A criminal complaint was unsealed today in federal court in the Eastern District of New York charging Michael Meneses with hacking into the computer network of a company that manufactures high-voltage power supplies, causing the company over $90,000 in damage. Meneses was arrested earlier today in Smithtown, Long Island, and his initial appearance is scheduled for this afternoon before United States Magistrate Judge Gary Brown at the United States Courthouse, 100 Federal Plaza, Central Islip, New York. The charges were announced by Loretta E. Lynch, United States Attorney for the Eastern District of New York, and George C. Venizelos, Assistant Director in Charge, Federal Bureau of Investigation, New York Field Office.
According to the complaint, until January 2012, Meneses was employed at the victim company as a software programmer and system manager specializing in developing and customizing the software that the company used to run its business operations. A specialist in “enterprise resource planning” who had worked at the victim company for years, Meneses was one of two employees who were primarily responsible for ensuring that the software that drove the company’s manufacturing business—including its production planning, purchasing, and inventory control—operated efficiently. Meneses’ responsibilities gave him high-level access to the company’s computer network.
As alleged in the complaint, Meneses, who had voiced displeasure at having been passed over for promotions, tendered his resignation from the victim company in late December 2011, giving two weeks’ notice. After his network access was terminated, Meneses launched a three-week campaign to inflict damage on the company by gaining unauthorized access to its network and sabotaging the company’s business. Meneses employed various high-tech methods to hack into the victim company’s network and steal his former colleagues’ security credentials, including writing a program that captured user log-in names and passwords. Meneses then used the security credentials of at least one former colleague to remotely access the network via a virtual private network (VPN) from Meneses’s home and from a hotel located near his new employer, corrupting the network. Meneses’ efforts ranged from using a former colleague’s e-mail account to discourage new applicants from taking Meneses’s position, to sending commands to alter the business calendar by one month, disrupting the company’s production and finance operations. The victim company suffered over $90,000 in damages as a result of Meneses’s intrusions.
“As the complaint alleges, the defendant engaged in a 21st Century campaign of cyber-vandalism and high-tech revenge, hacking into the computer network of his former employer to disrupt its operations, thereby causing tens of thousands of dollars in damage,” stated United States Attorney Lynch. “We will hold accountable any individual who victimizes others by exploiting computer network vulnerabilities.”
FBI Assistant Director in Charge Venizelos stated, “Bent on revenge, the defendant exploited his access and his technical know-how to sabotage his former employer. As alleged, he caused significant disruption and monetary damage. The FBI is committed to vigorous enforcement of laws governing computer intrusions.”
If convicted, the defendant faces a statutory maximum sentence of years’ imprisonment, a $250,000 fine, and restitution.
The government’s case is being prosecuted by Assistant United States Attorneys Cristina M. Posa and Charles N. Rose.
SOURCE: FBI and U.S. Attorney’s Office, Eastern District of New York
The complaint is not yet available on PACER at the time of this posting. Although the press release does not name the firm, the New York Times reports it as Spellman High Voltage Electronics Corporation in Hauppauge, Long Island.