By Adam E. John
A Hungarian citizen has pleaded guilty to intentionally causing damage by hacking a malicious code to Marriott International computers, and to threatening to reveal confidential information obtained from the company’s computers if Marriott did not offer him a job.
Attila Nemeth, 26, pleaded guilty in the District of Maryland before U.S. District Judge J. Frederick Motz. According to Nemeth’s plea agreement, on Nov. 11, 2010, Nemeth sent an initial email to Marriott personnel, advising that he had been accessing Marriott’s computers for months and had obtained proprietary information. Nemeth threatened to reveal this information if Marriott did not give him a job maintaining the company’s computers. On Nov. 13, 2010, after receiving no response from Marriott, Nemeth sent another email containing eight attachments, seven of which were confirmed as documents stored on Marriott’s computer system. These documents included financial documentation and other confidential and proprietary information. Nemeth admitted that through an infected email attachment sent to specific Marriott employees he was able to install malicious software on Marriott’s system that gave him a “backdoor” into the system. Using the “backdoor,” Nemeth was able to access proprietary email and other files belonging to Marriott.
Marriott created the identity of a fictitious Marriott employee for the use by the U.S. Secret Service in an undercover operation to communicate with Nemeth. Nemeth, believing he was communicating with Marriott human resources personnel, continued to call and email the undercover agent, and demanded a job with Marriott in order to prevent the public release of the Marriott documents. Nemeth emailed a copy of his Hungarian passport as identification and offered to travel to the United States.
On Jan. 17, 2011, Nemeth arrived at Washington Dulles Airport on a ticket purchased by Marriott, for an “employment interview.” The “interview” was conducted by a Secret Service agent assuming the role of the Marriott employee with whom Nemeth believed he had been communicating.
Nemeth faces a maximum penalty of ten years in prison for the transmission of the malicious code and a maximum of five years in prison for threatening to expose confidential and proprietary information if Marriott did not give him a job.
The case is being investigated by the U.S. Secret Service and prosecuted by Special Assistant U.S. Attorney Anthony V. Teelucksingh assigned from the Computer Crime and Intellectual Property Section of the Justice Department’s Criminal Division.