A software developer residing in Houston, (USA) has been sentenced to four years in prison for sabotaging the computer systems of the company where he worked until 2019. The crime involves the insertion of malicious code that was triggered when his account was disabled, blocking access for thousands of employees.
The author placed a mechanism called a kill switch. This was triggered automatically if his corporate user account was deactivated, causing all users to be locked out. In addition, he introduced another malicious component: a Java infinite loop that could saturate the servers and collapse production systems.
The incident occurred upon his dismissal on 9 September 2019 —the date when his account was deactivated and the kill switch was activated—. Investigators also found that he had deleted encrypted data from his laptop after being instructed to return it, and that he had conducted searches related to how to elevate privileges, hide processes and quickly delete files.
In addition to the four years in prison, the perpetrator will serve three years of supervised release upon completing his sentence. The damage to the company was significant, including economic losses amounting to hundreds of thousands of dollars. The judicial investigation found him guilty of intentionally causing damage to protected systems.
Fountain: Bleeping Computer