IT manager, turned cracker, jailed for five months

'Payback' attack on former employers

By John Leyden • Get more from this author

Posted in Enterprise Security, 16th March 2005 16:04 GMT

Free whitepaper – Dell PowerEdge server benchmarks

An IT manager was sentenced this week to five months imprisonment over a January 2003 hacking attack against his former employers, Santa Clara-based Manufacturing Electronic Sales Corporation (MESC).

Mark Erfurt, 39, from Orange County, southern California, was also ordered to pay $45,000 in compensation to MESC by US District Court Judge James Ware at a hearing in a San Jose federal court on Monday 14 March. Upon his release in prison, Erfurt will have to spend five months under house arrest and three years on probation.

Erfurt pleaded guilty to gaining "unauthorized access and recklessly damaging" the computer system of MESC as part of an August 2004 plea bargaining agreement. He also confessed to obstructing justice over his attempts to destroy evidence of his cyber crimes, which included downloading a proprietary database, reading the email account of MESC's president and deleting data from its servers.

Erfurt admitted he hacked into MESC's systems using the systems of a competitor, Centaur, who were employing him at the time and where he continues to work. Centaur Chief Executive Officer Bruce Cahill told IDG: "This was a private individual that happened to use a computer system at our office. We're not involved in this."

MESC, a hi-tech manufacturer's representative, went out of business in June 2004, employed Erfurt as a contractor, managing its network remotely part-time whilst he retained his main job with its Irvine-based rivals Centaur. This unusual arrangement reportedly soured over time, prompting Erfurt to attack MESC as "payback". ®