FOR FURTHER INFORMATION CONTACT
AUSA VICKIE E. LEDUC or
MARCIA MURPHY at 410-209-4885
FEBRUARY 3, 2012
FOR IMMEDIATE RELEASE
HUNGARIAN CITIZEN SENTENCED FOR HACKING INTO MARRIOTT COMPUTERS TO EXTORT EMPLOYMENT FROM THE COMPANY
Marriott Incurred Approximately $1 Million to Engage Over 100 Employees and Consultants
to Discover the Scope of Computer Intrusion and Identify Proprietary Information
That Was Compromised by a Computer Hacker in Hungary
Baltimore, Maryland - U.S. District Judge J. Frederick Motz sentenced Attila Nemeth, age 26, a Hungarian citizen, today to 30 months in prison followed by three years of supervised release for transmitting a malicious code to Marriott International Corporation (Marriott) computers and threatening to reveal confidential information obtained from the company’s computers if Marriott did not offer him a job.
The sentence was announced by United States Attorney for the District of Maryland Rod J. Rosenstein; Assistant Attorney General Lanny A. Breuer of the Criminal Division of the Department of Justice; and Special Agent in Charge David Beach of the United States Secret Service – Washington Field Office.
According to Nemeth’s plea agreement, on November 11, 2010, Nemeth emailed Marriott personnel advising that he had been accessing Marriott’s computers for months and had obtained proprietary information. Nemeth threatened to publicly reveal this information if Marriott did not give him a job maintaining the company’s computers. On November 13, 2010, after receiving no response from Marriott, Nemeth sent another email containing eight attachments, seven of which were confirmed as documents stored on Marriott’s computer system. These documents included financial information, and other confidential and proprietary information. Nemeth admitted that through an infected email attachment sent to specific Marriott employees, he was able to install malicious software on Marriott’s system that gave him a “backdoor” into the system. Using the “backdoor,” Nemeth was able to access proprietary email and other files belonging to Marriott.
On November 18, 2010, Marriott created the identity of a fictitious Marriott employee for the U.S. Secret Service to use as an undercover operation to communicate with Nemeth. Nemeth, believing he was communicating with Marriott human resources personnel, continued to call and email the undercover, and demanded a job. Nemeth emailed a copy of his Hungarian passport as identification and offered to travel to the United States.
On January 17, 2011, Nemeth arrived at Washington Dulles Airport for an “employment interview.” A Secret Service agent conducted the interview by assuming the role of the Marriott employee with whom Nemeth believed he had been communicating. During the course of the interview, Nemeth admitted that he accessed Marriott’s computer systems from Hungary; stole Marriott’s confidential and proprietary information; and emailed Marriott threatening to publicly release Marriott’s data unless Marriott gave him a job. To further prove his identity as the perpetrator, Nemeth demonstrated exactly how he accessed the Marriott network; his continued ability to access the Marriott network; and the location of the stolen Marriott proprietary data on a computer server located in Hungary.
As a result of the compromise of its computer network, Marriott was compelled to engage more than 100 of its employees in a thorough search of its network to determine the scope of the compromise and to identify the data that may have been compromised. The loss to Marriott as a result of the damage caused by Nemeth is approximately $1 million in salaries, consultant expenses, and other costs associated with Nemeth’s intrusion.
Today’s sentence is an example of the type of efforts being undertaken by the Department of Justice Task Force on Intellectual Property (IP Task Force). Attorney General Eric Holder created the IP Task Force to combat the growing number of domestic and international intellectual property crimes, protect the health and safety of American consumers, and safeguard the nation’s economic security against those who seek to profit illegally from American creativity, innovation and hard work. The IP Task Force seeks to strengthen intellectual property rights protection through heightened criminal and civil enforcement, greater coordination among federal, state and local law enforcement partners, and increased focus on international enforcement efforts, including reinforcing relationships with key foreign partners and U.S. industry leaders. To learn more about the IP Task Force, go to http://www.justice.gov/dag/iptaskforce/.
United States Attorney Rod J. Rosenstein commended the U.S. Secret Service for its work in the investigation and thanked Special Assistant United States Attorney Anthony V. Teelucksingh assigned from the Department of Justice Criminal Division’s Computer Crime and Intellectual Property Section, who prosecuted the case.