A former Cox Communications IT systems administrator has been sentenced to five months in federal prison for remotely shutting down portions of the company's system – including 911 emergency services – after being asked to resign his position.
William Bryant, 38, of Norcross, Ga., was sentenced Thursday by U.S. District Judge Thomas Thrash to five months in prison, five months of home confinement, two years of supervised release and ordered to perform 200 hours of community service and pay nearly $15,500 in restitution.
Bryant pleaded guilty last September to one count of knowingly causing the transmission of information to a computer used in interstate commerce and, as a result, causing damage to that computer.
Cox customers in Texas, Las Vegas, New Orleans and Baton Rouge, La., lost internet and telecommunications service, including access to 911, for hours after Bryant hacked into his former employer's network, according to U.S. Attorney David Nahmias.
“Hacking, or intruding into and causing damage to a computer system, is a serious federal offense,” Nahmias said in a news release. “Hacking causes particular dangers to our nation's critical infrastructure and we will prosecute such attacks aggressively.”
Bryant had faced 10 years in prison and a fine of up to $250,000.
Cox spokesman David Grabert told SCMagazineUS.com today that his company is “pleased” by the court's decision.
Mark McClain, CEO and founder of SailPoint Technologies, a risk-management vendor, told SCMagazineUS.com today that privileged users, such as IT pros, can do more damage to a company than outsiders.
“There's a hard problem today, which is that you have to give some people a lot of access to do their jobs,” he said. “It's like the janitor – the guy has a lot of keys and if he ever wanted to abuse his power, he could.”
Phil Neray, vice president of marketing at data security vendor Guardium, said administrators need to be able to quickly observe strange behavior from other employees to prevent similar incidents.
“I think the moral of the story is that privileged users are given a high amount of power that they need to have as a part of their jobs,” he said. “As a result, when you have a disgruntled employee, you have to be able to quickly determine anomalous behavior.”