. Garcia worked in a company called Security Specialists, which provides private security patrols to his clients.

In 2014, the wage bill in the security cabinet began to see discrepancies in Mr. Garcia’s salary checks. At that time, Garcia worked for security specialists for about two years. According to the California District Court, Garcia hacked the company’s servers to change his hours and get extra pay.

Once, evidence reveals that Garcia hacked his salary records to make sure he was on duty for 12 hours every day for two weeks. It seemed that Garcia had worked 40 more hours. In reality, however, the cybercrime patroller had only worked eight hours a day.

The California court found that Garcia had paid him thousands more dollars for overtime than he ever did.


Attack Vector

The California Central District Court found that Mr. Garcia had managed to acquire login information that he was not entitled to for the company’s servers. It is actually a very common (and low-technology) attack vector. This usually involves using social engineering to “phish” the necessary login credentials from someone in the business.

After deceiving an employee by clicking on an email or link that leads to an infected site, hackers pass malicious software onto the victim’s computer system. This malware continues to steal the necessary credentials for the hacker (usually with a key recorder).

As if the change in his salary record was not enough, once Garcia had become accustomed to entering his employer’s systems, his aspirations grew. For Garcia, his employer’s piracy became a bizarre addiction, and he began stealing data and records on his employer’s clients. His intention? To start a rival company.

To use social engineering to “phish” the necessary login credentials from someone in the business.

After deceiving an employee by clicking on an email or link that leads to an infected site, hackers pass malicious software onto the victim’s computer system. This malware continues to steal the necessary credentials for the hacker (usually with a key recorder).

As if the change in his salary record was not enough, once Garcia had become accustomed to entering his employer’s systems, his aspirations grew. For Garcia, his employer’s piracy became a bizarre addiction, and he began stealing data and records on his employer’s clients. His intention? To start a rival company.

Out of control

Not content with stealing information about potential customers, Garcia also decided to use his position in the security cabinet penetrated to cause chaos. On several occasions, it has disfigured the company’s website in order to damage the company’s image. Garcia’s goal was to undermine the professionalism of his employer in order to make waltzing and break customers for his rival firm.

Of course, once the security specialists realized that Garcia had been “paid thousands of dollars more in overtime pay than he needed”, he fired at the worker Of disordered security. It was then that Garcia’s attacks increased.

Garcia began hacking his former employer even more regularly. In addition, he called on a collaborator to help him damage the security specialists’ website (presumably with the promise of future employment with his rival supplier). In fact, according to the court, Garcia has helped to hack the servers of his former employer from “at least one other individual”, maybe more.

At one point, a banner on the site was changed to “Are you ready?”. Another time, an unflattering picture of a management level employee was posted on the site. How Garcia thought that this approach was going to end is amazing, but his ongoing efforts demonstrate that he really thought he had a chance.

Cyber ​​psychosis

According to District Judge, Michael Fitzgerald, Garcia was guilty of stealing e-mails and database data in order to attract customers on his new business. In his desperation to succeed, Garcia and his cybercrime comrades began to delete data because they stole it (presumably to have exclusive control over the vital data of the customers).

Garcia even went so far as to delete backup files in order to completely destroy his former employer. Why the credentials that Garcia used to enter these systems had not, at this point, been updated – and the security company’s servers were highlighted – is someone’s assumption. For anyone with a small business, this case should be a eye opener – this is a perfect example of why they should take cybersecurity seriously.
Ultimate Failure

In the end, however, the whole mad company did not finish well for Garcia. He was ordered to pay his former employer an amount of $ 318,661.70 in damages. In addition, it may be decided (at a later date) that Garcia must also submit to the legal bills of the lawsuit.

So next time you’ve been frenzied, Mr. Robot, you’re starting to imagine hijacking your employer to give you a massive bonus, have a glass of wine, beat an episode of Silicon Valley, and remind M Garcia to the pitch. You’ve been warned!

Be the first to comment

Leave a Reply

Your email address will not be published.


*