Attacks/Breaches

1/13/2016
10:50 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Judge Sentences Defendant for Violation of the Computer Fraud and Abuse Act

Insider at financial services company stole documents, deleted files on server to hide tracks.

Monday, Jan. 11 -- Eastern Pennsylvania -- Yijia Zhang, a permanent resident of the United States, and a citizen of the People’s Republic of China, today was sentenced to 31 months in prison by the Hon. Legrome D. Davis, for a violation of the Computer Fraud and Abuse Act, announced United States Attorney Zane David Memeger.

Zhang had worked for a financial services company and had stolen a large number of electronic documents from his employer. (The documents included some that would have told how to access the company’s computer network. The government found no evidence that the files had been passed to anyone else, nor did it find any evidence that any of the information had been used to harm the company. In addition, no customer information was taken.)

To cover his tracks, in July 2010, Zhang deleted a large number of files from the server he had used to effectuate the theft, causing the server to stop working and its log files to be overwritten. The log files would have given evidence of his theft. Zhang pled guilty to the charge in October of 2015.

The sentence imposed by the Court was within the range recommended by the United States Sentencing Guidelines. In addition to the prison term, Judge Davis ordered the defendant to make restitution to his former employer of $100,000.

The case was investigated by the Federal Bureau of Investigation, and was prosecuted by Assistant United States Attorney Michael L. Levy.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
WebAuthn, FIDO2 Infuse Browsers, Platforms with Strong Authentication
John Fontana, Standards & Identity Analyst, Yubico,  9/19/2018
NSS Labs Files Antitrust Suit Against Symantec, CrowdStrike, ESET, AMTSO
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/19/2018
Turn the NIST Cybersecurity Framework into Reality: 5 Steps
Mukul Kumar & Anupam Sahai, CISO & VP of Cyber Practice and VP Product Management, Cavirin Systems,  9/20/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Are you sure this is how we get our data into the cloud?
Current Issue
Flash Poll
The Risk Management Struggle
The Risk Management Struggle
The majority of organizations are struggling to implement a risk-based approach to security even though risk reduction has become the primary metric for measuring the effectiveness of enterprise security strategies. Read the report and get more details today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-14633
PUBLISHED: 2018-09-25
A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in the Linux kernel in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack buffer overflow and smash up to 17 bytes of the stack. The at...
CVE-2018-14647
PUBLISHED: 2018-09-25
Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by contructing an XML document that would cause pathological hash collisions in Expat's internal data structures, consuming larg...
CVE-2018-10502
PUBLISHED: 2018-09-24
This vulnerability allows local attackers to escalate privileges on vulnerable installations of Samsung Galaxy Apps Fixed in version 4.2.18.2. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exist...
CVE-2018-11614
PUBLISHED: 2018-09-24
This vulnerability allows remote attackers to escalate privileges on vulnerable installations of Samsung Members Fixed in version 2.4.25. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists wit...
CVE-2018-14318
PUBLISHED: 2018-09-24
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samsung Galaxy S8 G950FXXU1AQL5. User interaction is required to exploit this vulnerability in that the target must have their cellular radios enabled. The specific flaw exists within the handling of ...