A New Jersey man physically installed keyloggers on two rival companies’ networks in order to steal trade secrets, according to newly released court documents.
Ankur Agarwal, 45, of Montville, New Jersey, pleaded guilty to two counts of obtaining information from computers and one count of aggravated identity theft, and is now facing a potential maximum sentence of 12 years behind bars.
According to court documents, he physically entered the company premises in question and installed keyloggers onto computers, in order to obtain usernames and passwords. Targeting specific employees, he was the able to exfiltrate sensitive data on emerging technologies being developed by the firms.
Agarwal also installed his PC and a hard drive onto the companies’ networks as part of his scheme.
He used the same modus operandi to hack both organizations, although in the case of the second company, he also hacked an employee account to create a physical access badge which then allowed him back on the premises to more easily recover the unauthorized devices he’d placed on the network.
Also stolen were thousands of documents containing personal information on employees, including one file with data on 50 senior executives.
As well as the jail time, Agarwal is facing a fine of $250,000, or twice the gross gain or loss from the offense.
The case highlights the need for joined-up security in organizations, of both the IT network and physical infrastructure. Often the two functions operate discretely, which can open up opportunities for bold cyber-criminals.
Similar arguments were made back in April when an alumnus at The College of St. Rose in Albany, New York, pleaded guilty to vandalizing equipment using a malicious USB device. He physically inserted the thumb drive into 59 Windows workstations, seven iMacs and “numerous monitors and digital podiums.”