Former Army Contractor Gets Prison Term for Insider AttackJudge Sentences Maryland Man to Two Years in Prison for Causing $1 Million in Damage
A former U.S. Army contractor has been sentenced to two years in federal prison after pleading guilty to an insider attack that caused over $1 million in damages to a Pentagon client of his employer, according to the Department of Justice.
Barrence Anthony, 40, of Waldorf, Maryland, pleaded guilty in May to a single count of unlawfully accessing a protected computer. On Friday, a federal judge in Virginia sentenced the former systems engineer to two years in prison as well as ordering him to pay $50,000 in restitution, according to court documents.
For several years, Anthony worked as an engineer for Federated IT, a federal contractor that provides technology and support services for a number of different military and federal government agencies, according to the Justice Department.
In this case, Federated IT built and maintained financial applications on Microsoft SharePoint instances the U.S. Army's Chaplain Corps Religious Support System, which is based in the Pentagon and provides religious services and support for soldiers, according to court documents. These instances were hosted on Amazon Web Services cloud infrastructure, the documents show.
Federated IT also provided IT support services for about 9,000 people working for the Army's Chaplain Corps, documents show.
In December 2016, Federated IT was preparing to terminate Anthony's employment, but a colleague told him several days in advance of what the company planned, according to the court documents. Over those few days, Anthony started to access the AWS infrastructure for the Army's Chaplain Corps, the documents show.
Since Anthony had access to the master password for the encrypted file that contained all the other Army's Chaplain Corps' passwords, he accessed that account and deleted all the other user and administration accounts from the AWS Management Portal, according to court documents. This meant that all other users were locked out, the documents show.
When his employment was terminated, Anthony failed to provide his credentials to the company when he left, the court records show.
As part of the attack, Anthony also created and registered his own domain and then transferred the ownership of Army's Chaplain Corps website to his personal account. He also created back-up files of data stored on the Corps' AWS servers, according to the court records.
When he was finally fired from his job a few days later, Anthony wiped all the files from the Army's Chaplain Corps' AWS servers and kept the back-up files under his control, the court papers show.
"On December 8, 2016, while the defendant was the sole individual with access to the networks, a sysprep command against a server that was part of the U.S. Army [Chaplain Corps] Web Application System was executed," according to the court documents. "Defendant's action resulted in the loss of all the information on the server causing Victim Company engineers to have to rebuild another test server. Computer logs also showed a login by the defendant to the SharePoint application after he was terminated."
After the FBI was called to investigate, Anthony later told investigators that he accessed the servers, took the data and delated the files to retaliate against his former employer, according to the court records. Overall, the Justice Department estimated the total damage at about $1.1 million, the records show.
Increasing Insider Threats
The federal case against Anthony highlights a growing trend of malicious insiders causing damage to the companies that they work for, according to security experts.
Nearly 20 percent of all cybersecurity incidents, as well as 15 percent of data breaches, that happened in 2018 were the result of either an accidental misstep by an employee or malicious behavior by a current or former worker, according to the Verizon 2019 Data Breach Investigations Report. The study adds that malicious insider behavior has increased at least 50 percent since 2015.
In addition, the average annual cost to businesses from insider threats now stands at over $8 million, according to a report entitled "2018 Cost of Insider Threats Global Organization Report" by the Ponemon Institute.
The cases of insider threats have intensified as employees have become increasingly mobile and hyper-connected, says Steve Durbin, managing director of the Information Security Forum, a London-based cyber, information security and risk management firm.
"Nearly every worker has multiple, interconnected devices that can compromise information immediately and at scale," Durbin says.
Durbin added that the network openings that allow outside attackers to burrow in, infect databases and potentially take down an organization’s file servers, overwhelmingly originate with trusted insiders.
"In some cases, those insiders are driven by malicious intent - the desire to enrich themselves through the sale of sensitive data or to retaliate for a perceived slight or mistreatment," Durbin adds.