Jason Needham, 45, of Arlington, Tennessee was sentenced last week to 18 months in prison and two years of supervised release for hacking his former company’s FTP server and the email account of one of his former colleagues.
Needham did all the hacking after he left his former employer, Allen & Hoshall (A&H), a design and engineering firm for which he worked until 2013. Needham left to create his own company named HNA Engineering together with a business partner. HNA is also a design and engineering firm.
According to court documents obtained by Bleeping Computer, between May 2014 and March 2016, Needham hacked into the email account of one of his former co-workers.
Needham hacked one former co-worker, tried to hack other three
From this account, the FBI says Needham took sensitive business information, company fee structures, marketing plans, project proposals, and lists of credentials for A&H’s FTP server.
A&H rotated its FTP credentials every six months, but Needham acquired new logins from his former colleague’s email account.
Investigators said they found email access logs that tied Needham home, work, and smartphone IP address to the hacked email account. The FBI also says he also tried and failed to access the accounts of three other former co-workers.
Needham stole CAD designs, business files
In addition, Needham used the stolen credentials to access the FTP server of his former company from where he retrieved 82 AutoCAD files containing rendered engineering and design schematics for A&H projects, and more than 100 PDF files containing his former employer’s project proposals and budgetary documents.
According to investigators, the value of the proprietary info contained in those documents was between $250,000 and $550,000.
Needham’s HNA partner knew of the intrusions and tried to deter Needham from accessing and downloading files from his former employer.
According to Needham’s guilty plea, his partner warned against his actions by comparing his behavior to the hacking scandal involving the St. Louis Cardinals and the Houston Astros, pointing out that accessing a database at a former employer is illegal, even if Needham felt he somehow owned some of the files he took.
Needham unmasked by suspicious customer
Everything fell apart when one of A&H’s clients received a business project proposal that contained language similar to A&H’s original pitch. The client told A&H who contacted the FBI.
Authorities charged Needham in April, and he immediately pleaded guilty.
“We are grateful that the government conducted such a prosecution in this case,” an Allen & Hoshall spokesperson said after Needham’s sentencing on August 4. “We believe the Court’s sentence will send a clear message to Mr. Needham and the greater business community that cybercrimes, electronic snooping and otherwise accessing electronic information without authorization are real crimes that are unacceptable under the law and are subject to severe penalties.”
Working as a cyber security solutions architect, Alisa focuses on bug bounty and network security. Before joining us she held a cyber security researcher positions within a variety of cyber security start-ups. She also experience in different industry domains like finance, healthcare and consumer products.