A San Francisco man who worked at First Republic Bank as a cloud services engineer threw the bank's internal software development infrastructure into chaos in retaliation for being fired. The management was forced to part with a valuable employee by complaints from the information security department, which recorded cases of a man connecting dubious USB flash drives with pornographic content to his work laptop. The technician will spend the next two years of his life behind bars and will have to pay huge monetary compensation.
To prison for insider attack on a bank
A former engineer at a large American bank, First Republic Bank (FRB), was sent to prison for two years, The Register writes. By his actions, he caused colossal damage to the IT systems of the financial organization. The specialist, in retaliation for his dismissal, destroyed the bank’s software development infrastructure, using a working MacBook that was not deprived of access to the corporate network in time.
38-year-old resident of San Francisco (California) Miklos Daniel Brody pleaded guilty in April 2023 to two counts of violating the US Computer Fraud and Abuse Act (CFAA) . The man was charged with obtaining information and intentionally causing damage to a protected computer. Also in the court documents there is an episode of giving false testimony - Brody also agreed to the charge on this point.
The judge sentenced Brody to a term of imprisonment of two years, and also ordered him to pay compensation to the injured party in the amount of about $529.3 thousand. Upon release, the technical specialist who served his sentence will be under the supervision of law enforcement agencies for the next three years.
Beginning of conflict, dismissal
At First Republic Bank, Brody served as a cloud services engineer until March 11, 2020. It was on this day that he was fired for violating company rules. The engineer’s problems began in early March 2020, when the bank’s information security department became aware of his misuse of the financial institution’s property.
The specialist, in violation of security protocols, allegedly connected various flash drives containing information of dubious origin, including pornographic content, to his work laptop.
Information about Brody's misconduct was conveyed by the information security team to senior management.
The negligent employee was called to the carpet by the bank's vice president for human resources, in a conversation with whom he explained that the USB flash drives that he was viewing on his work computer were given to him by some “friends” and, as he had previously thought, the film "The Matrix". According to Brody, the drives ended up connected to a laptop issued to employers due to a misunderstanding.
The day after the unpleasant conversation, the engineer sent an e-mail to the vice president in which he lamely tried to explain what had happened, including mentioning a momentary clouding of reason that he experienced as a result of illness and which led to making a “mistake” in the process of “organizing content "on a work PC during the weekend.
The message did not impress the boss and on the same day he was fired during a meeting with management and then expelled from the bank territory. The big bosses demanded that Brody return the MacBook issued by the financial institution by mail, since he did not take it to the event, despite the corresponding order from the management.
Terrible revenge
Instead, Brody returned home, turned on the laptop, which for some unknown reason still had access to the bank's internal network, and, in retaliation for his dismissal, began to wreak havoc on the systems and services used by First Republic Bank. The engineer's authority was revoked only two hours later.
According to court materials, Brody connected to the FRB network through a corporate VPN - to a special installation server (Jumpbox), which allowed him to access accounts in the Devbox and Github services owned by the bank.
Next, he deployed malware on the system, left a few “hellos” in the code for his former colleagues, and also deleted some of the contents of the repositories and system logs. In addition, Brody “broke” Ansible Tower (a graphical interface to the Ansible configuration management system), deprived users of access to one of the banking services that used the Amazon Web Services infrastructure, and caused damage to “certain areas” of the IT environment. Finally, he mailed himself a copy of the program code that he personally worked with as part of the development of one of the banking subsystems, before his dismissal. The cost of the code was estimated at $5 thousand.
Excuses, lies and sad consequences
Even though Brody was logging in using his personal ID, he still attempted to impersonate another bank employee who had recently been promoted and could, in theory, have similar access rights.
It is noteworthy that even after such a manifestation of digital aggression, FRB did not give up trying to reason with Brody. Representatives of the bank's HR department contacted him by phone and firmly demanded that the fired specialist hand over the device belonging to his ex-employer. He, in turn, ignored the demand and burst out with another email, in which one could clearly sense notes of resentment. The man complained about the unfair treatment of him as an impeccable professional, as well as the difficult financial situation into which he was plunged due to the fault of FRB - and even against the backdrop of the then coronavirus outbreak.
Over the course of several weeks, Brody found more and more reasons for the inability to return the corporate laptop. He even contacted the local police to report the loss of the device, which was allegedly stolen from his car while it was parked near the fitness center.
The facts stated in the statement turned out to be a lie, which Brody subsequently repeated during interrogation with the participation of a representative of the US Secret Service (investigates some cybercrimes; - CNews note). This made it possible to prosecute a former FRB employee for giving false testimony.
FRB estimated the total damage caused to the bank by the actions of the ex-employee at $220 thousand. The judge in the case against Brody agreed with this assessment.
FRB takeover of JPMorgan Chase
It is also noteworthy that First Republic Bank survived only a few years after the cyber incident caused by Brody. Less than a month after the man was indicted, the San Francisco-based commercial bank, which collapsed in the early 2023 U.S. banking crisis, was swallowed up by financial giant JPMorgan Chase. However, there is probably no direct connection between these two events.
A similar fate befell the main venture bank of Silicon Valley - Silicon Valley Bank (SVB) - in the spring of 2023.
To prison for insider attack on a bank
A former engineer at a large American bank, First Republic Bank (FRB), was sent to prison for two years, The Register writes. By his actions, he caused colossal damage to the IT systems of the financial organization. The specialist, in retaliation for his dismissal, destroyed the bank’s software development infrastructure, using a working MacBook that was not deprived of access to the corporate network in time.
38-year-old resident of San Francisco (California) Miklos Daniel Brody pleaded guilty in April 2023 to two counts of violating the US Computer Fraud and Abuse Act (CFAA) . The man was charged with obtaining information and intentionally causing damage to a protected computer. Also in the court documents there is an episode of giving false testimony - Brody also agreed to the charge on this point.
The judge sentenced Brody to a term of imprisonment of two years, and also ordered him to pay compensation to the injured party in the amount of about $529.3 thousand. Upon release, the technical specialist who served his sentence will be under the supervision of law enforcement agencies for the next three years.
Beginning of conflict, dismissal
At First Republic Bank, Brody served as a cloud services engineer until March 11, 2020. It was on this day that he was fired for violating company rules. The engineer’s problems began in early March 2020, when the bank’s information security department became aware of his misuse of the financial institution’s property.
The specialist, in violation of security protocols, allegedly connected various flash drives containing information of dubious origin, including pornographic content, to his work laptop.
Information about Brody's misconduct was conveyed by the information security team to senior management.
The negligent employee was called to the carpet by the bank's vice president for human resources, in a conversation with whom he explained that the USB flash drives that he was viewing on his work computer were given to him by some “friends” and, as he had previously thought, the film "The Matrix". According to Brody, the drives ended up connected to a laptop issued to employers due to a misunderstanding.
The day after the unpleasant conversation, the engineer sent an e-mail to the vice president in which he lamely tried to explain what had happened, including mentioning a momentary clouding of reason that he experienced as a result of illness and which led to making a “mistake” in the process of “organizing content "on a work PC during the weekend.
The message did not impress the boss and on the same day he was fired during a meeting with management and then expelled from the bank territory. The big bosses demanded that Brody return the MacBook issued by the financial institution by mail, since he did not take it to the event, despite the corresponding order from the management.
Terrible revenge
Instead, Brody returned home, turned on the laptop, which for some unknown reason still had access to the bank's internal network, and, in retaliation for his dismissal, began to wreak havoc on the systems and services used by First Republic Bank. The engineer's authority was revoked only two hours later.
According to court materials, Brody connected to the FRB network through a corporate VPN - to a special installation server (Jumpbox), which allowed him to access accounts in the Devbox and Github services owned by the bank.
Next, he deployed malware on the system, left a few “hellos” in the code for his former colleagues, and also deleted some of the contents of the repositories and system logs. In addition, Brody “broke” Ansible Tower (a graphical interface to the Ansible configuration management system), deprived users of access to one of the banking services that used the Amazon Web Services infrastructure, and caused damage to “certain areas” of the IT environment. Finally, he mailed himself a copy of the program code that he personally worked with as part of the development of one of the banking subsystems, before his dismissal. The cost of the code was estimated at $5 thousand.
Excuses, lies and sad consequences
Even though Brody was logging in using his personal ID, he still attempted to impersonate another bank employee who had recently been promoted and could, in theory, have similar access rights.
It is noteworthy that even after such a manifestation of digital aggression, FRB did not give up trying to reason with Brody. Representatives of the bank's HR department contacted him by phone and firmly demanded that the fired specialist hand over the device belonging to his ex-employer. He, in turn, ignored the demand and burst out with another email, in which one could clearly sense notes of resentment. The man complained about the unfair treatment of him as an impeccable professional, as well as the difficult financial situation into which he was plunged due to the fault of FRB - and even against the backdrop of the then coronavirus outbreak.
Over the course of several weeks, Brody found more and more reasons for the inability to return the corporate laptop. He even contacted the local police to report the loss of the device, which was allegedly stolen from his car while it was parked near the fitness center.
The facts stated in the statement turned out to be a lie, which Brody subsequently repeated during interrogation with the participation of a representative of the US Secret Service (investigates some cybercrimes; - CNews note). This made it possible to prosecute a former FRB employee for giving false testimony.
FRB estimated the total damage caused to the bank by the actions of the ex-employee at $220 thousand. The judge in the case against Brody agreed with this assessment.
FRB takeover of JPMorgan Chase
It is also noteworthy that First Republic Bank survived only a few years after the cyber incident caused by Brody. Less than a month after the man was indicted, the San Francisco-based commercial bank, which collapsed in the early 2023 U.S. banking crisis, was swallowed up by financial giant JPMorgan Chase. However, there is probably no direct connection between these two events.
A similar fate befell the main venture bank of Silicon Valley - Silicon Valley Bank (SVB) - in the spring of 2023.
