Laid-off sysadmin admits blackmailing mutual fund company

Computerworld - A systems administrator pleaded guilty in a federal court yesterday to charges that he tried to extort an undisclosed amount of money and even forcibly secure good job references from a New York-based mutual fund company that had just laid him off.

Investigators asked that the mutual fund company not be identified.

Viktor Savtyrev, of Old Bridge, N.J., pleaded guilty to cyber extortion in U.S. District Court in Newark, N.J. Under the plea agreement, Savtyrev, also known as Victor Savturev, faces a suggested sentence of up to five years in federal prison and a fine of $250,000.

His sentencing hearing is scheduled for Aug. 24, according to Assistant U.S. Attorney Seth Kosto.

Savtyrev was employed as a systems administrator at the company before he and nine fellow employees were laid off last Nov. 5. All of the laid-off workers were given a severance package, according to a criminal complaint filed with the courts.

Kosto said that with the slumping economy causing layoffs in a variety of industries, companies should be extra cautious about securing their networks.

"Certainly, companies need to be extra vigilant," he said. "We continue to encourage companies to be extra cautious and monitor carefully their procedures regarding laid-off employees. And they need to call the authorities at the first threat."

Late on the morning of Thursday, Nov. 6, Savtyrev used a Gmail account to e-mail the company's general counsel and three other employees, saying he was "not satisfied with the terms" of his severance, FBI Special Agent Gerald Cotellesse wrote in the complaint. The FBI charged that Savtyrev threatened to cause extensive damage to the company's computer servers if it didn't increase his severance pay, extend his medical coverage and provide "excellent" job references.

The sysadmin also threatened to alert the media after attacking the server.

According to the complaint, the company contacted law enforcement personnel the day of Savtyrev's first threat. That evening, at the direction of investigators, a company employee recorded a phone call in which Savtyrev repeated his demands. During the call, he also said he would get his "comrades from Belarus" to help him hack into the company's servers, the complaint said.

Savtyrev sent a second e-mail to the company on Friday, Nov. 7, and in a taped phone conversation that evening agreed to show company officials how he could exploit the systems in return for meeting his demands, the complaint said.

The criminal complaint notes that he sent a third e-mail on Saturday saying he had opened several back doors in the company's systems and it would take months to find them.

Assistant U.S. Attorney Erez Liebermann, who also worked on the case, noted in an earlier interview that with a rocky economy and increased layoffs, companies need to shore up their defenses by shutting down internal and remote access immediately upon terminating a worker, monitoring system logs for any anomalies, adding extra layers of security and having a process in place for quickly reporting any threats or breaches to law enforcement agencies.

"And it's important that they report instances like this before they go from a threat to a loss of data," he added.