This article is more than 1 year old
Aviva phone hacker jailed for 18 months over revenge attack
Esselar co-founder pwned insurance biz after spat with former colleagues
A senior techie has been jailed for 18 month after he was convicted of hacking into hundreds of phones at insurance firm Aviva, an act of sabotage designed to extract revenge against a firm that supplied security services to the insurance giant.
Richard Neale, 40, pleaded guilty to a hack against Aviva designed to cause maximum embarrassment security for Esselar.
Neale co-founded Esselar in 2009 and was a director of the firm prior to leaving in 2013, following a dispute with his former colleagues over an insurance payment. He left on bad terms and subsequently sold his shares.
Neale hacked into the Aviva system in May 2014 on the night that Esselar was giving a security demonstration, wiping data from around 900 phones, the Daily Mail reported.
Aviva unsurprisingly ditched Esselar in the wake of the debacle, costing it an £80,000-per-year contract in the process, the BBC added.
As El Reg reported soon after the event, a hacker compromised the MobileIron admin server and posted messages to Aviva's devices implicating the "hart bled" (sic) bug in the attack.
It now looks like stolen and legitimate but mistakenly unrevoked credentials were the main agents in the attack.
The taunts posted to Aviva devices after Neale's hack
Neale also used a fake identity he'd created within Esselar's system to reject former colleagues' expense claims. In addition, he hijacked the firm's Twitter account, replacing its logo with a bleeding heart – a calling card designed to signal that the account had been pwned.
The IT industry was reeling with the Heartbleed vulnerability at the same time, so the choice of logo was designed to alarm.
The 40 year old had pleaded guilty to four counts of "unauthorised acts with intent to impair, or with recklessness as to impairing, operation of computer" at an earlier hearing. Guildford Crown Court heard that Neale hacked into his former company's systems over a five-month period.
Sentencing, Judge Neil Stewart said: "You parted on terms and in circumstances that left you nursing resentment. The prosecution describe these offences as revenge... it was plainly borne of your resentment."
Esselar rebranded as Mobliciti back in March. ®
Biting the hand that feeds IT
