Jason Cornish, 37, pleaded guilty Tuesday in New Jersey to crippling the network of Shionogi, a subsidiary of a Japanese pharmaceutical company that has offices in New Jersey and Georgia. Cornish apparently hacked the company after a friend of his was fired from the firm.
According to court documents (.pdf), Cornish used legitimate credentials to log into the company’s network Feb. 3 at around 6 a.m., then proceeded to systematically delete the contents of 15 virtual hosts on the network. These included the company’s e-mail and BlackBerry servers, as well as its order-tracking system and financial-management software.
“The Feb. 3 attack effectively froze Shionogi’s operations for a number of days, leaving company employees unable to ship product, to cut checks, or even to communicate via e-mail,” according to the complaint filed against him, which asserted that the hack cost Shionogi about $300,000. That figure rose to $800,000 in later court documents.
Cornish had worked for the company for about a year before resigning in July 2010 over a dispute with a senior manager. After he resigned, his former supervisor and close friend, who is identified in court documents only as B.N., convinced the company to keep Cornish on as a consultant until September 2010, due to his extensive knowledge of the company’s network. It was that knowledge that eventually helped him swiftly locate and erase the servers he targeted in his attack.