FOR IMMEDIATE RELEASE
December 9, 2011
NEWARK, N.J. – A Georgia man who froze the operations of a New Jersey pharmaceutical company where he had worked by hacking into its computer network and deleting portions of it was sentenced today to 41 months in prison, U.S. Attorney Paul J. Fishman announced.
Jason Cornish, 37, of Smyrna, Ga., was sentenced by U.S. District Judge Stanley R. Chesler in Newark federal court. Cornish had previously admitted in court that he executed the attack, pleading guilty to an Information charging him with knowingly transmitting computer code with the intent to damage computers in interstate commerce.
According to documents filed in this case and statements made in court:
Cornish was an information technology employee at Shionogi Inc., a United States subsidiary of a Japanese pharmaceutical company with operations in New Jersey and Georgia. In late September 2010, shortly after Cornish had resigned from Shionogi, the company announced layoffs that would affect an individual identified in court documents as B.N., Cornish’s close friend and former supervisor.
In the early morning hours of Feb. 3, 2011, Cornish gained unauthorized access to Shionogi’s computer network. Cornish used a Shionogi user account to access a Shionogi server, then took control of a piece of software that he had secretly installed on the server several weeks earlier.
Cornish used the secretly installed software program to delete the contents of each of 15 “virtual hosts” on Shionogi’s computer network. These 15 virtual hosts (subdivisions on a computer designed to make it function like several computers) housed the equivalent of 88 different computer servers. Cornish used his familiarity with Shionogi’s network to identify each of these virtual hosts by name or by its corresponding Internet Protocol address.
The deleted servers housed most of Shionogi’s American computer infrastructure, including the company’s e-mail and Blackberry servers, its order tracking system, and its financial management software. The attack effectively froze Shionogi’s operations for a number of days, leaving company employees unable to ship product, cut checks, or communicate by email. Shionogi sustained approximately $800,000 in losses responding to the attack, conducting damage assessments and restoring the company’s network to its prior condition.
The investigation by the FBI’s Cyber Crimes Task Force revealed that the attack originated from a computer connected to the wireless network of a McDonald’s restaurant in Smyrna, where Cornish had used his credit card to make a purchase minutes before the attack. Cornish also gained unauthorized access to Shionogi’s network from his home Internet connection using administrative passwords to which he had access as an employee.
In addition to the prison term, Judge Chesler sentenced Cornish to three years of supervised release and ordered him to make restitution of $812,567. The judge also prohibited Cornish from working in capacity that would give him access to computer network infrastructure.
U.S. Attorney Fishman thanked special agents of the FBI’s Cyber Crimes Task Force, under the direction of Special Agent in Charge Michael B. Ward in Newark; and in Atlanta, under the direction of Special Agent in Charge Brian D. Lamkin, with the investigation leading to today’s sentence. He also thanked Shionogi Inc. officials for coming forward and cooperating with the investigation.
The government is represented by Assistant U.S. Attorney Seth B. Kosto of the U.S. Attorney’s Office Computer Hacking and Intellectual Property Section in the Office’s Economic Crimes Unit in Newark.
Defense counsel: Richard V. Merritt Esq., Smyrna