Revenge Hacking: Former Employee Charged $1.1 Million For Hacking Company

A hacker aiming to get revenge by targeting the computer systems of his former employer has been sentenced to 34 months in jail and will have to pay a fine of more than $1 million for damages, Bleeping Computer reported.

Brian P. Johnson, 44, of Baton Rouge, La., served as an IT specialist and systems administrator for pulp and paper producer Georgia-Pacific. Johnson launched a cyber attack against the factory he previously worked at.

Read: iCloud Hack 2017: Man Possibly Involved In Apple Extortion Attempt Arrested

Johnson’s frustration with the company was reportedly due to his sudden and unexpected termination. The company he worked for severed his contract and had security guards escort him from the premises without prior notice.

For two weeks after his termination, Johnson used his employee account to cause problems at the mill. He would connect to the mill’s network and make changes to settings and configurations, at times even bringing production at the location to a complete stop.

Georgia-Pacific apparently caught on that the issues at its mill weren’t occurring on their own and requested the FBI investigate the origins of the attack, which led to the bureau getting a search warrant to search the Johnson’s home.

What they found when they searched his home in Zachary, La. on Feb. 13, 2014 was enough evidence to tie the attacks to the former employee. A computer in Johnson’s house was open and had a virtual private network (VPN) connected to the network of the Georgia-Pacific mill.

Read: Petya Cyberattack Update: Ukrainian Arrested For Spreading Malware

The FBI continued to investigate Johnson’s actions on the computer and found he was behind the attacks that caused the mill to shut down. The investigators determined his actions were intentional and designed to sabotage the company’s operations.

Johnson admitted to his crimes and entered a guilty plea when presented with the charges. The former systems administrator was sentenced to two years and 10 months in prison and will have to pay a total of $1,134,828 in damages to cover the cost of downtime his hacking caused at the factory.

Johnson is far from the first disgruntled employee to seek revenge against a company after losing their job. A former security guard was sentenced earlier this year for hacking into his former company’s network and stealing proprietary software.

A systems administrator—the same role Johnson played at the Georgia-Pacific factory—in New York was sentenced to two years in prison for hacking the internet service provider he once worked at after losing his job.

In another instance that came to light in recent months, an IT professional working for travel company Expedia stole passwords from senior executives and used confidential documents and communications to make a series of stock trades that netted him more than $330,000 before he was eventually caught and found guilty of insider trading and securities fraud.