• United States



Senior Editor

How NOT to Get a Job 101: Hack Marriott, Extort Execs for Work

Feb 03, 20123 mins
CybercrimeData and Information SecurityData Breach

The Department of Justice today said a man who sent malicious code to Marriott International Corporation, threatening to reveal confidential information taken from the company’s computers if Marriott did not offer him a job, has been sent to prison for his criminal endeavor.

Attila Nemeth, 26, a Hungarian citizen, was sentenced to 30 months in prison and three years of supervised release.

MORE NEWS: The weirdest, wackiest and coolest sci/tech stories of 2011

According to the DOJ, court documents show on Nov. 11, 2010, Nemeth emailed Marriott personnel, telling them he had been accessing Marriott’s computers for months and had obtained proprietary information. Nemeth threatened to reveal this information if Marriott did not give him a job maintaining the company’s computers.

On Nov. 13, 2010, after receiving no response from Marriott, Nemeth sent another email containing eight attachments, seven of which were confirmed as documents stored on Marriott’s computer system. These documents included financial documentation and other confidential and proprietary information. Nemeth admitted that through an infected email attachment sent to specific Marriott employees, he was able to install malicious software on Marriott’s system that gave him a backdoor into the system. Using the backdoor, Nemeth was able to access proprietary email and other files belonging to Marriott, the DOJ stated.

Without Nemeth’s knowledge on Nov. 18, 2010, Marriott created a fictitious Marriott employee that it then let the U.S. Secret Service use in an undercover operation to communicate with Nemeth. Nemeth, believing he was communicating with Marriott human resources personnel, continued to call and email the undercover agent, and demanded a job with Marriott in order to prevent the public release of the Marriott documents. Nemeth emailed a copy of his Hungarian passport as identification and offered to travel to the United States, the DOJ stated.

MORE ON HIGH-TECH CRIME: From Anonymous to Hackerazzi: The year in security mischief-making


The DOJ explained that on Jan. 17, 2011, Nemeth went to Washington Dulles Airport for an “employment interview.” A Secret Service agent conducted the interview by assuming the role of the Marriott employee with whom Nemeth believed he had been communicating. During the course of the interview, the DOJ said Nemeth admitted that he accessed Marriott’s computer systems; stole Marriott’s confidential and proprietary information; and sent the emails to Marriott threatening to publicly release Marriott’s data unless he was given a job on his terms by Marriott. To further prove his identity as the perpetrator, Nemeth demonstrated exactly how he accessed the Marriott network, his continued ability to access the Marriott network, and the location of the stolen Marriott proprietary data on a computer server located in Hungary, the DOJ stated.

As a result of Nemeth’s activities, Marriott engaged more than 100 of its employees in a thorough search of its network to determine the scope of the compromise and to identify the data that may have been compromised. The loss to Marriott as a result of the intentional damage caused by Nemeth was approximately $1 million in salaries, consultant expenses and other costs associated with Nemeth’s intrusion, the DOJ stated.

Follow Michael Cooney on Twitter: nwwlayer8 and on Facebook

Read more about wide area network in Network World’s Wide Area Network section.