Marriott Hacker Pleads Guilty for Extorting Employment from the Company

A Hungarian citizen pleaded guilty today to intentionally causing damage by transmitting a malicious code to Marriott International Corporation computers and to threatening to reveal confidential information obtained from the company’s computers if Marriott did not offer him a job.

The guilty plea was announced by Assistant Attorney General Lanny A. Breuer of the Justice Department’s Criminal Division, U.S. Attorney for the District of Maryland Rod J. Rosenstein and Special Agent in Charge David Beach of the U.S. Secret Service, Washington Field Office.

Attila Nemeth, 26, pleaded guilty in the District of Maryland before U.S. District Judge J. Frederick Motz.

According to Nemeth’s plea agreement, on Nov. 11, 2010, Nemeth sent an initial email to Marriott personnel, advising that he had been accessing Marriott’s computers for months and had obtained proprietary information. Nemeth threatened to reveal this information if Marriott did not give him a job maintaining the company’s computers. On Nov. 13, 2010, after receiving no response from Marriott, Nemeth sent another email containing eight attachments, seven of which were confirmed as documents stored on Marriott’s computer system. These documents included financial documentation and other confidential and proprietary information. Nemeth admitted that through an infected email attachment sent to specific Marriott employees he was able to install malicious software on Marriott’s system that gave him a “backdoor” into the system. Using the “backdoor,” Nemeth was able to access proprietary email and other files belonging to Marriott.

According to the plea agreement, on Nov. 18, 2010, Marriott created the identity of a fictitious Marriott employee for the use by the U.S. Secret Service in an undercover operation to communicate with Nemeth. Nemeth, believing he was communicating with Marriott human resources personnel, continued to call and email the undercover agent, and demanded a job with Marriott in order to prevent the public release of the Marriott documents. Nemeth emailed a copy of his Hungarian passport as identification and offered to travel to the United States.

On Jan. 17, 2011, Nemeth arrived at Washington Dulles Airport on a ticket purchased by Marriott, for an “employment interview.” The “interview” was conducted by a Secret Service agent assuming the role of the Marriott employee with whom Nemeth believed he had been communicating. During the course of the “interview,” Nemeth admitted that he accessed Marriott’s computer systems; stole Marriott’s confidential and proprietary information; and initiated the emails to Marriott threatening to publicly release Marriott’s data unless he was given a job on his terms by Marriott. To further prove his identity as the perpetrator, Nemeth demonstrated exactly how he accessed the Marriott network; his continued ability to access the Marriott network; and the location of the stolen Marriott proprietary data on a computer server located in Hungary.

As a result of the compromise of its computer network, Marriott was compelled to engage more than 100 of its employees in a thorough search of its network to determine the scope of the compromise and to identify the data that may have been compromised. The loss to Marriott as a result of the intentional damage caused by Nemeth is between $400,000 and $1 million dollars in salaries, consultant expenses and other costs associated with Nemeth’s intrusion.

Nemeth faces a maximum penalty of 10 years in prison for the transmission of the malicious code and a maximum of five years in prison for threatening to expose confidential and proprietary information if Marriott did not give him a job. Sentencing is scheduled for Feb. 3, 2012, at 11 a.m. Nemeth remains detained.

Featured

  • Achieving Clear Communications

    Achieving Clear Communications

    Technology within the security industry has adapted to numerous changes through the years, from the early days of analog devices to today’s IP-based solutions, networked cameras, and access control solutions, in addition to analytics, cloud-based products, virtual security guards, and more. Read Now

  • Taking Flight

    Taking Flight

    Airport security is a complex system that incorporates multiple technologies to ensure the safety and security of travelers, employees and the facility itself. Sound-based technologies are integral pieces of this system, providing means of communication, notification and monitoring. Read Now

  • Live From ISC West 2023 Preview

    Live From ISC West 2023 Preview

    ISC West 2023 is right around the corner! This year’s trade show is scheduled from March 28–31 at the Venetian Expo in Las Vegas, Nevada. The Campus Security & Life Safety and Security Today staff will be on hand to provide live updates about the security industry’s latest innovations, trends, and products. Read Now

    • Industry Events
    • ISC West
  • A Break from Routine

    A Break from Routine

    It was three years ago right about now that COVID was bringing the world to its knees. In mid-March of 2020, the president put travel restrictions on all flights in and out of Europe, the NBA suspended its season, and Tom Hanks announced that he’d tested positive for the disease—all in the same night. It was officially a national emergency two days later. Read Now

    • Industry Events
    • ISC West

Featured Cybersecurity

New Products

  • XS4 Original+

    XS4 Original+

    The SALTO XS4 Original+ design is based on the same proven housing and mechanical mechanisms of the XS4 Original. The XS4 Original+, however, is embedded with SALTO’s BLUEnet real-time functionality and SVN-Flex capability that enables SALTO stand-alone smart XS4 Original+ locks to update user credentials directly at the door. Compatible with the array of SALTO platform solutions including SALTO Space data-on-card, SALTO KS Keys as a Service cloud-based access solution, and SALTO’s JustIn Mobile technology for digital keys. The XS4 Original+ also includes RFID Mifare DESFire, Bluetooth LE and NFC technology functionality. 3

  • Kangaroo Home Security System

    Kangaroo Home Security System

    Kangaroo is the affordable, easy-to-install home security system designed for anyone who wants an added layer of peace of mind and protection. It has several products, ranging from the fan-favorite Doorbell Camera + Chime, to the more comprehensive Front Door Security Kit with Professional Monitoring. Regardless of the level of desired security, Kangaroo’s designed to move with consumers - wherever that next chapter may be. Motion sensors, keypads and additional features can be part of the package to any Kangaroo system in place, anytime. Additionally, Kangaroo offers scalable protection plans with a variety of benefits ranging from 24/7 professional monitoring to expanded cloud storage, coverage for damage and theft. 3

  • Dinkle DKU Barrier Terminal Blocks

    Dinkle DKU Barrier Terminal Blocks

    New DKU screw type terminal blocks use a spring-guided system where the screws are integrated and captive within the terminal enclosure. These screws can be backed out so that ring- or U-shaped cable lugs can be inserted, without the possibility of losing the screw. 3