Guilty Plea in Drug Company Hack

Prosecutors Say Georgia Man Froze Shionogi Computers
Guilty Plea in Drug Company Hack
A Georgia man has entered a guilty plea in a hacking case that involved freezing the computer operations of a pharmaceutical company earlier this year.

Jason Cornish pleaded guilty to a charge of knowingly transmitting computer code with the intent to damage computers in interstate commerce, according to the U.S. Attorney's Office for the District of New Jersey. The charge carries a potential maximum penalty of 10 years in prison and a $250,000 fine. Sentencing is slated for Nov. 10.

Prosecutors say Cornish, a former IT staff member at Japanese pharmaceutical company Shionogi Inc., which has U.S. offices in New Jersey and Georgia, hacked the firm's computers Feb. 3 using a wireless network connection at a McDonald's restaurant.

He gained unauthorized access to the company's computer network, used a user account to access a server and then took control of a piece of software that he had secretly installed on the server several weeks earlier. He then used that software to delete the contents of each of 15 virtual hosts on Shionogi's computer network. These 15 virtual hosts, subdivisions on a computer designed to make it function like several computers, housed the equivalent of 88 servers. Prosecutors say Cornish used his familiarity with the network to identify each of these virtual hosts by name or by its Internet Protocol address.

The deleted servers housed most of Shionogi's American computer infrastructure, including the company's e-mail and Blackberry servers, order tracking system and financial management software. The attack froze the company's operations for a number of days, leaving employees unable to ship products, cut checks or communicate via e-mail. The security incident led to about $800,000 in expenses for the company, including responding to the attack, conducting damage assessments and restoring the company's network, prosecutors say.

In speculating about a motive, prosecutors note that in late September 2010, shortly after Cornish had resigned from the firm, Shionogi announced layoffs that would affect one of Cornish's close friends.


About the Author

Howard Anderson

Howard Anderson

News Editor, ISMG

Howard J. Anderson is news editor of Information Security Media Group and was founding editor of HealthcareInfoSecurity and DataBreachToday. He has more than 34 years of journalism experience, with a focus on healthcare information technology issues. Before launching HealthcareInfoSecurity, he served as founding editor of Health Data Management magazine, where he worked for 17 years, and he served in leadership roles at several other healthcare magazines and newspapers.




Around the Network