Vulnerabilities / Threats

8/31/2015
02:00 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Information Technology Manager Pleads Guilty to Sending Damaging Computer Code to Former Companys Servers

A former information technology manager pleaded guilty today to sending damaging computer code to servers at his former employer, a software company, announced Assistant Attorney General Leslie R. Caldwell of the Justice Department’s Criminal Division, U.S. Attorney Thomas G. Walker of the Eastern District of North Carolina and Special Agent in Charge John A. Strong of the FBI’s Charlotte, North Carolina, Division.

Nikhil Nilesh Shah, 33, of Union, New Jersey, pleaded guilty before U.S. Magistrate Judge Robert T. Numbers II of the Eastern District of North Carolina, to one felony count of causing the transmission of computer code and, as a result, damaging computers and causing loss of at least $5,000 in value.  Shah is scheduled to be sentenced in Dec. 8, 2015.

According to the indictment, from 2007 to March 2012, Shah was an information technology manager at Smart Online Inc., a company located in Durham, North Carolina, that developed platforms for the creation of mobile applications.  Shah subsequently left Smart Online to work for another technology company.  According to facts presented to the court in connection with his plea agreement, on June 28, 2012, Shah sent malicious computer code to Smart Online’s computer servers in Durham and Raleigh, North Carolina, causing at least $5,000 in damage and deleting much of Smart Online’s intellectual property.

The case was investigated by the FBI’s Raleigh, North Carolina, Field Office.  The case is being prosecuted by Senior Trial Attorney Richard D. Green of the Criminal Division’s Computer Crime and Intellectual Property Section and Assistant U.S. Attorneys Thomas B. Murphy and Adam Hulbig of the U.S. Attorney’s Office of the Eastern District of North Carolina. 

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Weaponizing IPv6 to Bypass IPv4 Security
John Anderson, Principal Security Consultant, Trustwave Spiderlabs,  6/12/2018
'Shift Left' & the Connected Car
Rohit Sethi, COO of Security Compass,  6/12/2018
Microsoft Fixes 11 Critical, 39 Important Vulns
Kelly Sheridan, Staff Editor, Dark Reading,  6/12/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-1060
PUBLISHED: 2018-06-18
python before versions 2.7.15, 3.4.9, 3.5.6 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib's apop() method. An attacker could use this flaw to cause denial of service.
CVE-2018-1090
PUBLISHED: 2018-06-18
In Pulp before version 2.16.2, secrets are passed into override_config when triggering a task and then become readable to all users with read access on the distributor/importer. An attacker with API access can then view these secrets.
CVE-2018-1152
PUBLISHED: 2018-06-18
libjpeg-turbo 1.5.90 is vulnerable to a denial of service vulnerability caused by a divide by zero when processing a crafted BMP image.
CVE-2018-1153
PUBLISHED: 2018-06-18
Burp Suite Community Edition 1.7.32 and 1.7.33 fail to validate the server certificate in a couple of HTTPS requests which allows a man in the middle to modify or view traffic.
CVE-2018-12530
PUBLISHED: 2018-06-18
An issue was discovered in MetInfo 6.0.0. admin/app/batch/csvup.php allows remote attackers to delete arbitrary files via a flienamecsv=../ directory traversal. This can be exploited via CSRF.