Following Data Theft, NJ Hacker Sentenced
The hacker admitted last year that he broke into two companies – one his former employer – and stole more than 15,000 files.
As was expected, a New Jersey man was sentenced to jailtime after admitting he broke into two companies and stole 15,000 files in 2018.
The man, Ankur Agarwal, 45, previously acknowledged that he installed keyloggers at two companies in order to gain a foothold into their networks. From there, he stole employee login credentials and was more or less granted unfettered access to the rest of their systems.
The names of the companies were not disclosed by the Department of Justice's U.S. Attorney's Office, only the fact that one offers telecommunications infrastructure and services to the public.
Agarwal plead guilty to two counts of obtaining information from computers and one count of aggravated identity theft last fall but it wasn’t clear how much time he’d serve until last week in a Newark federal court when the judge presiding over the case, U.S. District Judge Susan D. Wigenton, sentenced Agarwal to 94 months, nearly 8 years, in prison.
In addition to the jail time, Agarwal was also fined $25,000 and sentenced to three years of supervised release.
Agarwal admitted to trespassing onto the first company’s property, transferring and exfiltrating the company's data and information, including its emerging technology by creating malicious computer code designed to exfiltrate data, installing it on the company’s computer systems, and then executing the code to steal and transfer data to himself.
For the second company, like the first, Agarwal physically trespassed onto the company's property and installed keylogger hardware in person. While there, he installed his computer onto the company's network - "concealed in a locked cabinet in an open cubicle" - and stole, transferred and exfiltrated the company's data, which also included “emerging technology.”
While inside the second company, Agarwal also decided to hack into an employee's system in order to create an access badge for himself under that employee's name that allowed him to trespass onto the company's property.
What likely aided Agarwal in hacking into one of the companies was the fact that he used to work there. While it wasn’t mentioned in any of the DOJ's press releases about the incident, a criminal complaint from 2018 points out that Agarwal worked at one of the companies until March 2014 as a network engineer. While he was working for another company - also in the telecommunications industry - at the time of the incident, he likely retained some knowledge about his former employers' IT setup, something which no doubt gave him a leg up when seeking access.
According to the complaint, it wasn't until April 2018 that the company noticed suspicious network traffic on its network and subsequently, malware that "demonstrated a high level of technical sophistication." It's unclear what took the company so long to observe the activity, especially if data was being exfiltrated. With solution in place designed to see and stop data from being accessed, moved, or stolen, the company could have had an earlier indicator that something was awry.