Yovan Garcia, a former private security officer, has been fined $318,661.70 after a California court found him guilty of padding his work hours, hacking the company’s servers to steal data on customers, demolishing the servers in the process, defacing the website, ripping off the proprietary software, and setting up a rival business running on that ripped-off program.
As related in the final judgment in Tyan Inc. v. Yovan Garcia, things first got weird in July 2014. At that point, Garcia had been working at Tyan – doing business as Security Specialists, a private security patrol business in southern California – for about two years.
Operations manager Steve Leon noticed something odd about Garcia’s payroll records. Although Garcia’s schedule showed him having worked typical eight-hour days over two weeks, the proprietary payroll system – which Security Specialists owner Nick Tsotsikyan had created using FileMaker Pro – indicated that Garcia had worked 12 hours per day, for a fat load of 40 hours of overtime pay.
It wasn’t that the payroll program had forgotten how to add. The big paycheck had, rather, been brought about by somebody having tampered with the program’s “Lunch” field. Four hours had been added into that field each day, in black text, on a black backgound, in teensy weensy one-point type. Thus, Garcia was getting paid overtime wages for time he presumably hadn’t worked.
So Leon, his curiosity piqued, pulled the paystub server log, which tracks attempts to log into the payroll database. It showed that the night before, someone had logged in from Garcia’s patrol laptop with an admin’s credentials. Garcia, being a patrol officer, wasn’t authorized to access the payroll database, and nobody had ever granted him admin credentials, but somehow, he’d gotten his hands on them.
So Garcia got sacked. But while Security Specialists was done with Yovan Garcia, Yovan Garcia was certainly not done with Security Specialists.
The company was hacked in October 2014. The attacker accessed and deleted boss Nick Tsotsikyan’s archived emails; server files; accounting software and databases used for accounting, invoices, and payroll; and the FileMaker Pro databases.
One Security Specialists employee, patrol officer Junior Arana, testified that he was on patrol the night of the hack when he noticed somebody was remotely messing with his laptop. He watched the files go: files used to schedule employees, generate and store field security reports, record and search client information, and store service location instructions and service records. As Arana watched, Yovan Garcia’s reprimand file also blinked into the ever after.
Security Specialists’ backup files were also deleted or corrupted, and the attacker was in the process of reformatting the company’s various drives when the intrusion was discovered and the servers yanked away from the internet.
The servers were totaled. The company had to rebuild them from scratch. Everything had to be wiped clean, including the patrol cars’ laptops, and all the programs and data had to be reinstalled. The company testified that it had to replace some software and hardware altogether.
That same week, Security Specialists’ website was vandalized. The header was changed to read “Are you ready”, with a string of five digits that Leon said were the first numbers in his Social Security number. The attacker or attackers also uploaded to the site “a particularly unflattering picture of Leon”, according to court documents.
More embarrassing photos and stories followed, along with a contact email. Served with a subpoena, Google coughed up an IP address connected to that account, and that IP address zeroed in on an address about a block from where Garcia lives.
Garcia went on to start his own security company. He had some nifty software to run it on, too. He showed it to another ex-employee of Security Specialists, James Caspari, who testified that the software looked and worked an awful lot like the Security Specialists system.
Garcia was found guilty of violating the Computer Fraud Abuse Act (CFAA), the Stored Communications Act, the California Computer Data Access and Fraud Act, and misappropriation of trade secrets.
District judge Michael Fitzgerald tallied up all the costs – the blown-up servers, the overtime salary plucked from thin air and manufactured with teensy type, the stolen software and more – and came up with the sum of $318,661.70 in restitution for which Garcia is now responsible.
Anonymous
“The attacker or attackers also uploaded to the site ‘a particularly unflattering picture of Leon’, according to court documents.”
Love the choice of words. Mind is now boggling wondering quite what was ‘particular’ about it :-)
Not knowing much about American legal systems I don’t know what happens if Garcia won’t, or simply can’t, come up with the 300 large ones. Is paying over the money his way to stay out of jail?
jkwilborn
I think you would have to look at the judges orders to satisfy that question in his case. Usually when you have a criminal fine, it’s in leu of jail time. I’m confident if he doesn’t come up with something, then he’ll be viewing the world from between bars (hopefully.)
Bryan
Well, the lunch pay field is black on black, plus it’s tiny. No one will notice the CSS difference, so no one in payroll will notice either. Sounds legit. Garcia increased his hours by 50% (and a single paycheck by 75%). I suppose he’d struggle with the definition of subtle. :-)
Also clear he’s seen neither “Superman III” nor “Office Space”…nor the myriad other programs depicting similar concepts which fail to adhere strictly to a clandestine plan. I myself don’t think enough like a criminal to be a good thief, but some principles are patently clear…stealing a thousand bucks** in one week is not so stealthy. Neither is copying software and showing off the proof.
Moral is, when you fire someone ensure they’re too broke to hire an intrusion specialist–because we know he didn’t do this on his own.
yikes.
** $960 stolen based on $16/hr standard pay
Max
“Moral is, when you fire someone ensure they’re too broke to hire an intrusion specialist–because we know he didn’t do this on his own.” Do we?
Bryan
Been away awhile, sorry for the delay.
I believe so–at least the duplicate software part. He likely tripped over the admin passwd on a sticky note and (flying solo) got himself fired.
Bumping a single paycheck by 75% is clearly not the sort of red flag everyone can anticipate, but certainly to someone who can re-skin software. His hired coder might have advised, “um dude, maybe you should spread it over four paychecks.”