(CN) – A 26-year-old Hungarian man was sentenced to 2 1/2 years in federal prison for hacking into Marriott International’s computers and threatening to reveal confidential information if the hotel company did not give him a job.
Attila Nemeth pleaded guiltyin Baltimore Federal Court on Nov. 23.
According to his plea agreement, Nemeth sent an email to Marriott on Nov. 11, 2010, telling them he had been accessing Marriott’s computers for months and had obtained proprietary information. He threatened to reveal the information if Marriott did not give him a job maintaining its computers.
Two days later, after getting no response from Marriott, Nemeth sent another email, with eight attachments, seven of which were confirmed as documents stored on Marriott’s computer system, including financial documents and other confidential and proprietary information.
Nemeth admitted that through an infected email attachment sent to specific Marriott employees he installed malicious software that gave him a back door into Marriot’s system, the Department of Justice said.
Marriott responded by creating a fictitious Marriott employee for the U.S. Secret Service to use in an undercover operation. Believing he was communicating with Marriott human resources personnel, Nemeth continued to call and email the agent to demand the job.
Nemeth emailed a copy of his Hungarian passport as identification and offered to travel to the United States. Sure enough, he arrived at Washington Dulles Airport, on a ticket purchased by Marriott, for an “employment interview.”
“The ‘interview’ was conducted by a Secret Service agent assuming the role of the Marriott employee with whom Nemeth believed he had been communicating,” prosecutors said in a statement. “During the course of the ‘interview,’ Nemeth admitted that he accessed Marriott’s computer systems, stole Marriott’s confidential and proprietary information and initiated the emails to Marriott threatening to publicly release Marriott’s data unless he was given a job on his terms by Marriott. To further prove his identity as the perpetrator, Nemeth demonstrated exactly how he accessed the Marriott network, his continued ability to access the Marriott network, and the location of the stolen Marriott proprietary data on a computer server located in Hungary.”
Marriott said it assigned more than 100 employees to search its network to determine the scope of the compromised data, at a cost of $400,000 to $1 million in salaries, consultant expenses and other expenses.