(CN) – A 26-year-old Hungarian man pleaded guilty to hacking into Marriott International computers and threatening to reveal confidential information if the hotel chain did not give him a job, federal prosecutors said.
Attilla Nemeth faces up to 10 years in prison for transmitting malicious computer code and up to 5 years in prison for threatening to expose the confidential information.
According to the plea agreement in Baltimore Federal Court, Nemeth sent an email to Marriott personnel on Nov. 11, 2010, informing them he had been accessing Marriott’s computers for months and had obtained proprietary information. He threatened to reveal the information if Marriott did not give him a job maintaining the company’s computers.
Two days later, after receiving no response from Marriott, Nemeth sent another email containing eight attachments, seven of which were confirmed as documents stored on Marriott’s computer system, including financial documents and other confidential and proprietary information.
Nemeth admitted that through an infected email attachment sent to specific Marriott employees he was able to install malicious software on Marriott’s system that gave him a back door into the system, the Department of Justice said in a statement announcing his guilty plea.
Marriott responded by creating a fictitious Marriott employee for the U.S. Secret Service to use in an undercover operation. Believing he was communicating with Marriott human resources personnel, Nemeth continued to call and email the undercover agent to demand the job.
Prosecutors say Nemeth emailed a copy of his Hungarian passport as identification and offered to travel to the United States. Sure enough, weeks later, Nemeth arrived at Washington Dulles Airport on a ticket purchased by Marriott, for an “employment interview.”
“The ‘interview’ was conducted by a Secret Service agent assuming the role of the Marriott employee with whom Nemeth believed he had been communicating,” prosecutors said in the statement. “During the course of the ‘interview,’ Nemeth admitted that he accessed Marriott’s computer systems, stole Marriott’s confidential and proprietary information and initiated the emails to Marriott threatening to publicly release Marriott’s data unless he was given a job on his terms by Marriott. To further prove his identity as the perpetrator, Nemeth demonstrated exactly how he accessed the Marriott network, his continued ability to access the Marriott network, and the location of the stolen Marriott proprietary data on a computer server located in Hungary.”
Marriott assigned more than 100 employees to search its network to determine the scope of the compromised data. Marriott says the operation cost it from $400,000 to $1 million in salaries, consultant expenses and other costs.
Nemeth will stay in jail until he is sentenced on Feb. 3, 2012.