Marriott Hackers Blackmail Goal: An IT Job

  /     /     /  
Publicated : 22/11/2024   Category : security


Marriott Hackers Blackmail Goal: An IT Job


Hungarian man threatened to expose confidential company information hed stolen unless the hotel chain offered him a job.



8 IT Hiring Strategies Of Top CIOs (click image for larger view and for slideshow)
Marriott International Corp. was recently the victim of a rare type of targeted attack: A hacker pilfered sensitive documents from the hotel chain and then attempted to use the stolen intelligence to blackmail it for employment.
Attila Nemeth, 26, from Hungary, has pleaded guilty in U.S. District Court to hacking and extortion charges stemming from a bizarre case in which he placed backdoor malware on Marriott computers, exfiltrated sensitive documents, and then threatened Marriott with exposing the information if the company didnt offer him an IT position.
The case puts a whole new spin on the targeted attack; rather than trying to cash in on the intelligence or use it for competitive purposes, the perpetrator used it as leverage. Nemeths methods were similar to those of advanced persistent threat (APT) attackers: He got a foot in the door of Marriotts computers by targeting some of its employees with spear-phishing emails. Marriott did not publicize details about what happened next, but one or more of the users appear to have fallen for the phony emails and either opened infected documents or a link that silently installed a backdoor on Marriotts systems.
I also found it interesting that instead of using the data to embarrass or ruin Marriott, he used it to try and land a job. It is something I have not seen a lot of, personally. Even in cases where employees go bad, rarely does the attacker want to link his name with the attack, so they will deface, hack, release, and ruin, but try to hide their identity, says Chris Hadnagy, lead developer of Social-Engineer.Org and a professional Social Engineering Penetration Tester and trainer for Social-Engineer.Com. This man obviously had different goals, and what he found he must have felt was devastating enough to warrant a well-paying job over the release of that intel.
It all started on Nov. 11, 2010, when Nemeth emailed Marriotts personnel group to tell them he had been able to get inside the hotel chains computers for months and had stolen proprietary data. He warned that if Marriott did not give him a job maintaining the hotel chains computers, he would reveal the information he had stolen.
Read the rest of this article on
Dark Reading
.
Sensitive customer and business data is scattered in hidden corners of your infrastructure. Find and protect it before it winds up in the wrong hands. Also in the new issue of Dark Reading: The practical side of data defense.
Download the issue now
. (Free registration required.)

Last News

▸ IoT Devices on Average Have 25 Vulnerabilities ◂
Discovered: 23/12/2024
Category: security

▸ DHS-funded SWAMP scans code for bugs. ◂
Discovered: 23/12/2024
Category: security

▸ Debunking Machine Learning in Security. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Marriott Hackers Blackmail Goal: An IT Job