Laid Off Sysadmin Arrested for Threatening Company’s Servers

A systems administrator was arrested in New Jersey today for allegedly trying to extort money and even good job references out of a New York-based mutual fund company that had just laid him off.

Viktor Savtyrev, of Old Bridge, N.J., was arrested at his home Monday morning. He faces two charges under the federal cyber extortion statue. Savtyrev, also known as Victor Savturev, had an initial hearing in U.S. District Court in Newark, N.J. this afternoon and is scheduled for a bail hearing on Thursday morning, according to Assistant U.S. Attorney Seth Kosto.

Savtyrev was employed as a systems administrator for an unnamed mutual fund company in New York City until he was let go, along with nine other employees, on Nov. 5. All of the laid off workers were given a severance package, according to a criminal complaint filed with the courts.

“This is important, especially at this time of layoffs and financial difficulties, because we’re making it clear that people can’t take their frustrations out on companies and employers,” said Assistant U.S. Attorney Erez Liebermann. “This arrest should also send a message to other companies that extra vigilance is important right now.”

Late in the morning of Thursday, Nov. 6, Savtyrev allegedly used a Gmail account to e-mail the company’s general counsel and three other employees, saying he was “not satisfied with the terms” of his severance, according to FBI Special Agent Gerald Cotellesse in the complaint. Savtyrev allegedly threatened to cause extensive damage to the company’s computer servers if they would not increase his severance pay, extend his medical coverage and provide “excellent” job references.

The system administrator also threatened to alert the media after attacking the server.

According to the complaint, the company contacted law enforcement personnel the day of Savtyrev’s first alleged threat. That evening, at the direction of investigators, a company employee recorded a phone call in which Savtyrev allegedly repeated his demands. During the call, he also allegedly said he would get his “comrades from Belarus” to help him hack into the company’s servers.

Savtyrev allegedly sent a second e-mail to the company on Friday, Nov. 7, and in a taped phone conversation that evening agreed to show company officials how he would exploit the systems in return for meeting his demands, the complaint said.

The criminal complaint notes that he sent a third e-mail on Saturday saying he had opened several back doors in the company’s system and it would take them months to find them.

Liebermann noted that with a rocky economy and increased layoffs, companies need to shore up their defenses by shutting down internal and remote access immediately upon terminating a worker, monitoring system logs for any anomalies, adding extra layers of security and having a plan in place to quickly report any threats or breaches to law enforcement.

“And it’s important that they report instances like this before they go from a threat to a loss of data,” he added.